Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VMXclient+ SMARTsvc + igfxmtc+ Browser timing out + HELP!!


  • This topic is locked This topic is locked
30 replies to this topic

#1 CFKBOSTON

CFKBOSTON

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Boston, MA
  • Local time:04:31 PM

Posted 29 December 2017 - 11:02 AM

  Hello All!
I am not new to the forums, but a new member.  In November member Seavote posted with Master Surgeon General (the malware GURU) similar problems, but not as deep and severe a situation as I have now.


Last week I was downloading a new program.  To be safe, I created a restore
point before the DL..  (which is useless now., because I got slammed with trojans and malware!)


*System Restore is disabled and is probably turned off; if I can ever access it again.

Here are my symptoms and what I have attempted to do to resolve the problems:
December  17, 2017

I first saw VMXclient when my internet and some of my programs were lagging.  After I
had downloaded and tried to install a program for my phone.

2 days later my laptop was getting worse, and i noticed igfxmtc (Gen.Variant.Zusy267905) in processes as well as
mbaszei.exe  (Gen.Variant.Johnnie75314, Heur:Trojan.Win32.Generic. Mal/Generic-S)

---both of which I could NOT "END processes" and access was denied when I tried to delete or rename file.  
Also I was Unable to take ownership of file or folder- Said Unknown Owner.

2017-12-19 09:53 - 2017-12-21 03:25 - 000000000 ____D
C:\Users\John\AppData\Local\igfxmtc

I followed the vmx removal instructions from BC to no avail.

1. Tried Bit Defender boot up scan, and discovered GEN:Trojan.Heur.TP.bmW@bCZc7ih
    could not delete, disinfect or rename file after many tries.  
2. Searched Registry for Vmx and all its aliases, could not find anything in executible forms.
3. Searched Registry for trojan Heur. came up with nothing.
4. System Restore would not run, even in safe mode.
5. Today, after 10 days in Bit Defender boot up mode, I managed to delete the mbaszei
folder (print driver process)

6. Many of the AV/ Malware scanning programs would NOT run because of malware preventing this.

 Internet access via browsers kept on timing out.  I could ping IPs and sites with no packets
lost, but Browsers did not work.   I am able to get internet access with firefox ONLY in
SAFE mode with NETWORKING, but NOT in normal Windows mode.  (keeps timing out)

7. I uninstalled Google Chrome and Opera, due to too many redirects.
8. Uninstalled Malwarebytes and tried to run spyhunter,-- infection prevented installation.
9. Reinstalled Malwarebytes.
10. msconfg, disabled many unnecessary start up programs.

I have followed all removal steps but vmx is still on my laptop.


I have overkill malware removal apps downloaded now, and they still do not remove the

vmx client, or other registry entries (rootkits) etc.

I am attaching my FRST.txt,  addition.txt as well as Rkill, and MBAM logs.

Any help would be much appreciated!  I am ready to toss the laptop against the wall a

couple of times~

just ran Hitman again for fun......

Hitman Pro just found another 103 items!  inc. Gen.Variant.Johnnie, Heur:Trojan.Win32.Generic

nvhptou,exe, more than one cloaker/RK which is hidden/invisible was also listed.

FP? FRST64.exe Gen.variant.strictor153937

ill attach the hitman log as well.  OH MY, what a mess!

Thank you in advance!

CFK
Attached File  FRST.txt   43.57KB   10 downloadsAttached File  Addition.txt   52.74KB   6 downloadsAttached File  HitmanPro_20171228_0927.log   81.45KB   0 downloadsAttached File  Rkill.txt   2.54KB   1 downloadsAttached File  MBAM custom scan 12-29-2017.txt   1.34KB   0 downloads


 

Attached Files


Edited by CFKBOSTON, 29 December 2017 - 11:06 AM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:31 PM

Posted 29 December 2017 - 05:17 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:
  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)
Let's begin... :)
  • Highlight the entire content of the quote box below.

Start::
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
C:\Windows\system32\drivers\wedilosv.sys
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
CustomCLSID: HKU\S-1-5-21-142472965-594336474-3460442192-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-142472965-594336474-3460442192-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => No File
(Farbar) C:\Users\John\AppData\Local\Temp\2E80.tmp.exe
2017-12-27 23:46 - 2017-12-27 23:46 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\2E80.tmp.exe
2017-12-27 17:13 - 2017-12-27 17:13 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\John\AppData\Local\Temp\4DD2.tmp.exe
2017-12-27 17:17 - 2017-12-27 17:17 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\John\AppData\Local\Temp\7DC.tmp.exe
2017-12-27 22:00 - 2017-12-27 22:00 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\8A06.tmp.exe
C:\Users\John\AppData\Local\Temp\DAF3.tmp.exe
C:\Users\John\AppData\Local\Temp\DAF3.tmp.exe
C:\Users\John\AppData\Local\Temp\57A1.tmp.exe
C:\Users\John\AppData\Local\Temp\57A1.tmp.exe
C:\Users\John\AppData\Local\Temp\2E80.tmp.exe
C:\Users\John\AppData\Local\Temp\*.tmp.exe
2017-12-17 17:34 - 2017-12-17 17:34 - 000013611 _____ C:\Users\John\Documents\~WRD0450.tmp
2017-12-27 23:46 - 2017-12-27 23:46 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\2E80.tmp.exe
2017-12-27 17:13 - 2017-12-27 17:13 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\John\AppData\Local\Temp\4DD2.tmp.exe
2017-12-27 17:17 - 2017-12-27 17:17 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\John\AppData\Local\Temp\7DC.tmp.exe
2017-12-27 22:00 - 2017-12-27 22:00 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\8A06.tmp.exe
C:\Users\John\AppData\Local\mbaszei
C:\Users\John\AppData\Local\igfxmtc
CMD: fltmc instances
Folder: C:\Windows\System32\Drivers
Reg: Reg query "HKLM\SYSTEM\Select"
HOSTS:
CMD: Removeproxy
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 CFKBOSTON

CFKBOSTON
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Boston, MA
  • Local time:04:31 PM

Posted 29 December 2017 - 09:06 PM

 Thank you Master SG, for the quick reply!

 

I look forward to resolving this,,,hopefully,.

 

Here is my fixlog,txt

 

John => 218622227 B
STUDIO => 24202367 B

RecycleBin => 0 B
EmptyTemp: => 499.5 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Safe Mode (with Networking)) (Date&Time: 29-12-2017 20:54:03)


Result of scheduled files to move (Boot Mode: Safe Mode (with Networking)) (Date&Time: 29-12-2017 20:54:03)

C:\Users\John\AppData\Local\mbaszei => Could not move
C:\Users\John\AppData\Local\mbaszei => Could not move
C:\Users\John\AppData\Local\igfxmtc => Could not move
C:\Users\John\AppData\Local\igfxmtc => Could not move

==== End of Fixlog 20:54:04 ====
==== End of Fixlog 20:54:04 ====



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:31 PM

Posted 29 December 2017 - 09:13 PM

The log is incomplete. Attach it to the reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 CFKBOSTON

CFKBOSTON
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Boston, MA
  • Local time:04:31 PM

Posted 30 December 2017 - 11:29 AM

Hello Sr. Master.

 

addendum: I ran scan in safe mode (NO NETWORKING) directly from USB, then posted results on another PC.  From what I have seen, my FIXLOG.txt is too short and still is!

 

------------------------------------------------------------------------*******-------------------------------------------------

 

I re scanned with FRST, again today, just to see if there were any changes, (All in safe mode as admin)

 

Per your Instructions: Once just hitting the "FIX" button hoping that the copied code was still on clipboard,

 

Second time I pasted the contents in window and hit "Fix". just to compare.

It looks like the same incomplete content, I have attached below as well.

 

///-------------if this matters//-----------

 

vmxclient and client are still showing up in tsk manager applications

client

client

 

 

Thank you again for your time.

CFK 

 

 

FIXLOG JAN 30 2017

 

John => 27113307 B
STUDIO => 0 B

RecycleBin => 0 B
EmptyTemp: => 56 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Safe Mode (with Networking)) (Date&Time: 30-12-2017 11:02:31)

C:\Users\John\AppData\Local\mbaszei => Could not move
C:\Users\John\AppData\Local\igfxmtc => Could not move

==== End of Fixlog 11:02:31 ====  

 

Attached Files


Edited by CFKBOSTON, 30 December 2017 - 02:15 PM.


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:31 PM

Posted 30 December 2017 - 02:29 PM

The rootkit is interfering with FRST.

  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as RunMe.bat
  • Change the Save as Type to All Files
  • and Save it on the desktop
  • Once saved, right click on the RunMe.bat file and select Run as Administrator. Post the report it will produce.
@echo Off
cd /d %~dp0
Color 1F
fltmc instances >Report.txt
Dir /a C:\Windows\System32\Drivers >>Report.txt
Reg query "HKLM\SYSTEM\Select" >>Report.txt
Start Report.txt
Exit

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 CFKBOSTON

CFKBOSTON
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Boston, MA
  • Local time:04:31 PM

Posted 30 December 2017 - 02:44 PM

Here you go!

 

Filter                Volume Name                              Altitude        Instance Name      Frame  VlStatus
--------------------  -------------------------------------  ------------  ---------------------  -----  --------
tldemr                \Device\Mup                              45666       tldemr Instance          0    
tldemr                C:                                       45666       tldemr Instance          0    
FileInfo              \Device\Mup                              45000       FileInfo                 0    
FileInfo              C:                                       45000       FileInfo                 0    
FileInfo              D:                                       45000       FileInfo                 0    
FileInfo                                                       45000       FileInfo                 0    
FileInfo                                                       45000       FileInfo                 0    
FileInfo              F:                                       45000       FileInfo                 0    
FileInfo              G:                                       45000       FileInfo                 0    
 Volume in drive C has no label.
 Volume Serial Number is 44CC-7776

