Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Exploit.Dropper.GSA Virus removed but system files infected?


  • This topic is locked This topic is locked
33 replies to this topic

#1 Turbo_Bob

Turbo_Bob

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 28 February 2018 - 07:17 PM

Exploit.Dropper.GSA virus was found on my father's laptop by Malwarebytes Anti-Rootkit,  It removed the infection and subsequent scans show that the virus is gone.  Ran FRST scanner and looks like some system files are still infected.  Attaching 3 files - MBAR files run after it removed the virus and the FRST logs.
 
Thanks for your help.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.02.2018
Ran by Bob (administrator) on BOB-PC (25-02-2018 17:25:01)
Running from C:\Virus Removal Apps\2 Farbar Recovery Scan Tool
Loaded Profiles: Bob (Available Profiles: Bob)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
( ) C:\Windows\System32\dlbkcoms.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
( ) C:\Windows\System32\lxcfcoms.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.681\SSScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-21] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre1.8.0_77\bin\jusched.exe"
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-07-21] ()
HKLM\...\Run: [LXCFCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCFtime.dll,RunDLLEntry
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [UpdatePRCShortCut] => "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [HPCam_Menu] => "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [FaxCenterServer] => C:\Program Files (x86)\Dell PC Fax\fm3032.exe [312200 2006-11-03] ()
HKLM-x32\...\Run: [Corel File Shell Monitor] => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16712 2009-06-22] ()
HKU\S-1-5-21-2201664741-1172039188-2711802596-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-06-16] (Hewlett-Packard Company)
HKU\S-1-5-21-2201664741-1172039188-2711802596-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\S-1-5-18\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-02-17]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.681\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{48DE3D39-36E2-4B3B-8D3C-E1946CEFEC7B}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{6ECBB10C-9736-4B93-9338-3F55C48DEB82}: [DhcpNameServer] 167.206.112.138 167.206.7.4 4.2.2.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2201664741-1172039188-2711802596-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {A9DB8F31-C852-4A14-8E79-6764BD89638A} URL =
SearchScopes: HKLM -> {F17003B1-1465-4474-A49F-DF2DC2735E6F} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {F17003B1-1465-4474-A49F-DF2DC2735E6F} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {A9DB8F31-C852-4A14-8E79-6764BD89638A} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {F17003B1-1465-4474-A49F-DF2DC2735E6F} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2201664741-1172039188-2711802596-1000 -> {369D2D86-2AD7-4D7C-B6B0-70C687E413B4} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US739D20160310&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2201664741-1172039188-2711802596-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-2201664741-1172039188-2711802596-1000 -> {6F7A9C0F-4FA5-4FCA-995B-8C6A85E8045B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-2201664741-1172039188-2711802596-1000 -> {A9DB8F31-C852-4A14-8E79-6764BD89638A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-06-30] (Hewlett-Packard Co.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: hpBHO Class -> {ABD3B5E1-B268-407B-A150-2641DAB8D898} -> C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll [2009-06-08] (AOL Products)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-06-30] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKLM-x32 - TotalRecipeSearch - {a0154e07-2b48-475c-a82a-80efd84ea33e} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-2201664741-1172039188-2711802596-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2017-12-07]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-08-16] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2201664741-1172039188-2711802596-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Bob\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-06] (Citrix Online)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C210US739D20170809&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default [2018-02-25]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-11-29]
CHR Extension: (Skype) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-28]
CHR Extension: (Chrome Media Router) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-24]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2015-10-29] (Microsoft Corporation) [File not signed]
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [89600 2010-06-21] (Andrea Electronics Corporation) [File not signed]
S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [34816 2017-12-31] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2017-12-31] (Microsoft Corporation) [File not signed]
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [680448 2016-06-14] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\Windows\System32\Audiosrv.dll [680448 2016-06-14] (Microsoft Corporation) [File not signed]
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-20] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-13] (Microsoft Corporation) [File not signed]