 Directory of C:\Windows\System32\Drivers

12/30/2017  01:47 PM    <DIR>          .
12/30/2017  01:47 PM    <DIR>          ..
02/15/2011  09:49 PM                 0 103C_HP_cNB_G72 Notebook PC_Y5335KV_0U_Q5CB1060668_E622393-001_4A_I1439_SHP_V60.3F_F.37_T101029_WU3-0_L409_M3894_J500_7Intel_8655_92.00_#110215_N10EC8136_(XG996UA#ABA)_XMOBILE_CN10_Z_20594110000252710001020100.MRK
07/13/2009  07:06 PM            68,096 1394bus.sys
11/20/2010  05:44 AM           229,888 1394ohci.sys
11/20/2010  08:32 AM           334,208 acpi.sys
11/20/2010  04:30 AM            12,800 acpipmi.sys
07/13/2009  08:52 PM           491,088 adp94xx.sys
07/13/2009  08:52 PM           339,536 adpahci.sys
07/13/2009  08:52 PM           182,864 adpu320.sys
04/04/2017  09:53 AM           496,128 afd.sys
07/13/2009  07:10 PM            60,416 agilevpn.sys
07/13/2009  08:52 PM            61,008 AGP440.sys
06/10/2009  04:01 PM         1,146,880 agrsm64.sys
07/13/2009  08:52 PM            15,440 aliide.sys
07/13/2009  08:52 PM            15,440 amdide.sys
07/13/2009  06:19 PM            64,512 amdk8.sys
07/13/2009  06:19 PM            60,928 amdppm.sys
03/11/2011  01:41 AM           107,904 amdsata.sys
07/13/2009  08:52 PM           194,128 amdsbs.sys
03/11/2011  01:41 AM            27,008 amdxata.sys
08/11/2017  01:07 AM            62,464 appid.sys
07/13/2009  08:52 PM            87,632 arc.sys
07/13/2009  08:52 PM            97,856 arcsas.sys
11/16/2017  07:45 PM           183,584 aswArPot.sys
11/16/2017  07:44 PM           321,032 aswbidsdrivera.sys
11/16/2017  07:44 PM           198,968 aswbidsha.sys
11/16/2017  07:44 PM           343,288 aswbloga.sys
11/16/2017  07:44 PM            57,728 aswbuniva.sys
12/25/2017  08:51 PM           172,176 aswHdsKe.sys
11/16/2017  07:45 PM            47,008 aswHwid.sys
11/16/2017  07:45 PM           148,288 aswMonFlt.sys
09/21/2017  01:23 PM            38,152 aswNetNd6.sys
11/16/2017  07:44 PM           570,152 aswNetSec.sys
11/16/2017  07:45 PM           110,376 aswRdr2.sys
11/16/2017  07:45 PM            84,416 aswRvrt.sys
11/16/2017  07:45 PM         1,026,232 aswSnx.sys
11/16/2017  07:47 PM           455,376 aswSP.sys
11/16/2017  07:45 PM           455,384 aswSP.sys.151087964524104
11/16/2017  07:45 PM           203,976 aswStm.sys
09/21/2017  01:55 PM           199,312 aswstm.sys.150602016525205
11/16/2017  07:45 PM           364,464 aswVmm.sys
07/13/2009  07:10 PM            23,040 asyncmac.sys
07/13/2009  08:52 PM            24,128 atapi.sys
08/04/2013  09:25 PM           155,584 ataport.sys
06/19/2009  09:09 PM         1,394,688 athrx.sys
06/10/2009  03:34 PM           270,848 b57nd60a.sys
07/13/2009  08:52 PM            28,240 battc.sys
02/15/2011  09:49 PM         3,063,360 BCMWL664.SYS
07/13/2009  07:00 PM             6,656 beep.sys
07/13/2009  06:35 PM            45,056 blbdrive.sys
10/05/2016  09:54 AM            90,112 bowser.sys
06/10/2009  03:41 PM            18,432 BrFiltLo.sys
06/10/2009  03:41 PM             8,704 BrFiltUp.sys
07/13/2009  08:01 PM            95,232 bridge.sys
07/13/2009  08:19 PM           286,720 BrSerId.sys
06/10/2009  03:41 PM            47,104 BrSerWdm.sys
06/10/2009  03:41 PM            14,976 BrUsbMdm.sys
06/10/2009  03:41 PM            14,720 BrUsbSer.sys
07/13/2009  07:06 PM            41,984 bthenum.sys
07/13/2009  07:06 PM            72,192 bthmodem.sys
07/05/2017  11:56 PM           119,296 bthpan.sys
07/06/2012  03:07 PM           552,960 bthport.sys
04/27/2011  10:54 PM            80,384 BTHUSB.SYS
06/28/2008  07:43 AM            14,848 Bulk1528.sys
06/10/2009  03:34 PM           468,480 bxvbda.sys
12/17/2008  06:46 AM           533,760 Ca1528av.sys
07/13/2009  06:19 PM            92,160 cdfs.sys
10/17/2011  02:00 AM            10,224 cdr4_xp.sys
10/17/2011  02:00 AM            10,224 cdralw2k.sys
11/20/2010  04:19 AM           147,456 cdrom.sys
07/13/2009  07:06 PM            45,568 circlass.sys
11/20/2010  08:32 AM           179,072 Classpnp.sys
07/13/2009  06:31 PM            17,664 CmBatt.sys
07/13/2009  08:52 PM            17,488 cmdide.sys
11/20/2016  09:07 AM           467,392 cng.sys
07/13/2009  08:52 PM            21,584 compbatt.sys
11/20/2010  05:33 AM            38,912 CompositeBus.sys
07/13/2009  08:47 PM            39,504 crashdmp.sys
07/13/2009  08:47 PM            24,144 crcdisk.sys
12/04/2017  08:06 PM            45,640 dbx-canary.sys
12/04/2017  08:06 PM            45,672 dbx-dev.sys
12/04/2017  08:06 PM            45,640 dbx-stable.sys
09/08/2016  09:55 AM           106,496 dfsc.sys
07/13/2009  06:37 PM            40,448 discache.sys
01/20/2016  07:51 PM            73,664 disk.sys
02/03/2014  09:35 PM            27,584 Diskdump.sys
12/08/2015  01:54 PM           116,736 drmk.sys
12/08/2015  01:11 PM             5,632 drmkaud.sys
07/13/2009  08:47 PM            28,736 Dumpata.sys
07/13/2009  08:43 PM            55,128 dumpfve.sys
07/13/2009  06:38 PM            16,896 dxapi.sys
07/13/2009  06:38 PM            98,816 dxg.sys
05/16/2017  10:35 AM           986,856 dxgkrnl.sys
05/16/2017  10:35 AM           265,448 dxgmms1.sys
07/13/2009  08:47 PM           530,496 elxstor.sys
09/18/2017  07:05 PM    <DIR>          en-US
07/13/2009  06:31 PM             9,728 errdev.sys
12/30/2017  01:33 PM    <DIR>          etc
06/10/2009  03:34 PM         3,286,016 evbda.sys
03/10/2017  10:55 AM           195,584 exfat.sys
03/10/2017  10:55 AM           205,312 fastfat.sys
07/13/2009  07:00 PM            29,696 fdc.sys
07/13/2009  08:47 PM            70,224 fileinfo.sys
07/13/2009  06:25 PM            34,304 filetrace.sys
07/13/2009  07:00 PM            24,576 flpydisk.sys
11/20/2010  08:33 AM           289,664 fltMgr.sys
07/13/2009  08:47 PM            55,376 fsdepends.sys
03/01/2012  01:46 AM            23,408 fs_rec.sys
01/24/2013  01:01 AM           223,752 fvevol.sys
05/29/2017  11:56 PM           287,976 FWPKCLNT.SYS
07/13/2009  08:47 PM            65,088 GAGP30KX.SYS
06/10/2009  03:30 PM         3,440,660 gm.dls
06/10/2009  03:30 PM               646 gmreadme.txt
06/10/2009  03:31 PM            31,232 hcw85cir.sys
11/20/2010  05:43 AM           122,368 hdaudbus.sys
11/20/2010  05:44 AM           350,208 HdAudio.sys
09/17/2009  03:54 PM            56,344 HECIx64.sys
07/13/2009  06:31 PM            26,624 hidbatt.sys
07/13/2009  07:06 PM           100,864 hidbth.sys
07/02/2013  11:05 PM            76,800 hidclass.sys
07/13/2009  07:06 PM            46,592 hidir.sys
07/02/2013  11:05 PM            32,896 hidparse.sys
11/20/2010  05:43 AM            30,208 hidusb.sys
11/20/2010  08:33 AM            78,720 HpSAMD.sys
06/15/2017  03:23 PM           753,664 http.sys
11/20/2010  08:33 AM            14,720 hwpolicy.sys
07/13/2009  06:19 PM           105,472 i8042prt.sys
04/13/2010  12:44 PM           540,696 iaStor.sys
03/11/2011  01:41 AM           410,496 iaStorV.sys
07/28/2010  08:10 PM        10,610,400 igdkmd64.sys
07/13/2009  08:48 PM            44,112 iirsp.sys
12/29/2017  08:07 PM            79,064 imofugc.sys
02/03/2010  09:38 AM           271,872 IntcDAud.sys
07/13/2009  08:48 PM            16,960 intelide.sys
07/13/2009  06:19 PM            62,464 intelppm.sys
11/20/2010  05:52 AM            82,944 ipfltdrv.sys
11/20/2010  05:04 AM            78,848 IPMIDrv.sys
07/13/2009  07:10 PM           116,224 ipnat.sys
07/13/2009  07:09 PM           120,320 irda.sys
07/13/2009  07:08 PM            17,920 irenum.sys
07/13/2009  08:48 PM            20,544 isapnp.sys
07/13/2009  08:48 PM            50,768 kbdclass.sys
11/20/2010  05:33 AM            33,280 kbdhid.sys
11/20/2010  05:33 AM           243,712 ks.sys
08/11/2017  01:38 AM            95,464 ksecdd.sys
08/11/2017  01:38 AM           154,856 ksecpkg.sys
07/13/2009  07:00 PM            20,992 ksthunk.sys
07/13/2009  07:08 PM            60,928 lltdio.sys
07/13/2009  08:48 PM           114,752 lsi_fc.sys
07/13/2009  08:48 PM           106,560 lsi_sas.sys
07/13/2009  08:48 PM            65,600 lsi_sas2.sys
07/13/2009  08:48 PM           115,776 lsi_scsi.sys
07/13/2009  06:26 PM           113,152 luafv.sys
11/29/2017  09:11 AM            77,432 mbae64.sys
12/30/2017  11:53 AM           109,272 mbamchameleon.sys
12/30/2017  01:47 PM           253,880 mbamswissarmy.sys
07/13/2009  07:01 PM            22,016 mcd.sys
07/13/2009  08:48 PM            35,392 megasas.sys
07/13/2009  08:48 PM           284,736 MegaSR.sys
07/13/2009  07:10 PM            40,448 modem.sys
07/13/2009  06:38 PM            30,208 monitor.sys
07/13/2009  08:48 PM            49,216 mouclass.sys
07/13/2009  07:00 PM            31,232 mouhid.sys
05/07/2017  10:33 AM            94,440 mountmgr.sys
11/20/2010  08:33 AM           155,008 mpio.sys
07/13/2009  07:08 PM            77,312 mpsdrv.sys
09/08/2016  09:55 AM           142,336 mrxdav.sys
08/11/2017  01:00 AM           159,744 mrxsmb.sys
08/11/2017  12:59 AM           291,328 mrxsmb10.sys
08/11/2017  12:59 AM           129,536 mrxsmb20.sys
11/20/2010  08:33 AM            31,104 msahci.sys
11/20/2010  08:33 AM           140,672 msdsm.sys
07/13/2009  06:19 PM            26,112 msfs.sys
11/28/2012  05:56 PM                 3 MsftWdf_Kernel_01011_Inbox_Critical.Wdf
06/02/2012  09:57 AM                 3 MsftWdf_User_01_11_00_Inbox_Critical.Wdf
02/15/2011  09:51 PM                 0 Msft_Kernel_SynTP_01009.Wdf
07/27/2011  01:11 PM                 0 Msft_User_WpdFs_01_09_00.Wdf
09/19/2017  08:10 PM                 0 Msft_User_WpdMtpDr_01_09_00.Wdf
07/13/2009  07:06 PM             8,192 mshidkmdf.sys
07/13/2009  08:48 PM            15,424 msisadrv.sys
02/03/2014  09:35 PM           274,880 msiscsi.sys
07/13/2009  07:00 PM            11,136 mskssrv.sys
07/13/2009  07:00 PM             7,168 mspclock.sys
07/13/2009  07:00 PM             6,784 mspqm.sys
11/20/2010  08:33 AM           366,976 msrpc.sys
07/13/2009  08:48 PM            32,320 mssmbios.sys
07/13/2009  07:00 PM             8,064 mstee.sys
07/13/2009  07:02 PM            15,360 MTConfig.sys
07/13/2009  08:48 PM            60,496 mup.sys
10/12/2015  11:57 PM           950,720 ndis.sys
07/13/2009  07:08 PM            35,328 ndiscap.sys
07/13/2009  07:10 PM            24,064 ndistapi.sys
11/20/2010  05:50 AM            56,832 ndisuio.sys
11/20/2010  05:52 AM           164,352 ndiswan.sys
11/20/2010  05:52 AM            57,856 ndproxy.sys
07/13/2009  07:09 PM            44,544 netbios.sys
08/11/2017  01:00 AM           262,656 netbt.sys
05/29/2017  11:56 PM           377,576 netio.sys
06/10/2009  03:35 PM         5,434,368 netw5v64.sys
07/13/2009  08:48 PM            51,264 nfrd960.sys
07/13/2009  06:19 PM            44,032 npfs.sys
08/11/2017  12:58 AM            26,112 nsiproxy.sys
06/09/2017  10:33 AM         1,680,616 ntfs.sys
07/13/2009  06:19 PM             6,144 null.sys
03/11/2011  01:41 AM           148,352 nvraid.sys
03/11/2011  01:41 AM           166,272 nvstor.sys
07/13/2009  08:48 PM           122,960 NV_AGP.SYS
07/13/2009  07:07 PM           318,976 nwifi.sys
07/13/2009  07:06 PM            72,832 ohci1394.sys
11/20/2010  05:52 AM           131,584 pacer.sys
07/13/2009  07:00 PM            97,280 parport.sys
03/17/2012  02:58 AM            75,120 partmgr.sys
11/20/2010  08:33 AM           184,704 pci.sys
07/13/2009  08:45 PM            12,352 pciide.sys
07/13/2009  08:45 PM            48,720 pciidex.sys
07/13/2009  08:45 PM           220,752 pcmcia.sys
07/13/2009  08:45 PM            50,768 pcw.sys
06/14/2016  12:11 PM           663,552 PEAuth.sys
12/08/2015  01:12 PM           230,400 portcls.sys
07/13/2009  06:19 PM            60,416 processr.sys
11/03/2011  02:01 AM            56,208 PxHlpa64.sys
07/13/2009  08:45 PM         1,524,816 ql2300.sys
07/13/2009  08:45 PM           128,592 ql40xx.sys
07/13/2009  07:09 PM            46,592 qwavedrv.sys
07/13/2009  07:10 PM            14,848 rasacd.sys
11/20/2010  05:52 AM           129,536 rasl2tp.sys
07/13/2009  07:10 PM            92,672 raspppoe.sys
11/20/2010  05:52 AM           111,104 raspptp.sys
07/13/2009  07:10 PM            83,968 rassstp.sys
11/20/2010  04:27 AM           309,248 rdbss.sys
07/13/2009  07:17 PM            24,064 rdpbus.sys
07/13/2009  07:16 PM             7,680 RDPCDD.sys
07/13/2009  07:16 PM             7,680 RDPENCDD.sys
07/13/2009  07:16 PM             8,192 RDPREFMP.sys
07/16/2014  08:21 PM           212,480 rdpwd.sys
11/20/2010  08:33 AM           213,888 rdyboost.sys
07/13/2009  07:06 PM           158,720 rfcomm.sys
11/05/2015  04:53 AM           146,944 rmcast.sys
07/04/2012  03:26 PM            41,472 RNDISMP.sys
07/13/2009  07:10 PM            11,264 rootmdm.sys
07/13/2009  07:08 PM            76,800 rspndr.sys
05/31/2010  02:46 PM           333,928 Rt64win7.sys
01/07/2010  05:37 PM               712 RTEQEX0.dat
01/11/2010  02:36 PM               176 RTHDAEQ0.dat
03/13/2010  08:47 AM         2,291,616 RTKVHD64.sys
08/12/2010  01:03 PM           748,648 RTL8192cu.sys
09/22/2009  08:39 PM           225,280 RtsUStor.sys
11/20/2010  08:33 AM           103,808 sbp2port.sys
04/15/2013  04:50 AM           127,384 scdemu.sys
11/20/2010  05:09 AM            29,696 scfilter.sys
11/20/2010  08:33 AM           171,392 scsiport.sys
11/20/2010  04:37 AM           109,056 sdbus.sys
06/10/2009  03:37 PM            23,040 secdrv.sys
07/13/2009  07:00 PM            23,552 serenum.sys
07/13/2009  07:00 PM            94,208 serial.sys
07/13/2009  07:00 PM            26,624 sermouse.sys
07/13/2009  07:01 PM            14,336 sffdisk.sys
07/13/2009  07:01 PM            13,824 sffp_mmc.sys
11/20/2010  05:34 AM            14,336 sffp_sd.sys
07/13/2009  07:01 PM            16,896 sfloppy.sys
07/13/2009  08:45 PM            43,584 sisraid2.sys
07/13/2009  08:45 PM            80,464 sisraid4.sys
07/13/2009  07:09 PM            93,184 smb.sys
07/13/2009  07:00 PM            20,992 smclib.sys
07/13/2009  08:45 PM            19,008 spldr.sys
06/10/2009  03:48 PM           426,496 spsys.sys
08/11/2017  12:59 AM           460,800 srv.sys
08/11/2017  12:59 AM           405,504 srv2.sys
08/11/2017  12:59 AM           168,448 srvnet.sys
07/13/2009  08:45 PM            24,656 stexstor.sys
02/03/2014  09:35 PM           190,912 storport.sys
04/10/2015  10:19 PM            69,888 stream.sys
07/13/2009  08:45 PM            12,496 swenum.sys
04/15/2010  10:26 PM           319,536 SynTP.sys
07/13/2009  07:01 PM            29,184 tape.sys
05/29/2017  11:56 PM         1,895,656 tcpip.sys
07/07/2016  10:08 AM            46,080 tcpipreg.sys
11/20/2010  04:22 AM            26,624 tdi.sys
07/13/2009  07:16 PM            15,872 tdpipe.sys
02/16/2012  11:57 PM            23,552 tdtcp.sys
07/29/2017  09:56 AM           117,248 tdx.sys
11/20/2010  08:33 AM            63,360 termdd.sys
07/16/2014  08:21 PM            39,936 tssecsrv.sys
11/20/2010  06:07 AM            59,392 TsUsbFlt.sys
11/20/2010  05:51 AM           125,440 tunnel.sys
07/13/2009  08:45 PM            64,080 UAGP35.SYS
11/20/2010  04:26 AM           328,192 udfs.sys
07/13/2009  08:45 PM            64,592 ULIAGPKX.SYS
11/20/2010  05:44 AM            48,640 umbus.sys
10/22/2017  07:12 PM    <DIR>          UMDF
07/13/2009  07:06 PM             9,728 umpass.sys
02/11/2013  11:12 PM            19,968 usb8023.sys
09/07/2017  12:04 PM            54,784 usbaapl64.sys
07/12/2013  05:40 AM           109,824 USBAUDIO.sys
11/20/2010  05:44 AM            32,896 USBCAMD2.sys
11/26/2013  08:41 PM            99,840 usbccgp.sys
07/12/2013  05:41 AM           100,864 usbcir.sys
11/26/2013  08:41 PM             7,808 usbd.sys
11/26/2013  08:41 PM            53,248 usbehci.sys
11/26/2013  08:41 PM           343,040 usbhub.sys
11/26/2013  08:41 PM            25,600 usbohci.sys
11/26/2013  08:41 PM           325,120 usbport.sys
07/13/2009  07:38 PM            25,088 usbprint.sys
11/20/2010  06:37 AM            31,744 usbrpm.sys
07/02/2013  11:40 PM            42,496 usbscan.sys
02/03/2016  01:07 PM            91,648 USBSTOR.SYS
11/26/2013  08:41 PM            30,720 usbuhci.sys
07/12/2013  05:41 AM           185,344 usbvideo.sys
07/13/2009  08:45 PM            36,432 vdrvroot.sys
07/13/2009  06:38 PM            29,184 vga.sys
07/13/2009  06:38 PM            29,184 vgapnp.sys
11/20/2010  08:34 AM           215,936 vhdmp.sys
07/13/2009  08:45 PM            17,488 viaide.sys
07/13/2009  06:38 PM           129,024 videoprt.sys
11/20/2010  08:34 AM            71,552 volmgr.sys
07/07/2017  10:33 AM           363,752 volmgrx.sys
11/20/2010  08:34 AM           295,808 volsnap.sys
07/13/2009  08:45 PM           161,872 vsmraid.sys
06/10/2009  04:01 PM           292,864 VSTAZL6.SYS
06/10/2009  04:01 PM           740,864 VSTCNXT6.SYS
06/10/2009  04:01 PM         1,485,312 VSTDPV6.SYS
06/10/2009  04:01 PM           146,036 VSTProf.cty
07/13/2009  07:07 PM            24,576 vwifibus.sys
07/13/2009  07:07 PM            59,904 vwififlt.sys
07/13/2009  07:07 PM            17,920 vwifimp.sys
07/13/2009  07:02 PM            27,776 wacompen.sys
11/20/2010  05:52 AM            88,576 wanarp.sys
07/13/2009  06:37 PM            42,496 watchdog.sys
07/13/2009  08:45 PM            21,056 wd.sys
06/25/2013  05:55 PM           785,624 Wdf01000.sys
11/28/2012  05:56 PM            54,376 WdfLdr.sys
12/30/2017  01:45 PM           142,136 wedfjmps.sys
07/13/2009  07:09 PM            12,800 wfplwf.sys
07/13/2009  08:45 PM            22,096 wimmount.sys
11/20/2010  05:43 AM            41,984 winusb.sys
07/13/2009  06:31 PM            14,336 wmiacpi.sys
07/13/2009  08:45 PM            16,464 wmilib.sys
07/13/2009  07:10 PM            21,504 ws2ifsl.sys
07/25/2012  09:26 PM            87,040 WUDFPf.sys
07/25/2012  09:26 PM           198,656 WUDFRd.sys
06/10/2009  03:35 PM           389,120 yk62x64.sys
             337 File(s)     79,468,684 bytes
               5 Dir(s)  252,722,634,752 bytes free

HKEY_LOCAL_MACHINE\SYSTEM\Select
    Current    REG_DWORD    0x1
    Default    REG_DWORD    0x1
    Failed    REG_DWORD    0x1
    LastKnownGood    REG_DWORD    0x3

 



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:31 PM

Posted 30 December 2017 - 03:17 PM

We will need to run the fix in the Recovery Environment.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Please also download the attached file    and save it in the same location the FRST64 is saved in the flash drive.

Insert the USB drive in the infected computer.

Boot to the Recovery Console's Command prompt.

Entry points into the Windows Recovery Environment (WinRE).

You can access WinRE features through the Boot Options menu, which can be launched from Windows in a few different ways:

  • Option 1: From the login screen, click Shutdown, then hold down the Shift key while selecting Restart.
  • Option 2: In Windows 10, select Start > Settings > Update & security > Recovery > under Advanced Startup, click Restart now.
  • Option 3: Boot to recovery media.
  • Option 4: Use a hardware recovery button (or button combination) configured by the OEM (Computer Manufacturer).

After any of these actions is performed, all user sessions are signed off and the Boot Options menu is displayed. The PC will restart into the WinRE and the selected feature is launched.

On the boot options, select Troubleshooting > Advanced Options > Command prompt.

Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button.
  • It will make a log (Fixlog.txt) in the flash drive. Please copy and paste it to your reply.

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 CFKBOSTON

CFKBOSTON
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Boston, MA
  • Local time:04:31 PM

Posted 30 December 2017 - 04:46 PM

OK, praying I did this correctly.