R2 BFE; C:\Windows\System32\bfe.dll [705024 2017-12-31] (Microsoft Corporation) [File not signed]
R3 BITS; C:\Windows\System32\qmgr.dll [849920 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Browser; C:\Windows\System32\browser.dll [136704 2012-07-04] (Microsoft Corporation) [File not signed]
S3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation) [File not signed]
S3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [190976 2017-04-12] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\SysWOW64\cryptsvc.dll [145920 2017-04-12] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [512000 2017-12-31] (Microsoft Corporation) [File not signed]
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [317952 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1386496 2016-08-22] (Microsoft Corporation) [File not signed]
R2 dlbk_device; C:\Windows\system32\dlbkcoms.exe [567024 2007-06-25] ( )
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2011-03-03] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DPS; C:\Windows\system32\dps.dll [162816 2010-11-20] (Microsoft Corporation) [File not signed]
R3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation) [File not signed]
S3 EFS; C:\Windows\System32\lsass.exe [30720 2017-12-31] (Microsoft Corporation) [File not signed]
S2 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-20] (Microsoft Corporation) [File not signed]
S2 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-13] (Microsoft Corporation) [File not signed]
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2010-11-20] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-13] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\SysWOW64\es.dll [271360 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-20] (Microsoft Corporation) [File not signed]
R3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-13] (Microsoft Corporation) [File not signed]
R2 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-13] (Microsoft Corporation) [File not signed]
R2 FontCache; C:\Windows\system32\FntCache.dll [1180160 2017-05-12] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\Windows\System32\gpsvc.dll [794624 2016-05-12] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\system32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2009-07-13] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-20] (Microsoft Corporation) [File not signed]
R2 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448 2010-11-20] (Microsoft Corporation) [File not signed]
R2 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation) [File not signed]
R2 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [165376 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [116224 2017-12-29] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [863232 2017-12-31] (Microsoft Corporation) [File not signed]
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-13] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\Windows\system32\lsass.exe [30720 2017-12-31] (Microsoft Corporation) [File not signed]
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-13] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\Windows\System32\srvsvc.dll [236032 2010-11-20] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-20] (Microsoft Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-06-16] (Hewlett-Packard Company) [File not signed]
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-13] (Microsoft Corporation) [File not signed]
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation) [File not signed]
R2 lxcf_device; C:\Windows\system32\lxcfcoms.exe [566192 2007-02-23] ( )
R2 lxcf_device; C:\Windows\SysWOW64\lxcfcoms.exe [537520 2007-02-23] ( )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [604312 2018-01-19] (McAfee, Inc.)
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [84992 2010-11-20] (Microsoft Corporation) [File not signed]
R2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [828928 2017-12-31] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-13] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\System32\msiexec.exe [128512 2016-11-09] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2016-11-09] (Microsoft Corporation) [File not signed]
S2 MSSQL$VECTORVEST; C:\Program Files (x86)\Microsoft SQL Server\MSSQL$VECTORVEST\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]
S3 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [30720 2017-12-31] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-13] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\SysWOW64\netprofm.dll [360448 2009-07-13] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [303104 2017-12-31] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [26112 2017-08-11] (Microsoft Corporation) [File not signed]
R3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2017-12-31] (Microsoft Corporation) [File not signed]
R3 p2psvc; C:\Windows\system32\p2psvc.dll [439296 2017-12-31] (Microsoft Corporation) [File not signed]
R2 PcaSvc; C:\Windows\System32\pcasvc.dll [187904 2016-06-14] (Microsoft Corporation) [File not signed]
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\system32\pla.dll [1389056 2017-03-10] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\SysWOW64\pla.dll [1508352 2017-03-10] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [404480 2011-05-24] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-13] (Microsoft Corporation) [File not signed]
R3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2017-12-31] (Microsoft Corporation) [File not signed]
S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [502272 2016-05-12] (Microsoft Corporation) [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-13] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [210432 2014-12-18] (Microsoft Corporation) [File not signed]
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [30720 2017-12-31] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-13] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\SysWOW64\qwave.dll [210944 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2017-11-02] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [75264 2017-11-02] (Microsoft Corporation) [File not signed]
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [512000 2017-12-31] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\Windows\system32\lsass.exe [30720 2017-12-31] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\Windows\system32\schedsvc.dll [1110528 2017-12-31] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]
R3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-20] (Microsoft Corporation) [File not signed]
S3 seclogon; C:\Windows\system32\seclogon.dll [30720 2016-02-09] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\system32\sens.dll [64512 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [113664 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-13] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [559616 2017-12-31] (Microsoft Corporation) [File not signed]
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SQLAgent$VECTORVEST; C:\Program Files (x86)\Microsoft SQL Server\MSSQL$VECTORVEST\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe [247808 2010-06-21] (IDT, Inc.) [File not signed]
R2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-20] (Microsoft Corporation) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\Windows\system32\sysmain.dll [1741312 2017-12-31] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation) [File not signed]
R2 TermService; C:\Windows\System32\termsrv.dll [683520 2014-10-13] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-13] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-13] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\Windows\SysWOW64\upnphost.dll [266752 2009-07-13] (Microsoft Corporation) [File not signed]
R2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-13] (Microsoft Corporation) [File not signed]
S3 VaultSvc; C:\Windows\system32\lsass.exe [30720 2017-12-31] (Microsoft Corporation) [File not signed]
S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation) [File not signed]
S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation) [File not signed]
S2 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\Windows\system32\wbengine.exe [1504256 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation) [File not signed]
R3 wcncsvc; C:\Windows\System32\wcncsvc.dll [366592 2017-12-31] (Microsoft Corporation) [File not signed]
R3 wcncsvc; C:\Windows\SysWOW64\wcncsvc.dll [276992 2017-12-31] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2017-12-05] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [32768 2017-12-05] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [91136 2015-01-08] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [76800 2015-01-08] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [91136 2015-01-08] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [76800 2015-01-08] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\System32\webclnt.dll [263680 2016-09-08] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\SysWOW64\webclnt.dll [208896 2016-09-08] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-13] (Microsoft Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) [File not signed]
S3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [444928 2017-12-31] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2023424 2016-08-06] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [1178112 2016-08-06] (Microsoft Corporation) [File not signed]
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [886272 2017-09-13] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation) [File not signed]
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [117248 2010-11-20] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\Windows\System32\wscsvc.dll [97280 2009-07-13] (Microsoft Corporation) [File not signed]
S2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2017-10-11] (Microsoft Corporation) [File not signed]
S2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2017-10-11] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\Windows\system32\wuaueng.dll [2651136 2017-05-10] (Microsoft Corporation) [File not signed]
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-25] (Microsoft Corporation) [File not signed]
R2 WwanSvc; C:\Windows\System32\wwansvc.dll [228864 2014-01-27] (Microsoft Corporation) [File not signed]
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [229888 2010-11-20] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-20] (Microsoft Corporation) [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [496128 2017-04-04] (Microsoft Corporation) [File not signed]
S3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1146880 2009-06-10] (LSI Corp) [File not signed]
S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [64512 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [60928 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [62464 2017-12-31] (Microsoft Corporation) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) [File not signed] <==== ATTENTION (no ServiceDLL)