  • For those who think Command Prompt in Safe Mode is the same...WRONG! 
  • It won't work, I had to create a system repair disc, via DVD!  Because machine would not toggle to USB.

 

  • The tool will start to run.  It did NOT scan, just said "tool ready to use"  Then i hit FIX BUTTON,.
  • When the tool opens click Yes to disclaimer.  (there was no disclaimer that I saw)
  • Press the Fix button.  YES did that!
  • It will make a log (Fixlog.txt) in the flash drive. Please copy and paste it to your reply.

Attached File  FRST.txt   30.11KB   2 downloads

 

Here is my Fix.log.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by SYSTEM (30-12-2017 17:16:24) Run:1
Running from H:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
C:\Windows\system32\Drivers\wed*.sys
C:\Users\John\AppData\Local\mbaszei
C:\Users\John\AppData\Local\igfxmtc
S1 msidntfs; system32\drivers\msidntfs.sys [X]
S3 udiskMgr; system32\drivers\zdgjmq.sys [X]
reg: Reg delete "HKLM\SYSTEM\ControlSet001\Services\tldemr
*****************


=========== "C:\Windows\system32\Drivers\wed*.sys" ==========

C:\Windows\system32\Drivers\wedlosvy.sys => moved successfully

========= End -> "C:\Windows\system32\Drivers\wed*.sys" ========

C:\Users\John\AppData\Local\mbaszei => moved successfully
C:\Users\John\AppData\Local\igfxmtc => moved successfully
msidntfs => service not found.
"HKLM\System\ControlSet001\Services\udiskMgr" => removed successfully
udiskMgr => service removed successfully

========= Reg delete "HKLM\SYSTEM\ControlSet001\Services\tldemr =========



========= End of Reg: =========


==== End of Fixlog 17:16:25 ====

 

UPDATE:

Upon reboot chkdsk is running!

System Restore works!  I created a new starting point.

No "Client" in Task Mgr, or igfxmtc! in Processes!  OMG it is a miracle!

 

Thank you

CFK


Edited by CFKBOSTON, 30 December 2017 - 06:35 PM.


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:31 PM

Posted 30 December 2017 - 06:45 PM

Safe Mode is not the Recovery Environment (WinRE). WinRE is more advanced.
 
There were two users infected in the computer. Lets try this Fix.
 
Download the attached file and save it in the same location the FRST64 is saved in the flash drive.

Insert the USB drive in the infected computer.

Boot to the Recovery Environment's Command prompt.
 
Run FRST as you did before and press the Fix button.
 
Post the new Fixlog.txt.
 
Upon restart, run Malwarebytes Antimalware.

  • Update the program, then proceed with the Scan options and select "Threat Scan".
  • The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

02-malwarebytes-premium-scan-methods.jpg

  • After a scan has been executed, scan results are displayed.
  • Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.


Edited by JSntgRvr, 30 December 2017 - 06:47 PM.
typo

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 CFKBOSTON

CFKBOSTON
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Boston, MA
  • Local time:04:31 PM

Posted 30 December 2017 - 06:54 PM

FIX LOG:  Program started as per instruction:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by SYSTEM (30-12-2017 20:47:29) Run:1
Running from y:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
Reg delete "HKLM\SYSTEM\ControlSet001\Services\tldemr"
Reg delete "HKLM\SYSTEM\ControlSet001\Services\msidntfs"
Reg delete "HKLM\SYSTEM\ControlSet001\Services\udiskMgr"
C:\Windows\system32\Drivers\wed*.sys
C:\Users\John\AppData\Local\mbaszei
C:\Users\John\AppData\Local\igfxmtc
C:\Users\STUDIO\AppData\Local\nvhptou
C:\Users\STUDIO\AppData\Local\igfxmtc
2017-12-30 13:22 - 2017-12-30 13:22 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\1380.tmp.exe
2017-12-30 12:58 - 2017-12-30 12:58 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\17E3.tmp.exe
2017-12-30 13:04 - 2017-12-30 13:04 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\2599.tmp.exe
2017-12-30 13:35 - 2017-12-30 13:35 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\44BD.tmp.exe
2017-12-30 12:53 - 2017-12-30 12:53 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\5205.tmp.exe
2017-12-30 12:58 - 2017-12-30 12:58 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\61CE.tmp.exe
2017-12-30 13:35 - 2017-12-30 13:35 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\732C.tmp.exe
2017-12-30 13:16 - 2017-12-30 13:16 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\7EEF.tmp.exe
2017-12-30 13:10 - 2017-12-30 13:10 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\B559.tmp.exe
2017-12-30 12:53 - 2017-12-30 12:53 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\D9CA.tmp.exe
2017-12-30 13:22 - 2017-12-30 13:22 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\DC88.tmp.exe
2017-12-30 13:04 - 2017-12-30 13:04 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\DFD3.tmp.exe
2017-12-30 13:10 - 2017-12-30 13:10 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\EEFF.tmp.exe
*****************

Reg delete "HKLM\SYSTEM\ControlSet001\Services\tldemr" => Error: No automatic fix found for this entry.
Reg delete "HKLM\SYSTEM\ControlSet001\Services\msidntfs" => Error: No automatic fix found for this entry.
Reg delete "HKLM\SYSTEM\ControlSet001\Services\udiskMgr" => Error: No automatic fix found for this entry.

=========== "C:\Windows\system32\Drivers\wed*.sys" ==========

not found

========= End -> "C:\Windows\system32\Drivers\wed*.sys" ========

"C:\Users\John\AppData\Local\mbaszei" => not found
"C:\Users\John\AppData\Local\igfxmtc" => not found
"C:\Users\STUDIO\AppData\Local\nvhptou" => not found
"C:\Users\STUDIO\AppData\Local\igfxmtc" => not found
"C:\Users\John\AppData\Local\Temp\1380.tmp.exe" => not found
"C:\Users\John\AppData\Local\Temp\17E3.tmp.exe" => not found
"C:\Users\John\AppData\Local\Temp\2599.tmp.exe" => not found
"C:\Users\John\AppData\Local\Temp\44BD.tmp.exe" => not found
"C:\Users\John\AppData\Local\Temp\5205.tmp.exe" => not found
"C:\Users\John\AppData\Local\Temp\61CE.tmp.exe" => not found
"C:\Users\John\AppData\Local\Temp\732C.tmp.exe" => not found
"C:\Users\John\AppData\Local\Temp\7EEF.tmp.exe" => not found
"C:\Users\John\AppData\Local\Temp\B559.tmp.exe" => not found
"C:\Users\John\AppData\Local\Temp\D9CA.tmp.exe" => not found
"C:\Users\John\AppData\Local\Temp\DC88.tmp.exe" => not found
"C:\Users\John\AppData\Local\Temp\DFD3.tmp.exe" => not found
"C:\Users\John\AppData\Local\Temp\EEFF.tmp.exe" => not found

==== End of Fixlog 20:47:29 ====

 

MALWAREBYTES RESULTS:

I AM RUNNING ONE MORE TIME, I deleted 4 threats in quarantine.

 

 

Attached File  MBAM.jpg   45.14KB   0 downloads

 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/30/17
Scan Time: 8:58 PM
Log File: 10a410c2-edce-11e7-8295-000000000000.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3594
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: John-HP\John

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327784
Threats Detected: 4
Threats Quarantined: 4
Time Elapsed: 41 min, 23 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
Trojan.SmartService, C:\USERS\STUDIO\APPDATA\LOCAL\IGFXMTC, Quarantined, [4373], [466344],1.0.3594

File: 3
Trojan.SmartService, C:\USERS\STUDIO\APPDATA\LOCAL\IGFXMTC\IGFXMTC.EXE, Quarantined, [4373], [466344],1.0.3594
Trojan.Yelloader, C:\USERS\STUDIO\APPDATA\LOCAL\NVHPTOU\AUHTRSX.EXE, Quarantined, [1320], [472030],1.0.3594
Trojan.Yelloader, C:\USERS\STUDIO\APPDATA\LOCAL\NVHPTOU\NVHPTOU.EXE, Quarantined, [1320], [472031],1.0.3594

Physical Sector: 0
(No malicious items detected)


(end)

 


Edited by CFKBOSTON, 30 December 2017 - 09:53 PM.


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:31 PM

Posted 30 December 2017 - 06:56 PM

:thumbup2:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 CFKBOSTON

CFKBOSTON
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Boston, MA
  • Local time:04:31 PM

Posted 30 December 2017 - 10:31 PM

Hi Sr, Master,

Final Malewarebytes scan just done

result:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/30/17
Scan Time: 9:48 PM
Log File: 070e68db-edd5-11e7-a2a0-000000000000.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3594
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: John-HP\John

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327735
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 34 min, 47 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled

 

I will reboot and do yet one last and final scan, hopefully no more nasty malware dare to show up!
 

Thank you again!


Edited by CFKBOSTON, 30 December 2017 - 11:38 PM.


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:31 PM

Posted 31 December 2017 - 01:51 AM

Lets see a new set of logs to confim.

Rescan with frst and post new logs. Frst.txt and additon.txt logs.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 CFKBOSTON

CFKBOSTON
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Boston, MA
  • Local time:04:31 PM

Posted 31 December 2017 - 03:56 AM

Hello Sr. Master.

Before I forget, There are 2 observations I'd like to mention that seem or seemed  'odd' possibly due to the malware.

 

1. When I reboot, and windows starts, the desktop wallpaper theme comes up then screen "flickers'  and changes to BLACK for a split second, then returns to the starting windows process.

 

2. The START BUTTON looks as though it has a border around it, and appears like it was clicked and then stuck in a  pressed in state.  I noticed this when my machine was really infected. See image below as example.Attached File  START-BUTTON.jpg   25.82KB   0 downloads

 

3. **NEW: As I started to run FRST.exe,, AVAST immediately treated it as a threat and moved to chest.  I had to disable my AV for 10 minutes in order to run the scan.  This never happened prior.  I reported it as a false positive.