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-13] (Microsoft Corporation) [File not signed]
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation) [File not signed]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation) [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-13] (Microsoft Corporation) [File not signed]
R1 blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [45056 2009-07-13] (Microsoft Corporation) [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90112 2016-10-05] (Microsoft Corporation) [File not signed]
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [72192 2009-07-13] (Microsoft Corporation) [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\Windows\system32\drivers\cdrom.sys [147456 2010-11-20] (Microsoft Corporation) [File not signed]
R3 circlass; C:\Windows\System32\DRIVERS\circlass.sys [45568 2009-07-13] (Microsoft Corporation) [File not signed]
R3 CmBatt; C:\Windows\system32\DRIVERS\CmBatt.sys [17664 2009-07-13] (Microsoft Corporation) [File not signed]
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [38912 2010-11-20] (Microsoft Corporation) [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [106496 2017-12-31] (Microsoft Corporation) [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2015-12-08] (Microsoft Corporation) [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) [File not signed]
R3 enecir; C:\Windows\System32\DRIVERS\enecir.sys [70656 2009-06-29] (ENE TECHNOLOGY INC.) [File not signed]
R1 epp; C:\EEK\bin64\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-13] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2018-02-24] ()
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195584 2017-03-10] (Microsoft Corporation) [File not signed]
R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [205312 2017-03-10] (Microsoft Corporation) [File not signed]
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-13] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.) [File not signed]
S3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [350208 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [122368 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-13] (Microsoft Corporation) [File not signed]
R3 HidIr; C:\Windows\System32\DRIVERS\hidir.sys [46592 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] (Microsoft Corporation) [File not signed]
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2018-02-21] ()
R3 HpqKbFiltr; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [18432 2009-04-29] (Hewlett-Packard Development Company, L.P.) [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [754176 2017-12-31] (Microsoft Corporation) [File not signed]
R3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-13] (Microsoft Corporation) [File not signed]
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [6108416 2009-06-10] (Intel Corporation) [File not signed]
S3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [151040 2010-11-08] (Intel Corporation) [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
R3 JMCR; C:\Windows\System32\DRIVERS\jmcr.sys [140712 2009-07-20] (JMicron Technology Corporation) [File not signed]
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] (Microsoft Corporation) [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation) [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-13] (Microsoft Corporation) [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2017-10-11] (Microsoft Corporation) [File not signed]
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-02-25] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2018-02-25] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-02-25] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-25] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2018-02-25] (Malwarebytes)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-13] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-13] (Microsoft Corporation) [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2017-12-31] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [142336 2016-09-08] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [159744 2017-12-31] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [291328 2017-12-31] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [129536 2017-12-31] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [324608 2017-09-13] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2017-12-31] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [58368 2017-12-31] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [45056 2017-12-31] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [262656 2017-08-11] (Microsoft Corporation) [File not signed]
S3 NETw5s64; C:\Windows\System32\DRIVERS\NETw5s64.sys [7680512 2010-06-21] (Intel Corporation) [File not signed]
S3 netw5v64; C:\Windows\System32\DRIVERS\netw5v64.sys [5435904 2009-07-23] (Intel Corporation) [File not signed]
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwNs64.sys [7821312 2011-01-18] (Intel Corporation) [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-13] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [26112 2017-08-11] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-13] (Microsoft Corporation) [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [663552 2016-06-14] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2017-12-31] (Microsoft Corporation) [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] (Microsoft Corporation) [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [317440 2017-10-11] (Microsoft Corporation) [File not signed]