 

Results of frst.exe:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
Ran by John (administrator) on JOHN-HP (31-12-2017 03:30:28)
Running from C:\Users\John\AppData\Local\Temp
Loaded Profiles: John (Available Profiles: John & STUDIO)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\snobmivsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Opera Software) C:\Program Files\Opera\launcher.exe
(Opera Software) C:\Windows\Temp\opera autoupdate\installer.exe
(Farbar) C:\Users\John\AppData\Local\Temp\4CC8.tmp.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-16] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
BootExecute: autocheck autochk * bootdeletebootdeletebootdeletebootdeletebootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{058DDE57-FE33-4809-929D-9B4AC26C4E8C}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{058DDE57-FE33-4809-929D-9B4AC26C4E8C}: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{81D67235-0534-4798-AF1E-2E78A1DE1703}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{81D67235-0534-4798-AF1E-2E78A1DE1703}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{AA67CC1E-E2E3-40CE-A725-5CB301336AE2}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {F6BFD8AC-F1FA-40AE-9F27-A1A73441E69E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {27825E2B-AAB1-4D17-8326-588FCF3107F3} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM -> {817C78BD-CCF3-40C0-A601-12AF936660ED} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {A164046D-A460-4CEA-936B-1DFC9457A4DF} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {F6BFD8AC-F1FA-40AE-9F27-A1A73441E69E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {F6BFD8AC-F1FA-40AE-9F27-A1A73441E69E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {27825E2B-AAB1-4D17-8326-588FCF3107F3} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {817C78BD-CCF3-40C0-A601-12AF936660ED} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {A164046D-A460-4CEA-936B-1DFC9457A4DF} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {F6BFD8AC-F1FA-40AE-9F27-A1A73441E69E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-142472965-594336474-3460442192-1000 -> DefaultScope {F6BFD8AC-F1FA-40AE-9F27-A1A73441E69E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-142472965-594336474-3460442192-1000 -> {27825E2B-AAB1-4D17-8326-588FCF3107F3} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-142472965-594336474-3460442192-1000 -> {817C78BD-CCF3-40C0-A601-12AF936660ED} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-142472965-594336474-3460442192-1000 -> {A164046D-A460-4CEA-936B-1DFC9457A4DF} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-142472965-594336474-3460442192-1000 -> {F6BFD8AC-F1FA-40AE-9F27-A1A73441E69E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-16] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2017-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-15] (Sun Microsystems, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-12-19] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-16] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2017-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-07-15] (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 1uvu448e.default-1489751797152-1509304540361
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1uvu448e.default-1489751797152-1509304540361 [2017-12-31]
FF NetworkProxy: Mozilla\Firefox\Profiles\1uvu448e.default-1489751797152-1509304540361 -> type", 0
FF Extension: (Avast SafePrice) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1uvu448e.default-1489751797152-1509304540361\Extensions\sp@avast.com.xpi [2017-12-25]
FF Extension: (Avast Online Security) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1uvu448e.default-1489751797152-1509304540361\Extensions\wrc@avast.com.xpi [2017-11-16]
FF Extension: (Disable Crash Auto Submit) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1uvu448e.default-1489751797152-1509304540361\features\{599b8cf9-8318-4a6c-bd8e-cc9423e5ab24}\disable-crash-autosubmit@mozilla.org.xpi [2017-12-30] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2017-10-29] [Legacy] [not signed]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-19] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-05-05] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-12-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Users\John\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-09-20] (Cisco WebEx LLC)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR NewTab: Default ->  Not-active:"chrome-extension://dgldcllfgcheelimlbmilnkilnamlhbd/newtab.html"
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default [2017-12-30]
CHR Extension: (Voice Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfkcobomkalfdlmkongnhnhahkmnaad [2017-12-17]
CHR Extension: (EasyVoice Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifabnpjjgbggngmgijikmfjkppdhfpgj [2017-12-17]
CHR Extension: (Nidink Games) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jalfecgjkbececcbcacphpfnfjcoiboa [2017-09-18]
CHR Extension: (Chromebook Recovery Utility) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2017-09-27]
CHR Extension: (Google Play) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2017-09-18]
CHR Extension: (Hearts) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkkbmdeidonbobilknidkpldmecbiilm [2017-09-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-18]
CHR Extension: (TeamViewer) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\oooiobdokpcfdlahlmcddobejikcmkfo [2017-10-30]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-15]
CHR Extension: (Chrome Media Router) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\System Profile [2017-12-29]
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-16] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-16] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [332368 2017-11-16] (AVAST Software)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [4709728 2017-12-19] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-13] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51016 2017-12-04] (Dropbox, Inc.)
S4 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [137480 2016-02-12] (Portrait Displays, Inc.)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [6106112 2017-10-06] (Fitbit, Inc.) [File not signed]
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-12-28] (SurfRight B.V.)
S4 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-06-30] (Hewlett-Packard Company) [File not signed]
S4 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] ()
R2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-17] (Realtek Semiconductor Corp.) [File not signed]
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 AdobeUpdateService; "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [183584 2017-11-16] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321032 2017-11-16] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [198968 2017-11-16] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343288 2017-11-16] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57728 2017-11-16] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [172176 2017-12-25] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47008 2017-11-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [148288 2017-11-16] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2017-09-21] (AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [570152 2017-11-16] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110376 2017-11-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84416 2017-11-16] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026232 2017-11-16] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [455376 2017-11-16] (AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [203976 2017-11-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [364464 2017-11-16] (AVAST Software)
S3 Bulk1528; C:\Windows\System32\Drivers\Bulk1528.sys [14848 2008-06-28] (SunPlus)
S2 Ca1528av; C:\Windows\System32\Drivers\Ca1528av.sys [533760 2008-12-17] (Digital Camera)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-30] (Malwarebytes)
S4 rjaty; C:\Windows\System32\drivers\imofugc.sys [79064 2017-12-29] (Malwarebytes Corporation)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation )
U0 tldemr; system32\drivers\wedlosvy.sys [X]
R3 udiskMgr; system32\drivers\twzdgj.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-31 03:29 - 2017-12-31 03:29 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-12-31 03:26 - 2017-12-31 03:31 - 000000000 ____D C:\Users\John\AppData\Local\pseuxkw
2017-12-31 03:26 - 2017-12-31 03:31 - 000000000 ____D C:\Users\John\AppData\Local\igfxmtc
2017-12-31 03:24 - 2017-12-31 03:24 - 002884096 _____ (TOSHIBA CORPORATION) C:\Windows\system32\snobmivsvc.exe
2017-12-31 03:23 - 2017-12-31 03:23 - 006334976 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2017-12-31 03:23 - 2017-12-31 03:23 - 000000000 ____D C:\Windows\SysWOW64\upacgke
2017-12-31 03:23 - 2017-12-31 03:23 - 000000000 ____D C:\Windows\system32\upacgke
2017-12-31 01:59 - 2017-12-31 01:59 - 000001233 _____ C:\Users\John\Desktop\YAY.txt
2017-12-30 22:28 - 2017-12-30 22:28 - 000001232 _____ C:\Users\John\Desktop\mbam final.txt
2017-12-30 21:47 - 2017-12-30 21:47 - 000001538 _____ C:\Users\John\Documents\MBAM DEC 30 9 47 PM.txt
2017-12-30 21:43 - 2017-12-30 21:43 - 000001558 _____ C:\Users\John\Desktop\MBAM DEC 30 2017 9.42 PM.txt
2017-12-30 18:56 - 2017-12-30 18:56 - 000003820 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1514678163
2017-12-30 18:56 - 2017-12-30 18:56 - 000001128 _____ C:\Users\Public\Desktop\Opera Browser.lnk
2017-12-30 18:56 - 2017-12-30 18:56 - 000001128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-12-30 18:39 - 2017-12-30 18:39 - 001264264 _____ (Opera Software) C:\Users\John\Downloads\OperaSetup(1).exe
2017-12-30 18:17 - 2017-12-30 18:17 - 000000000 __SHD C:\found.000
2017-12-30 14:42 - 2017-12-30 14:41 - 000000180 _____ C:\Users\John\Desktop\RunMe.bat
2017-12-28 14:30 - 2017-12-28 14:31 - 000000000 _____ C:\Users\John\AppData\Local\{CF55B4BA-F0D2-40AE-993B-5C1E6978FE0D}
2017-12-28 14:30 - 2017-12-28 14:30 - 000000000 ____H C:\Users\John\AppData\Local\BIT2D0C.tmp
2017-12-28 02:02 - 2017-12-28 02:02 - 000001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-12-28 02:02 - 2017-12-28 02:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-12-27 23:53 - 2017-12-27 23:53 - 000000412 _____ C:\Windows\system32\Drivers\etc\bleeping.txt
2017-12-27 21:50 - 2017-12-27 21:50 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-12-27 19:52 - 2017-12-27 19:52 - 000000000 ____D C:\Users\STUDIO\AppData\Local\ElevatedDiagnostics
2017-12-27 19:22 - 2017-12-27 19:05 - 253383016 _____ (Emsisoft Ltd. ) C:\Users\STUDIO\Desktop\EmsisoftAntiMalwareSetup_bc.exe
2017-12-27 19:06 - 2017-12-27 19:06 - 000000000 ____D C:\Users\STUDIO\AppData\Local\ESET
2017-12-27 19:03 - 2017-12-27 19:04 - 006968952 _____ (ESET spol. s r.o.) C:\Users\STUDIO\Downloads\esetonlinescanner_enu.exe
2017-12-27 18:31 - 2017-12-27 18:58 - 000000000 ____D C:\Users\STUDIO\AppData\Local\Mozilla
2017-12-27 18:31 - 2017-12-27 18:57 - 000000000 ____D C:\Users\STUDIO\AppData\LocalLow\Mozilla
2017-12-27 18:31 - 2017-12-27 18:31 - 000000000 ____D C:\Users\STUDIO\AppData\Roaming\Mozilla
2017-12-27 18:27 - 2017-12-27 18:27 - 000000000 ____D C:\Users\STUDIO\AppData\Local\Zemana
2017-12-27 18:13 - 2017-12-27 21:42 - 000000000 ____D C:\Users\STUDIO\AppData\Local\sihkcur
2017-12-27 18:13 - 2017-12-27 18:13 - 000118480 _____ C:\Users\STUDIO\AppData\Local\GDIPFONTCACHEV1.DAT
2017-12-27 18:13 - 2017-12-27 18:13 - 000000000 ____D C:\Users\STUDIO\AppData\Local\CEF
2017-12-27 18:07 - 2017-12-30 16:55 - 002109570 _____ C:\Windows\ntbtlog.txt
2017-12-27 17:17 - 2017-12-27 17:58 - 000012620 _____ C:\TDSSKiller.2.8.16.0_27.12.2017_17.17.42_log.txt
2017-12-27 17:15 - 2017-12-27 17:16 - 005131696 _____ C:\Windows\system32\FNTCACHE.DAT
2017-12-27 17:13 - 2017-12-27 17:14 - 000008608 _____ C:\TDSSKiller.2.8.16.0_27.12.2017_17.13.49_log.txt
2017-12-27 15:24 - 2017-12-27 15:24 - 000001182 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-12-27 15:22 - 2017-12-27 15:22 - 000000028 _____ C:\Users\John\Documents\chrome_passwords.csv
2017-12-27 15:03 - 2017-12-27 15:03 - 000001046 _____ C:\Windows\system32\Drivers\etc\hostsold.txt
2017-12-27 00:22 - 2017-12-29 21:58 - 000000000 ____D C:\Users\John\Documents\STUFF
2017-12-26 16:44 - 2017-12-26 16:44 - 098828288 _____ C:\Windows\system32\config\SOFTWARE.bdkup
2017-12-26 16:44 - 2017-12-26 16:44 - 023113728 _____ C:\Windows\system32\config\SYSTEM.bdkup
2017-12-26 16:44 - 2017-12-26 16:44 - 000524288 _____ C:\Windows\system32\config\DEFAULT.bdkup
2017-12-26 15:57 - 2017-12-30 15:43 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-12-26 15:56 - 2017-12-26 15:56 - 000001902 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-26 15:56 - 2017-12-26 15:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-26 15:56 - 2017-12-26 15:55 - 083316440 _____ (Malwarebytes ) C:\Users\John\Desktop\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2017-12-26 15:56 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-12-26 14:54 - 2017-12-26 14:54 - 000000000 ____D C:\Users\John\AppData\Roaming\PowerISO
2017-12-26 13:23 - 2017-12-26 14:52 - 000000000 ____D C:\Users\John\Desktop\AVG UPDATES
2017-12-25 23:14 - 2017-12-25 23:14 - 000000000 ____D C:\ProgramData\McAfee
2017-12-25 23:12 - 2017-12-25 23:14 - 011026328 _____ (McAfee, Inc.) C:\Users\John\Downloads\SecurityScan_Release.exe
2017-12-25 23:08 - 2017-12-25 23:09 - 000793536 _____ (Symantec) C:\Users\John\Downloads\Setup.exe
2017-12-25 22:56 - 2017-12-25 22:59 - 002527376 _____ (Trend Micro Inc.) C:\Users\John\Downloads\HousecallLauncher64.exe
2017-12-25 22:33 - 2017-12-25 22:33 - 002755584 _____ C:\Users\John\Downloads\SH-Alt-Install(1).exe
2017-12-25 22:02 - 2017-12-25 22:02 - 000001269 _____ C:\Users\John\Desktop\emana.AntiMalware.Setup.exe - Shortcut.lnk