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [24064 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [212480 2014-07-16] (Microsoft Corporation) [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [291328 2010-03-03] (Realtek ) [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sdbus; C:\Windows\system32\drivers\sdbus.sys [109056 2010-11-20] (Microsoft Corporation) [File not signed]
S4 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-13] (Microsoft Corporation) [File not signed]
S1 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-13] (Microsoft Corporation) [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [460288 2017-12-31] (Microsoft Corporation) [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [406016 2017-12-31] (Microsoft Corporation) [File not signed]
S3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL6.SYS [292864 2009-06-10] (Conexant Systems, Inc.) [File not signed]
S3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.) [File not signed]
S3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT6.SYS [740864 2009-06-10] (Conexant Systems, Inc.) [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2017-12-31] (Microsoft Corporation) [File not signed]
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [505344 2010-06-21] (IDT, Inc.) [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [46080 2016-07-07] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-16] (Microsoft Corporation) [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [117248 2017-07-29] (Microsoft Corporation) [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [40448 2017-08-13] (Microsoft Corporation) [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-20] (Microsoft Corporation) [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] (Microsoft Corporation) [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] (Microsoft Corporation) [File not signed]
R3 umbus; C:\Windows\system32\drivers\umbus.sys [48640 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-13] (Microsoft Corporation) [File not signed]
S3 usbaudio; C:\Windows\system32\drivers\usbaudio.sys [109824 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\Windows\system32\drivers\usbccgp.sys [99840 2017-10-17] (Microsoft Corporation) [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [56320 2017-10-17] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\system32\drivers\usbhub.sys [344064 2017-10-17] (Microsoft Corporation) [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2017-10-17] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\Windows\system32\drivers\usbscan.sys [42496 2013-07-02] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\Windows\system32\drivers\USBSTOR.SYS [91648 2016-02-03] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2017-10-17] (Microsoft Corporation) [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation) [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation) [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2017-12-31] (Microsoft Corporation) [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2017-12-31] (Microsoft Corporation) [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-13] (Microsoft Corporation) [File not signed]
R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation) [File not signed]
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [389120 2009-06-10] (Marvell) [File not signed]
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2018-02-23] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2018-02-23] (Zemana Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-25 15:20 - 2018-02-25 15:20 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-02-25 15:02 - 2018-02-25 15:06 - 000000276 _____ C:\Users\Bob\Downloads\FSS.txt
2018-02-25 14:05 - 2018-02-25 14:05 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\44667119.sys
2018-02-25 13:55 - 2018-02-25 15:18 - 000000000 ____D C:\Windows\pss
2018-02-25 12:22 - 2018-02-25 12:22 - 030659457 _____ C:\Users\Bob\Downloads\Windows6.1-KB3172605-x64.msu
2018-02-25 12:21 - 2018-02-25 12:21 - 009575735 _____ C:\Users\Bob\Downloads\Windows6.1-KB3020369-x64 (2).msu
2018-02-25 12:08 - 2018-02-25 12:08 - 009575735 _____ C:\Users\Bob\Downloads\Windows6.1-KB3020369-x64 (1).msu
2018-02-25 11:57 - 2018-02-25 11:57 - 001250816 _____ C:\Users\Bob\Downloads\MicrosoftEasyFix50202.msi
2018-02-25 11:53 - 2018-02-25 15:27 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-02-25 11:53 - 2018-02-25 15:20 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-02-25 11:53 - 2018-02-25 15:20 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-02-25 11:53 - 2018-02-25 11:53 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-02-25 11:46 - 2018-02-25 11:47 - 000003305 _____ C:\Users\Bob\Downloads\Reset_Reregister_Windows_Update_Components.bat
2018-02-25 11:19 - 2018-02-25 11:22 - 000000000 ____D C:\Windows\system32\catroot2.bak
2018-02-25 11:06 - 2018-02-25 11:06 - 000313366 _____ C:\Users\Bob\Downloads\WindowsUpdate.diagcab
2018-02-24 18:37 - 2018-02-24 18:37 - 000000000 ____D C:\ProgramData\MB3Migration
2018-02-24 18:37 - 2018-02-24 18:37 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2018-02-24 18:28 - 2018-02-24 20:20 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-02-24 18:28 - 2018-02-24 18:28 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-24 18:28 - 2018-02-24 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-24 17:57 - 2018-02-24 17:57 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\11216207.sys
2018-02-24 16:10 - 2018-02-24 16:10 - 000313366 _____ C:\Users\Bob\Downloads\WindowsUpdateDiagnostic (1).diagcab
2018-02-24 15:15 - 2018-02-24 15:15 - 009575735 _____ C:\Users\Bob\Downloads\Windows6.1-KB3020369-x64.msu
2018-02-24 15:15 - 2018-02-24 15:15 - 003319424 _____ C:\Users\Bob\Downloads\Windows6.1-KB3138612-x64.msu
2018-02-24 14:52 - 2018-02-24 14:52 - 011313360 _____ (Microsoft Corporation) C:\Users\Bob\Downloads\windowsupdateagent-7.6-x64.exe
2018-02-24 14:47 - 2018-02-24 14:47 - 000313366 _____ C:\Users\Bob\Downloads\WindowsUpdateDiagnostic.diagcab
2018-02-24 11:57 - 2018-02-24 11:57 - 000231760 _____ C:\Users\Bob\Downloads\CrucialScan (2).exe
2018-02-24 11:52 - 2018-02-24 11:57 - 000000000 ____D C:\ProgramData\UCheck
2018-02-24 11:52 - 2018-02-24 11:52 - 000000796 _____ C:\Users\Public\Desktop\UCheck.lnk
2018-02-24 11:52 - 2018-02-24 11:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UCheck
2018-02-24 11:52 - 2018-02-24 11:52 - 000000000 ____D C:\Program Files\UCheck
2018-02-24 11:49 - 2018-02-24 11:49 - 000231760 _____ C:\Users\Bob\Downloads\CrucialScan (1).exe
2018-02-24 11:48 - 2018-02-24 11:48 - 000231760 _____ C:\Users\Bob\Downloads\CrucialScan.exe
2018-02-24 10:53 - 2018-02-24 10:54 - 021003576 _____ (Adlice Software ) C:\Users\Bob\Downloads\UCheck_setup.exe
2018-02-23 22:32 - 2018-02-23 22:32 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\2531677B.sys
2018-02-23 20:09 - 2018-02-23 20:09 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\464DDE29.sys
2018-02-23 18:13 - 2018-02-23 23:17 - 000000000 ____D C:\AdwCleaner
2018-02-23 17:42 - 2018-02-23 17:42 - 000000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-02-23 17:42 - 2018-02-23 17:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-02-23 17:42 - 2018-02-23 17:42 - 000000000 ____D C:\Program Files\RogueKiller
2018-02-23 17:18 - 2018-02-23 17:18 - 000000270 _____ C:\Windows\Tasks\McAfeeLogon.job
2018-02-23 09:39 - 2018-02-25 17:25 - 000050502 _____ C:\Windows\ZAM.krnl.trace
2018-02-23 09:39 - 2018-02-25 17:25 - 000021193 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-02-23 09:39 - 2018-02-23 09:39 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2018-02-23 09:38 - 2018-02-23 09:39 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-02-23 09:38 - 2018-02-23 09:38 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2018-02-23 09:38 - 2018-02-23 09:38 - 000001152 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-02-23 09:38 - 2018-02-23 09:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-02-23 09:33 - 2018-02-23 09:33 - 000000000 ____D C:\Users\Bob\AppData\Local\Zemana
2018-02-23 09:26 - 2018-02-25 17:25 - 000000000 ____D C:\FRST
2018-02-23 08:58 - 2018-02-24 17:05 - 000672170 _____ C:\Users\Bob\Desktop\Rkill.txt
2018-02-23 08:54 - 2018-02-23 08:56 - 000000000 ____D C:\Virus Removal Apps
2018-02-21 11:52 - 2018-02-21 03:55 - 134479872 _____ C:\Windows\system32\config\software.mybak
2018-02-21 11:52 - 2018-02-21 00:50 - 034603008 _____ C:\Windows\system32\config\system.mybak
2018-02-21 11:51 - 2018-02-18 13:13 - 000262144 _____ C:\Windows\system32\config\security.mybak
2018-02-21 11:51 - 2018-02-18 13:07 - 001572864 _____ C:\Windows\system32\config\default.mybak
2018-02-21 11:51 - 2018-02-18 12:57 - 000262144 _____ C:\Windows\system32\config\sam.mybak
2018-02-21 09:30 - 2018-02-21 09:30 - 000063114 _____ C:\Users\Bob\Documents\bookmark.htm
2018-02-18 13:06 - 2018-02-21 17:54 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2018-02-18 13:06 - 2018-02-21 17:53 - 000001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2018-02-18 13:06 - 2018-02-18 13:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-02-18 13:06 - 2018-02-18 13:06 - 000000000 ____D C:\Program Files\HitmanPro
2018-02-18 13:02 - 2018-02-18 13:04 - 011605440 _____ (SurfRight B.V.) C:\Users\Bob\Downloads\HitmanPro_x64.exe
2018-02-18 13:00 - 2018-02-18 13:06 - 000000000 ____D C:\ProgramData\HitmanPro
2018-02-18 12:59 - 2018-02-23 18:13 - 000000000 ____D C:\EEK
2018-02-18 12:51 - 2018-02-18 12:53 - 000217822 _____ C:\TDSSKiller.3.1.0.16_18.02.2018_12.51.45_log.txt
2018-02-18 12:49 - 2018-02-18 12:49 - 004853348 _____ C:\Users\Bob\Downloads\tdsskiller.zip
2018-02-18 12:48 - 2018-02-18 12:51 - 000005460 _____ C:\TDSSKiller.3.1.0.9_18.02.2018_12.48.11_log.txt
2018-02-18 12:44 - 2018-02-18 12:55 - 000000000 ___SD C:\32788R22FWJFW
2018-02-18 12:04 - 2018-02-24 11:40 - 000000000 ____D C:\ProgramData\RogueKiller
2018-02-18 12:04 - 2018-02-24 10:00 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-02-18 11:31 - 2018-02-25 15:01 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-02-18 11:30 - 2018-02-25 15:01 - 000000000 ____D C:\Users\Bob\Desktop\mbar
2018-02-18 08:54 - 2018-02-18 08:54 - 000250099 _____ C:\Users\Bob\Desktop\Malwarebytes Scan 2.txt
2018-02-18 08:41 - 2018-02-18 08:41 - 000250095 _____ C:\Users\Bob\Desktop\Malwarebytes Scan.txt
2018-02-17 22:16 - 2018-02-17 22:16 - 000003220 _____ C:\Windows\System32\Tasks\{94FDAC02-2902-44BE-857B-F9B940C39005}
2018-02-17 21:56 - 2018-02-17 21:56 - 000001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2018-02-17 21:56 - 2018-02-17 21:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2018-02-17 21:50 - 2018-02-17 21:51 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2018-02-17 21:12 - 2018-02-17 21:12 - 000000207 _____ C:\Windows\tweaking.com-regbackup-BOB-PC-Windows-7-Home-Premium-(64-bit).dat
2018-02-17 21:09 - 2018-02-17 21:09 - 000000000 ____D C:\RegBackup