2017-12-25 22:02 - 2017-12-25 22:02 - 000001179 _____ C:\Users\John\Desktop\drill64-19131.exe - Shortcut.lnk
2017-12-25 21:58 - 2017-12-25 21:59 - 000000000 ____D C:\Users\John\Documents\sys 32 reg bak
2017-12-25 21:06 - 2017-12-25 20:51 - 000172176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2017-12-23 14:17 - 2017-12-23 14:17 - 000001240 _____ C:\Users\John\Desktop\rstrui.exe - Shortcut.lnk
2017-12-23 12:01 - 2017-12-23 12:01 - 008198432 _____ (Malwarebytes) C:\Users\John\Downloads\adwcleaner_7.0.6.0.exe
2017-12-23 10:41 - 2017-12-26 11:25 - 000000000 ____D C:\RescueCD Logs
2017-12-21 03:25 - 2017-12-31 03:30 - 000000000 ____D C:\FRST
2017-12-20 23:23 - 2017-12-20 23:23 - 000001957 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2017-12-20 23:21 - 2017-11-16 19:45 - 000365168 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-12-20 20:53 - 2017-12-30 15:17 - 000109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-12-20 20:26 - 2017-12-20 20:26 - 000983168 _____ (Bleeping Computer, LLC) C:\Users\John\Downloads\drill64-19131.exe
2017-12-20 05:07 - 2017-12-20 05:07 - 000001448 _____ C:\Users\STUDIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-12-20 05:07 - 2017-12-20 05:07 - 000000000 ____D C:\Users\STUDIO\AppData\Roaming\Adobe
2017-12-20 05:06 - 2017-12-30 21:44 - 000000000 ____D C:\Users\STUDIO\AppData\Local\nvhptou
2017-12-20 05:03 - 2017-12-26 16:44 - 000000000 ____D C:\Users\STUDIO
2017-12-20 05:03 - 2017-12-20 05:03 - 000000020 ___SH C:\Users\STUDIO\ntuser.ini
2017-12-20 05:03 - 2011-02-15 22:35 - 000000000 ____D C:\Users\STUDIO\AppData\Roaming\Media Center Programs
2017-12-20 01:10 - 2017-12-20 01:10 - 000015360 ___SH C:\Users\John\Documents\Thumbs.db
2017-12-19 22:18 - 2017-12-30 13:46 - 000000000 ____D C:\Users\John\Documents\Zemana AntiMalware
2017-12-19 21:46 - 2017-12-28 09:30 - 000003764 _____ C:\Windows\system32\.crusader
2017-12-19 21:07 - 2017-12-28 02:02 - 000000000 ____D C:\Program Files\HitmanPro
2017-12-19 21:05 - 2017-12-19 21:47 - 000000000 ____D C:\ProgramData\HitmanPro
2017-12-19 20:51 - 2017-12-27 17:14 - 000000000 ____D C:\AdwCleaner
2017-12-19 19:51 - 2017-12-28 00:17 - 000002606 _____ C:\Users\John\Desktop\Rkill.txt
2017-12-19 19:26 - 2017-12-29 20:07 - 000079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\imofugc.sys
2017-12-19 18:16 - 2017-12-30 15:29 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-19 17:48 - 2017-12-30 15:29 - 000000000 ____D C:\Users\John\Desktop\mbar
2017-12-19 17:45 - 2017-12-19 21:15 - 011584088 _____ (SurfRight B.V.) C:\Users\John\Desktop\HitmanPro_x64.exe
2017-12-19 17:44 - 2017-12-19 17:44 - 008172032 _____ (Malwarebytes) C:\Users\John\Desktop\AdwCleaner.exe
2017-12-19 17:39 - 2017-12-19 17:40 - 016563352 _____ (Malwarebytes Corp.) C:\Users\John\Downloads\mbar-1.09.3.1001.exe
2017-12-19 17:38 - 2017-12-19 17:38 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\John\Downloads\drill.exe
2017-12-19 16:41 - 2017-12-26 15:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-19 16:16 - 2017-12-19 16:21 - 083316440 _____ (Malwarebytes ) C:\Users\John\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2017-12-19 16:11 - 2017-12-30 13:44 - 000028594 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-12-19 16:11 - 2017-12-30 13:41 - 000064495 _____ C:\Windows\ZAM.krnl.trace
2017-12-19 16:10 - 2017-12-19 23:56 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-12-19 16:10 - 2017-12-19 16:10 - 000000000 ____D C:\Users\John\AppData\Local\Zemana
2017-12-19 16:09 - 2017-12-19 16:09 - 006625600 _____ (Zemana Ltd. ) C:\Users\John\Downloads\emana.AntiMalware.Setup.exe
2017-12-19 16:06 - 2017-12-19 16:06 - 000003128 _____ C:\Windows\System32\Tasks\{E4F3FBC4-9FC4-45DD-B096-84FE6FDA0180}
2017-12-19 16:05 - 2017-12-19 16:05 - 002755584 _____ C:\Users\John\Downloads\SH-Alt-Install.exe
2017-12-19 15:53 - 2017-12-19 15:53 - 000000000 ____D C:\Users\John\Documents\Security
2017-12-19 15:40 - 2017-12-19 15:40 - 000000017 _____ C:\Users\John\AppData\Local\resmon.resmoncfg
2017-12-19 03:43 - 2017-12-19 03:43 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-12-18 01:11 - 2017-12-18 01:11 - 000398104 _____ C:\Users\John\Documents\English for Vision Mobile2CFK.pdf
2017-12-18 00:19 - 2017-12-18 00:19 - 000074178 _____ C:\Users\John\Documents\Difference between Coinsurance, Deductible, Out-Of-Pocket Limit, Copayment and Premium.pdf
2017-12-17 23:58 - 2017-12-17 23:58 - 000019519 _____ C:\Users\John\Documents\SdsdaasSads.pdf
2017-12-17 23:51 - 2017-12-18 00:54 - 000481040 _____ C:\Users\John\Documents\English for Vision MobileCFK.pdf
2017-12-17 23:46 - 2017-12-17 23:46 - 000000000 ____D C:\Users\John\Downloads\source-sans-pro
2017-12-17 23:45 - 2017-12-17 23:45 - 000000000 ____D C:\Users\John\Downloads\jonathan-s-harris_charcoal
2017-12-17 23:45 - 2017-12-17 23:45 - 000000000 ____D C:\Users\John\Downloads\Hu_Adobe_Garamond
2017-12-17 23:44 - 2000-03-27 09:22 - 000047824 _____ C:\Users\John\Downloads\AppleGaramond-Light.ttf
2017-12-17 23:44 - 2000-03-27 09:21 - 000046068 _____ C:\Users\John\Downloads\AppleGaramond-LightItalic.ttf
2017-12-17 23:44 - 2000-03-27 09:12 - 000045724 _____ C:\Users\John\Downloads\AppleGaramond-BoldItalic.ttf
2017-12-17 23:44 - 2000-03-27 09:11 - 000047264 _____ C:\Users\John\Downloads\AppleGaramond-Bold.ttf
2017-12-17 23:44 - 2000-03-27 09:08 - 000046560 _____ C:\Users\John\Downloads\AppleGaramond-Italic.ttf
2017-12-17 23:44 - 2000-03-27 09:07 - 000047476 _____ C:\Users\John\Downloads\AppleGaramond.ttf
2017-12-17 23:36 - 2017-12-17 23:36 - 000040753 _____ C:\Users\John\Downloads\Hu_Adobe_Garamond.zip
2017-12-17 23:35 - 2017-12-17 23:35 - 001120629 _____ C:\Users\John\Downloads\source-sans-pro.zip
2017-12-17 23:34 - 2017-12-17 23:34 - 000377617 _____ C:\Users\John\Downloads\jonathan-s-harris_charcoal.zip
2017-12-17 23:34 - 2017-12-17 23:34 - 000169754 _____ C:\Users\John\Downloads\apple_garamond.zip
2017-12-17 23:34 - 2017-12-17 23:34 - 000169754 _____ C:\Users\John\Downloads\apple_garamond (1).zip
2017-12-17 23:32 - 2017-12-17 23:32 - 001033407 _____ C:\Users\John\Downloads\instructions-for-acrobat-pro-X-pc.pdf
2017-12-17 23:05 - 2017-12-21 15:34 - 000000000 ____D C:\Users\John\AppData\Local\siapedx
2017-12-17 23:00 - 2017-12-17 23:00 - 000000000 ___HD C:\$AV_ASW
2017-12-17 22:20 - 2017-12-17 22:50 - 000000005 _____ C:\system32
2017-12-17 18:04 - 2017-12-30 16:56 - 002884096 _____ C:\Windows\system32\snbdoicsvc.exe
2017-12-17 17:50 - 2017-12-17 17:50 - 000000020 _____ C:\Windows\b12419223
2017-12-17 17:50 - 2017-12-17 17:50 - 000000000 ____D C:\Windows\SysWOW64\sbotdxr
2017-12-17 17:50 - 2017-12-17 17:50 - 000000000 ____D C:\Windows\system32\sbotdxr
2017-12-17 17:50 - 2017-12-17 17:50 - 000000000 ____D C:\Users\John\AppData\Roaming\et
2017-12-17 17:49 - 2017-12-17 17:49 - 000021524 _____ C:\Windows\System32\Tasks\IKB2kiPoOqgx
2017-12-17 17:42 - 2017-12-21 03:12 - 000000000 ____D C:\Users\John\AppData\Roaming\Avast Tuneup
2017-12-17 15:51 - 2017-12-17 15:52 - 000000000 ____D C:\Users\John\Documents\MOBILE SAVE
2017-12-17 11:48 - 2017-12-17 11:48 - 000001308 _____ C:\Users\Public\Desktop\EaseUS MobiSaver.lnk
2017-12-17 11:48 - 2017-12-17 11:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS MobiSaver
2017-12-17 11:48 - 2017-12-17 11:48 - 000000000 ____D C:\Program Files (x86)\EaseUS
2017-12-17 11:46 - 2017-12-17 11:47 - 000000000 ____D C:\Users\John\Desktop\MOBISAVE
2017-12-17 11:44 - 2017-12-17 11:46 - 029033501 _____ C:\Users\John\Downloads\MobiSaver.7.5.Build.2017.10.19.rar
2017-12-17 11:37 - 2017-12-17 11:37 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-12-16 18:21 - 2017-12-31 03:23 - 000142160 ____N C:\Windows\system32\Drivers\reikplds.sys
2017-12-14 08:22 - 2017-12-14 08:22 - 000051617 _____ C:\Windows\uninstaller.dat
2017-12-12 09:21 - 2017-12-12 09:21 - 000704552 _____ C:\Users\John\Downloads\BC1986-019-finding-aid (1).pdf
2017-12-11 08:59 - 2017-12-11 09:00 - 001109826 _____ C:\Users\John\Downloads\Cervical-Radicular-Pain-Patterns.pdf
2017-12-10 11:47 - 2017-12-10 11:47 - 000704552 _____ C:\Users\John\Downloads\BC1986-019-finding-aid.pdf
2017-12-07 20:24 - 2017-12-07 20:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-12-06 07:46 - 2017-12-06 07:46 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2017-12-06 07:46 - 2017-12-06 07:46 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2017-12-04 20:06 - 2017-12-04 20:06 - 000051016 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-12-04 20:06 - 2017-12-04 20:06 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-12-04 20:06 - 2017-12-04 20:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-12-04 20:06 - 2017-12-04 20:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-12-03 23:50 - 2017-12-03 23:50 - 000440128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2017-12-03 23:50 - 2017-12-03 23:50 - 000263856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2017-12-03 23:50 - 2017-12-03 23:50 - 000242496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2017-12-03 23:50 - 2017-12-03 23:50 - 000083792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000641696 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000389296 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000331432 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000087728 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2017-12-03 19:09 - 2017-12-19 06:11 - 000001006 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-31 03:31 - 2016-12-15 07:53 - 000000000 ____D C:\Users\John\AppData\LocalLow\Mozilla
2017-12-31 03:31 - 2016-12-15 07:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-31 03:31 - 2009-07-13 21:34 - 024641536 _____ C:\Windows\system32\config\HARDWARE
2017-12-31 03:30 - 2017-10-13 13:25 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-12-31 03:26 - 2017-10-13 13:25 - 000000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-12-31 03:25 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-31 03:24 - 2009-07-13 23:45 - 000023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-31 03:24 - 2009-07-13 23:45 - 000023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-31 03:00 - 2009-07-14 00:13 - 000808866 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-31 03:00 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2017-12-30 21:05 - 2010-07-15 14:41 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-30 18:56 - 2017-09-18 14:57 - 000000000 ____D C:\Program Files\Opera
2017-12-30 18:23 - 2017-10-09 20:04 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-12-30 12:41 - 2009-07-14 00:08 - 000032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-12-30 11:07 - 2017-10-09 20:04 - 000000000 ____D C:\Users\John\AppData\Roaming\TeamViewer
2017-12-29 23:25 - 2017-09-21 13:24 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-12-29 23:04 - 2017-11-16 19:53 - 000004194 _____ C:\Windows\System32\Tasks\Avast TUNEUP Update
2017-12-27 17:15 - 2016-12-15 07:55 - 000000000 ____D C:\Program Files (x86)\Google
2017-12-27 16:05 - 2017-10-12 03:46 - 000000000 ____D C:\Windows\Minidump
2017-12-27 16:05 - 2009-09-06 20:57 - 000000000 ____D C:\Windows\Panther
2017-12-27 16:04 - 2017-10-15 01:41 - 000000000 ____D C:\Users\John\AppData\Roaming\Skype
2017-12-27 16:04 - 2011-07-27 12:18 - 000000000 ____D C:\Users\John\Documents\Youcam
2017-12-27 16:04 - 2010-07-15 16:58 - 000000000 ____D C:\ProgramData\{8D274659-3D84-4410-A197-C170D180BC76}
2017-12-27 15:05 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2017-12-26 16:44 - 2011-06-04 22:04 - 000000000 ____D C:\Users\John
2017-12-26 15:25 - 2011-07-27 12:18 - 000000000 ____D C:\Users\Public\CyberLink
2017-12-25 22:39 - 2017-09-19 17:33 - 001902177 _____ C:\Users\John\Downloads\dr_GL2760H_7_8.zip
2017-12-25 22:29 - 2017-09-18 19:38 - 000000000 ____D C:\Users\John\AppData\Local\ElevatedDiagnostics
2017-12-23 11:45 - 2017-09-20 08:46 - 000000000 ____D C:\Users\John\Documents\Outlook Files
2017-12-21 03:17 - 2017-11-15 08:38 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2017-12-20 10:17 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2017-12-20 09:40 - 2017-09-29 22:35 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-12-20 05:06 - 2009-07-13 23:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-12-19 23:52 - 2017-10-06 01:34 - 000000000 ____D C:\Windows\pss
2017-12-19 21:55 - 2017-10-28 23:17 - 000000000 ___RD C:\Users\John\iCloudDrive
2017-12-19 19:26 - 2017-09-20 12:31 - 000000000 ____D C:\Users\John\Desktop\Adobe
2017-12-19 19:26 - 2009-07-14 00:32 - 000000000 ____D C:\Windows\addins
2017-12-19 09:58 - 2017-10-01 18:35 - 000000000 ____D C:\Users\John\AppData\Roaming\Apple Computer
2017-12-19 09:55 - 2017-09-20 08:17 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-19 03:43 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-12-19 03:38 - 2017-09-20 08:16 - 000000000 ____D C:\Program Files\Microsoft Office
2017-12-17 23:48 - 2011-06-04 18:08 - 000118480 _____ C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2017-12-17 23:02 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2017-12-17 11:37 - 2009-07-13 22:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-12-17 11:37 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-12-14 23:58 - 2017-09-29 14:07 - 000000000 ___RD C:\Users\John\Documents\Scanned Documents
2017-12-14 18:40 - 2010-07-15 15:45 - 000000000 ____D C:\ProgramData\Adobe
2017-12-14 18:38 - 2017-11-05 20:47 - 000000021 _____ C:\Windows\SurCode.INI
2017-12-14 18:38 - 2017-09-22 14:01 - 000000000 ____D C:\Users\Public\Documents\Adobe
2017-12-13 13:47 - 2017-10-09 20:06 - 000000000 ____D C:\Users\John\AppData\Local\TeamViewer
2017-12-12 09:45 - 2017-11-20 01:20 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-12 09:45 - 2017-09-23 16:52 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-12 09:45 - 2017-09-23 16:52 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-12 09:45 - 2017-09-23 16:52 - 000004470 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-12 09:45 - 2017-09-20 14:29 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-07 20:24 - 2017-10-13 13:25 - 000000000 ____D C:\Program Files (x86)\Dropbox