2018-02-17 16:25 - 2018-02-17 16:25 - 000003646 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2018-02-17 16:25 - 2018-02-17 16:25 - 000002163 _____ C:\Users\Bob\Desktop\Tweaking.com - Windows Repair.lnk
2018-02-17 16:25 - 2018-02-17 16:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-02-17 16:24 - 2018-02-17 16:25 - 000194320 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2018-02-17 16:24 - 2018-02-17 16:24 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-02-17 16:17 - 2018-02-17 16:17 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-17 16:16 - 2018-02-17 16:17 - 038149352 _____ (Tweaking.com) C:\Users\Bob\Downloads\tweaking.com_windows_repair_aio_setup.exe
2018-02-17 16:15 - 2018-02-17 16:15 - 083316440 _____ (Malwarebytes ) C:\Users\Bob\Downloads\mb3-setup-1878.1878-3.3.1.2183.exe
2018-02-13 11:07 - 2018-02-16 06:57 - 000000000 ____D C:\Users\Bob\AppData\Local\Enjeztu
2018-02-13 10:20 - 2018-02-18 09:02 - 000000000 ____D C:\Users\Bob\AppData\Local\Hofyjos

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-25 16:30 - 2015-06-10 20:30 - 000000602 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2201664741-1172039188-2711802596-1000.job
2018-02-25 15:28 - 2009-07-13 23:45 - 000026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-25 15:28 - 2009-07-13 23:45 - 000026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-25 15:19 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-25 12:28 - 2009-07-14 00:08 - 000032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-02-24 18:28 - 2012-10-06 11:30 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-24 17:10 - 2009-12-11 19:33 - 000000000 ____D C:\Users\Bob
2018-02-24 14:48 - 2010-01-19 21:19 - 000000000 ____D C:\Users\Bob\AppData\Local\ElevatedDiagnostics
2018-02-24 13:09 - 2009-07-13 23:45 - 000476856 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-24 12:39 - 2009-07-13 21:34 - 000000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_535
2018-02-24 12:26 - 2009-12-11 19:40 - 000138272 _____ C:\Users\Bob\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-24 11:56 - 2012-02-16 16:30 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-24 11:56 - 2012-02-16 16:30 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-24 11:42 - 2009-08-16 20:25 - 000000000 ____D C:\Program Files (x86)\Java
2018-02-24 09:58 - 2009-07-14 00:13 - 000830998 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-24 09:58 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-02-24 09:45 - 2011-09-01 10:56 - 000000000 ____D C:\ProgramData\McAfee
2018-02-24 05:02 - 2016-09-04 22:15 - 000000000 ____D C:\Users\Bob\Documents\EACMA Clubs
2018-02-24 05:02 - 2016-02-10 11:13 - 000000000 ____D C:\Users\Bob\Documents\Misc
2018-02-24 05:02 - 2012-12-06 23:17 - 000000000 ____D C:\Users\Bob\Documents\EACMA
2018-02-24 05:02 - 2010-02-06 14:31 - 000000000 ____D C:\Users\Bob\Documents\Med Info
2018-02-24 05:02 - 2010-02-06 11:44 - 000000000 ____D C:\Users\Bob\Documents\Prostate info
2018-02-24 05:02 - 2010-01-01 21:43 - 000000000 ____D C:\Users\Bob\Documents\Investing Info
2018-02-24 05:02 - 2009-12-18 12:52 - 000000000 ____D C:\Users\Bob\Documents\Hollosy
2018-02-24 05:02 - 2009-12-12 06:56 - 000000000 ___RD C:\Users\Bob\Documents\My Stationery
2018-02-24 05:01 - 2009-07-13 21:34 - 000000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_337
2018-02-24 04:58 - 2009-07-13 21:34 - 000000514 _____ C:\Windows\win.ini
2018-02-24 03:42 - 2009-12-16 22:45 - 000830998 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-02-24 02:07 - 2017-07-09 12:32 - 000000000 ____D C:\Program Files (x86)\GoToMeeting
2018-02-24 02:07 - 2015-06-10 20:30 - 000003624 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2201664741-1172039188-2711802596-1000
2018-02-24 02:07 - 2014-02-20 17:23 - 000003528 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2201664741-1172039188-2711802596-1000
2018-02-24 02:07 - 2014-02-20 17:23 - 000000506 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2201664741-1172039188-2711802596-1000.job
2018-02-23 21:41 - 2017-11-07 08:28 - 000000324 _____ C:\Windows\Tasks\HPCeeScheduleForBob.job
2018-02-23 19:51 - 2017-11-07 08:28 - 000003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBob
2018-02-23 19:45 - 2016-04-02 09:03 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-23 18:17 - 2017-08-09 10:20 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-02-23 18:17 - 2016-03-10 10:12 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-02-23 18:16 - 2016-04-16 14:13 - 000000000 ____D C:\Program Files (x86)\Yahoo!
2018-02-23 18:16 - 2010-12-09 10:11 - 006401512 _____ C:\Windows\ntbtlog.txt
2018-02-23 17:19 - 2016-03-10 10:14 - 000000000 ____D C:\Windows\System32\Tasks\McAfee
2018-02-18 12:49 - 2012-10-05 19:28 - 000000000 ____D C:\Qoobox
2018-02-18 11:30 - 2012-01-27 10:22 - 000000000 ____D C:\Users\Bob\Desktop\DCIM
2018-02-17 21:56 - 2009-07-13 21:34 - 000000118 _____ C:\Windows\system32\Drivers\etc\hosts_bak_539
2018-02-17 21:53 - 2015-11-17 11:04 - 000000000 ____D C:\Program Files\McAfee Security Scan
2018-02-17 15:55 - 2009-12-30 12:05 - 000000000 ____D C:\Windows\Minidump
2018-02-17 11:59 - 2009-12-14 08:36 - 000000000 ____D C:\Users\Bob\My Finance & Investment Info
2018-02-15 21:06 - 2015-06-25 08:07 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-14 09:45 - 2010-05-17 09:10 - 000000000 ____D C:\Program Files\Lx_cats
2018-02-12 15:51 - 2015-08-11 10:34 - 000003214 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBOB-PC$
2018-02-12 15:51 - 2015-08-11 10:34 - 000000338 _____ C:\Windows\Tasks\HPCeeScheduleForBOB-PC$.job