==================== Files in the root of some directories =======

2017-10-09 10:24 - 2017-10-09 10:25 - 000000132 _____ () C:\Users\John\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-12-28 14:30 - 2017-12-28 14:30 - 000000000 ____H () C:\Users\John\AppData\Local\BIT2D0C.tmp
2017-12-19 15:40 - 2017-12-19 15:40 - 000000017 _____ () C:\Users\John\AppData\Local\resmon.resmoncfg
2017-12-28 14:30 - 2017-12-28 14:31 - 000000000 _____ () C:\Users\John\AppData\Local\{CF55B4BA-F0D2-40AE-993B-5C1E6978FE0D}

Some files in TEMP:
====================
2017-12-30 16:22 - 2017-12-30 16:22 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\1380.tmp.exe
2017-12-30 15:58 - 2017-12-30 15:58 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\17E3.tmp.exe
2017-12-30 16:04 - 2017-12-30 16:04 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\2599.tmp.exe
2017-12-30 16:35 - 2017-12-30 16:35 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\44BD.tmp.exe
2017-12-31 03:30 - 2017-12-31 03:30 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\4CC8.tmp.exe
2017-12-30 15:53 - 2017-12-30 15:53 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\5205.tmp.exe
2017-12-30 15:58 - 2017-12-30 15:58 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\61CE.tmp.exe
2017-12-30 16:35 - 2017-12-30 16:35 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\732C.tmp.exe
2017-12-30 16:16 - 2017-12-30 16:16 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\7EEF.tmp.exe
2017-12-30 16:10 - 2017-12-30 16:10 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\B559.tmp.exe
2017-12-30 15:53 - 2017-12-30 15:53 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\D9CA.tmp.exe
2017-12-30 16:22 - 2017-12-30 16:22 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\DC88.tmp.exe
2017-12-31 03:23 - 2017-12-31 03:23 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\DEA0.tmp.exe
2017-12-30 16:04 - 2017-12-30 16:04 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\DFD3.tmp.exe
2017-12-30 16:10 - 2017-12-30 16:10 - 002391552 _____ (Farbar) C:\Users\John\AppData\Local\Temp\EEFF.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\reikplds.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION

LastRegBack: 2017-12-29 22:48

==================== End of FRST.txt ============================

 

 

 

ADDITION.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by John (31-12-2017 03:33:22)
Running from C:\Users\John\AppData\Local\Temp
Windows 7 Home Premium Service Pack 1 (X64) (2011-06-05 03:03:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-142472965-594336474-3460442192-500 - Administrator - Disabled)
Guest (S-1-5-21-142472965-594336474-3460442192-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-142472965-594336474-3460442192-1005 - Limited - Enabled)
John (S-1-5-21-142472965-594336474-3460442192-1000 - Administrator - Enabled) => C:\Users\John
STUDIO (S-1-5-21-142472965-594336474-3460442192-1006 - Administrator - Enabled) => C:\Users\STUDIO

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Disabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_1_2) (Version: 11.1.2 - Adobe Systems Incorporated)
Adobe Reader 9.3 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{9FB3E3D8-B5F8-FE9C-D75C-D206393FB1C5}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 17.2.3341.0 - AVAST Software)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
Bejeweled 2 Deluxe (HKLM-x32\...\WT087428) (Version: 2.2.0.95 - WildTangent) Hidden
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WT087328) (Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
Build-a-lot 2 (HKLM-x32\...\WT087335) (Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (HKLM-x32\...\WT087453) (Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-142472965-594336474-3460442192-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1616 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT087536) (Version: 2.2.0.95 - WildTangent) Hidden
Display Pilot (HKLM-x32\...\{6DD25D67-4339-47A1-950E-EEFC321CBB24}) (Version: 2.50.066 - Portrait Displays, Inc.)
Dora's Carnival Adventure (HKLM-x32\...\WT087342) (Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 40.4.46 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
EaseUS MobiSaver version EaseUS MobiSaver (HKLM-x32\...\EaseUS MobiSaver_is1) (Version: EaseUS MobiSaver - EaseUS)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (HKLM-x32\...\WT087360) (Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FATE (HKLM-x32\...\WT087361) (Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (HKLM-x32\...\WT087362) (Version: 2.2.0.95 - WildTangent) Hidden
Fitbit Connect (HKLM-x32\...\{30C7C152-D711-4A39-AD18-3F675AEAD50A}) (Version: 2.0.2.6982 - Fitbit Inc.)
FoneLab 8.0.90 (HKLM-x32\...\{CA7ED0B0-3CD4-4254-A9D2-2D7F78C5E3C5}_is1) (Version: 8.0.90 - Aiseesoft Studio)
Heroes of Hellas 2 - Olympia (HKLM-x32\...\WT087372) (Version: 2.2.0.95 - WildTangent) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{69ABD67D-5C2E-4724-B519-695DEF3EC23B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{4F74D585-BCDB-4316-80FC-264E5B8E883E}) (Version: 3.5.23.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}) (Version: 5.0.14.2 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{7464D896-C63C-412E-8ED3-3261C9F14E21}) (Version: 7.0.1.210 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2131 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Java™ 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Jewel Quest 3 (HKLM-x32\...\WT087373) (Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (HKLM-x32\...\WT087379) (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional 2016 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-142472965-594336474-3460442192-1000\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 57.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.3 (x64 en-US)) (Version: 57.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Opera Stable 49.0.2725.64 (HKLM-x32\...\Opera 49.0.2725.64) (Version: 49.0.2725.64 - Opera Software)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Penguins! (HKLM-x32\...\WT087394) (Version: 2.2.0.95 - WildTangent) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PhotoNow! (HKLM-x32\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
Plants vs. Zombies (HKLM-x32\...\WT087501) (Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (HKLM-x32\...\WT087395) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WT087396) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT087397) (Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.6 - Power Software Ltd)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.25.824.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6066 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.3023 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}) (Version: 1.0.3 - Realtek Semiconductor Corp.)
SDK (HKLM-x32\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 3.02.002 - Portrait Displays, Inc.) Hidden
Skype™ 4.2 (HKLM-x32\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.166 - Skype Technologies S.A.)
SPCA1528 PC Driver (HKLM-x32\...\{570C2A84-A145-4DF0-AE9D-012584DF09DC}) (Version: 2.2.2.0 - sunplus)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.0 - Synaptics Incorporated)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
VGA USB Camera (HKLM-x32\...\{F0B2D11F-E4D9-4C17-A195-B8BADEAE9C40}) (Version: 1.0.0.0 - )
Virtual Families (HKLM-x32\...\WT087414) (Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (HKLM-x32\...\WT087513) (Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (HKLM-x32\...\WT087415) (Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Zuma Deluxe (HKLM-x32\...\WT087533) (Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-16] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-16] (AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-09-18] (Apple Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-16] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-07-28] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-16] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03328AC4-FA30-4E29-A0E1-3813AD8EA9C1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {0DD1DDE7-E755-450A-8E06-1EE52BCB5372} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {20D73432-30FC-4B40-92F5-B0E1A1E41FB4} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-10-13] (Dropbox, Inc.)
Task: {22138BCB-1946-49DD-A802-3DB31C368A41} - System32\Tasks\{1DA6A05B-F074-49C1-B17A-B0DBED9FDB97} => C:\Windows\system32\pcalua.exe -a "C:\Users\John\Downloads\HP UPDATES 9-19-2017\ESSENTIALSYSUPDAT.exe" -d "C:\Users\John\Downloads\HP UPDATES 9-19-2017"
Task: {27B29497-8FC0-4337-86A1-95A5297AC2A7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
Task: {2FEAC092-B646-4980-A8F1-A06E65746157} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-06-30] (Hewlett-Packard Company)
Task: {3D186738-69BE-44D5-BBFA-08679768DAF0} - System32\Tasks\{E4F3FBC4-9FC4-45DD-B096-84FE6FDA0180} => C:\Windows\system32\pcalua.exe -a C:\Users\John\Downloads\SH-Alt-Install.exe -d C:\Users\John\Downloads
Task: {4D92479E-5681-4956-A730-50A21195E0FE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {5FF605DA-E553-48D7-9E3C-66655A1BCDDE} - System32\Tasks\AutoPico Daily Restart => C:\Users\John\Documents\OFFICE [Argument = 2016\MS OFFICE ACTIVATOR\AutoPico.exe /silent]
Task: {757261F4-BDA1-4F76-A190-78B653FBC1BE} - System32\Tasks\{EC7BBFB1-364C-48B1-BD74-0B8F9E710432} => C:\Windows\system32\pcalua.exe -a "C:\Users\John\Downloads\HP UPDATES 9-19-2017\GRAPHICSINTEL.exe" -d "C:\Users\John\Downloads\HP UPDATES 9-19-2017"
Task: {80F1A870-756D-4DBA-BEFF-9A097FF0803F} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2017-12-19] (AVAST Software)
Task: {810CD2CB-A077-4A01-88C2-1B57D7B95D2D} - System32\Tasks\{6FB4F1BD-CBE2-485E-ACF5-52B6AC7D8F14} => C:\Windows\system32\pcalua.exe -a "C:\Users\John\Documents\ADOBE\Adobe Photoshop Lightroom 6.10.1 Final + Crack - Patch - Crackingpatching.com\Adobe Photoshop Lightroom 6.10.1 Final + Crack - Patch - Crackingpatching.com\Lightroom.6.Setup.exe" -d "C:\Users\John\Documents\ADOBE\Adobe Photoshop Lightroom 6.10.1 Final + Crack - Patc (the data entry has 103 more characters).
Task: {82509E04-E602-4B64-A9DA-0DAB957BFCC3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {88B27083-7725-4DAD-898E-F58D726BC132} - System32\Tasks\Opera scheduled Autoupdate 1514678163 => C:\Program Files\Opera\launcher.exe [2017-12-18] (Opera Software)
Task: {96A2AE72-CE63-4EDA-864D-DE13E33BAFA7} - System32\Tasks\{CF82C45D-FD1C-4EAA-AA9C-3AC390DE9BB7} => C:\Windows\system32\pcalua.exe -a "C:\Users\John\Downloads\HP UPDATES 9-19-2017\sp50701.exe" -d "C:\Users\John\Downloads\HP UPDATES 9-19-2017"
Task: {99E0DC4B-2F91-4F3F-BD1E-910969E2C594} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {9B609E6C-A8E8-4A1D-BE45-5F48AA460ABB} - System32\Tasks\{E7E0EE2D-B44A-47EF-9636-867498664768} => C:\Windows\system32\pcalua.exe -a "C:\Users\John\Downloads\HP UPDATES 9-19-2017\sp55461.exe" -d "C:\Users\John\Downloads\HP UPDATES 9-19-2017"
Task: {9C29F496-328E-4058-BE14-5D1822500F8A} - System32\Tasks\{3D5A83F5-1165-4A8B-9DC7-455EF557DCA0} => C:\Windows\system32\pcalua.exe -a "C:\Users\John\Documents\ADOBE\Adobe Photoshop Lightroom 6.10.1 Final + Crack - Patch - Crackingpatching.com\Adobe Photoshop Lightroom 6.10.1 Final + Crack - Patch - Crackingpatching.com\Lightroom.6.Setup.exe" -d "C:\Users\John\Documents\ADOBE\Adobe Photoshop Lightroom 6.10.1 Final + Crack - Patc (the data entry has 103 more characters).
Task: {9FFC08CE-B4A2-4678-9962-E9A036B5D7D7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-06-30] (Hewlett-Packard Company)
Task: {AB2A7AB7-D375-4119-AD93-6839B5B71173} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-10-13] (Dropbox, Inc.)
Task: {ACC6A208-8335-4227-88E9-9697C6807065} - System32\Tasks\IKB2kiPoOqgx => ikb2kipooqgx.exe
Task: {ADA14847-DC52-4DE5-8D7C-11628816E1AB} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {BE08A584-3E45-4FE3-9213-26AFE1887670} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2017-12-06] (AVAST Software)
Task: {C1DF3F36-15FA-4C7B-8424-7145A990879A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-16] (AVAST Software)
Task: {C678D546-4229-45F2-9454-D2561A327CDA} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
Task: {E31E85E4-BC5D-42CF-9C8E-652825482695} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {FE76AC7F-7C4C-4DE9-B100-7143D9ABFB47} - System32\Tasks\{A52B9EAB-FC2D-4414-9633-75BF94F32114} => C:\Windows\system32\pcalua.exe -a "C:\Users\John\Documents\ADOBE\Adobe Photoshop Lightroom 6.10.1 Final + Crack - Patch - Crackingpatching.com\Adobe Photoshop Lightroom 6.10.1 Final + Crack - Patch - Crackingpatching.com\Lightroom.6.Setup.exe" -d "C:\Users\John\Documents\ADOBE\Adobe Photoshop Lightroom 6.10.1 Final + Crack - Patc (the data entry has 103 more characters).
Task: {FFCC0A86-53C6-407C-9754-6120962BE06D} - System32\Tasks\{9B67B890-7F39-4E9E-AF61-A4FCBAB04865} => C:\Windows\system32\pcalua.exe -a "C:\Users\John\Downloads\HP UPDATES 9-19-2017\DIAGNOSTCS.exe" -d "C:\Users\John\Downloads\HP UPDATES 9-19-2017"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2017-10-09 20:04 - 2017-11-09 12:24 - 000020208 _____ () C:\Windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2017-12-26 15:56 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-11-16 19:45 - 2017-11-16 19:45 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-11-16 19:45 - 2017-11-16 19:45 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-16 19:45 - 2017-11-16 19:45 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-16 19:45 - 2017-11-16 19:45 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-16 19:45 - 2017-11-16 19:45 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-12-30 13:43 - 2017-12-30 13:43 - 005767312 _____ () C:\Program Files\AVAST Software\Avast\defs\17123006\algo.dll
2017-11-16 19:45 - 2017-11-16 19:45 - 000710056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-11-16 19:45 - 2017-11-16 19:45 - 000245608 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-09-21 13:23 - 2017-09-21 13:23 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-11-16 19:44 - 2017-11-16 19:44 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-09-20 09:42 - 2017-09-20 09:42 - 000170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\37fc2d150a5569e7ce440b1dd07b7ee9\IsdiInterop.ni.dll
2011-02-15 21:52 - 2010-04-13 12:52 - 000058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2017-07-17 12:30 - 2017-07-17 12:30 - 000863744 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Microsoft:HnZ1095NxpyFXcEkIQcYZ99 [2156]
AlternateDataStreams: C:\ProgramData\Microsoft:mj5LK19TyxT27zmV5HvfqbDgMjRON [1960]
AlternateDataStreams: C:\ProgramData\Microsoft:vdMRiQPYWnBeZhJ8hokZ1I47 [1984]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2017-12-30 13:33 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-142472965-594336474-3460442192-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: DTSRVC => 2
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: HP Wireless Assistant Service => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPWMISVC => 2
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Avast Cleanup Premium.lnk => C:\Windows\pss\Avast Cleanup Premium.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CnxtCoInstallerDefer => C:\Program Files\CONEXANT\PREINSTALL\SETUP59C1B5B81\KESLYN.EXE  -REBOOTED_FROM_NO_ENUM_INSTALL_METHOD=1 -S
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: DT BEN => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -BEN
MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
MSCONFIG\startupreg: FoneLabAppService => C:\Program Files (x86)\Aiseesoft Studio\FoneLab\AppService.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPAdvisorDock => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudPhotos => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
MSCONFIG\startupreg: iCloudServices => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E9B11AF9-86E8-4BC0-9133-1BD843711F9A}] => (Allow) C:\Program Files\Opera\49.0.2725.64\opera.exe
FirewallRules: [{99012B50-C501-4801-9C5D-DB2E9187D4BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A5F237F9-F82F-4251-998C-081C20324773}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

30-12-2017 18:28:23 SYSTEM CLEANED

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (12/31/2017 03:27:11 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error: (12/31/2017 03:26:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SPCA1528 Video Camera Service service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (12/31/2017 03:26:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/31/2017 03:26:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device Service service to connect.

Error: (12/31/2017 03:25:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AdobeUpdateService service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/30/2017 11:10:52 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{12bea3fa-8f20-11e0-9002-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{BB166232-0104-418E-AE45-B4D1A3108A04}

Error: (12/30/2017 10:33:17 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error: (12/30/2017 10:32:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SPCA1528 Video Camera Service service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (12/30/2017 10:32:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AdobeUpdateService service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/30/2017 09:45:12 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU P6100 @ 2.00GHz
Percentage of memory in use: 29%
Total physical RAM: 7989.86 MB
Available physical RAM: 5649.73 MB
Total Virtual: 15977.9 MB
Available Virtual: 13753.97 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:448.42 GB) (Free:232.85 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.05 GB) (Free:2.43 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.26 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1D505CB8)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of Addition.txt ============================

 

Thank you again Sr. Master! 

You are indeed a GURU!  


Edited by CFKBOSTON, 31 December 2017 - 03:48 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users