2018-02-12 07:16 - 2012-04-03 08:38 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-12 07:16 - 2012-04-03 08:38 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-02-12 07:16 - 2011-05-18 15:09 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-12 07:13 - 2012-02-16 16:30 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-12 07:11 - 2009-08-16 18:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-01-29 16:55 - 2017-08-09 10:23 - 000003312 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2018-01-29 16:08 - 2017-08-09 10:25 - 000003068 _____ C:\Windows\System32\Tasks\McAfeeLogon

==================== Files in the root of some directories =======

2011-01-25 10:24 - 2011-06-17 22:50 - 000001854 _____ () C:\Users\Bob\AppData\Roaming\GhostObjGAFix.xml
2009-12-11 19:42 - 2009-12-11 19:42 - 000000000 _____ () C:\Users\Bob\AppData\Local\AtStart.txt
2013-07-02 12:33 - 2016-05-25 13:08 - 000014848 _____ () C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-11 19:42 - 2009-12-11 19:42 - 000000000 _____ () C:\Users\Bob\AppData\Local\DSwitch.txt
2009-12-11 19:42 - 2009-12-11 19:42 - 000000000 _____ () C:\Users\Bob\AppData\Local\QSwitch.txt
2012-05-30 15:56 - 2012-05-30 15:56 - 001313342 _____ () C:\Users\Bob\AppData\Local\tmpCIMG0275.0
2012-05-30 15:56 - 2012-05-30 15:56 - 000562485 _____ () C:\Users\Bob\AppData\Local\tmpCIMG0275.JPG
2010-11-24 20:49 - 2011-08-01 22:42 - 000025428 _____ () C:\Users\Bob\AppData\Local\tmpPHOTO.0
2011-08-01 22:42 - 2011-08-01 22:42 - 000010634 _____ () C:\Users\Bob\AppData\Local\tmpPHOTO.JPG

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe
[2018-01-08 19:22] - [2017-12-31 20:50] - 000455680 _____ (Microsoft Corporation) 11D6A262B617130F7C16E308C12E0D41

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2018-01-08 19:22] - [2017-12-31 21:18] - 000512000 _____ (Microsoft Corporation) BA6C9EE518A11DA4AD061B223EBED3D3

C:\Windows\system32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-17 18:54

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.02.2018
Ran by Bob (25-02-2018 17:25:55)
Running from C:\Virus Removal Apps\2 Farbar Recovery Scan Tool
Windows 7 Home Premium Service Pack 1 (X64) (2009-12-12 00:33:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2201664741-1172039188-2711802596-500 - Administrator - Disabled)
Bob (S-1-5-21-2201664741-1172039188-2711802596-1000 - Administrator - Enabled) => C:\Users\Bob
Guest (S-1-5-21-2201664741-1172039188-2711802596-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2201664741-1172039188-2711802596-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}) (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Contacts Recovery for Windows Live Mail v.1.0.0 (HKLM-x32\...\Contacts Recovery for Windows Live Mail_is1) (Version: - EmailAdept.com)
Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0001 - Corel Corporation)
Corel VideoStudio 12 (HKLM-x32\...\InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}) (Version: 12.0.0.0000 - Corel Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
Fax Solutions (HKLM\...\Dell Fax Solutions) (Version: - Dell, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToMeeting 8.21.0.8404 (HKU\S-1-5-21-2201664741-1172039188-2711802596-1000\...\GoToMeeting) (Version: 8.21.0.8404 - LogMeIn, Inc.)
Hewlett-Packard ACLM.NET v1.2.1.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.292 - SurfRight B.V.)
Homepage Protection (HKLM-x32\...\Homepage Protection) (Version: - AOL Products)
HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.0.1916 - Hewlett-Packard)
HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.0.1924 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart SlingPlayer (HKLM-x32\...\{90F6051D-A69F-4159-9203-7E20430E1056}) (Version: 2.1.1.60 - Sling Media, Inc.)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.0.30.1 - Hewlett-Packard)
HP MediaSmart Software Notebook Demo (HKLM-x32\...\{82A213BD-B6AA-4281-A2D3-59D51893CC56}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1913 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.3.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0153 (HKLM-x32\...\{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{4E432692-A736-4F77-AF77-F9078CF88D31}) (Version: 3.50.11.2 - Hewlett-Packard)
HTML Executable IERuntime (HKLM-x32\...\HTMLExecutableIERuntimeSetup44) (Version: 3.2.2.2 - G.D.G. Software)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6276.0 - IDT)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.00.1030 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
ItalianNow! (HKLM-x32\...\ItalianNow!) (Version: - )
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
Junk Mail filter update (HKLM-x32\...\{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
Lexmark 730 Series (HKLM\...\Lexmark 730 Series) (Version: - Lexmark International, Inc.)
LightScribe System Software (HKLM-x32\...\{07E49BC1-24FF-4D7A-AC74-727BE95801AF}) (Version: 1.18.16.1 - LightScribe)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.599.11 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.163 - McAfee, Inc.)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
Microsoft Office Outlook Connector (HKLM-x32\...\{95120000-0122-0409-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerRecover (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.1923 - CyberLink Corp.) Hidden
QLBCASL (HKLM-x32\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
RogueKiller version 12.12.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.5.0 - Adlice Software)
Rosetta Stone 2.2.0.0A (HKLM-x32\...\{6ABA3523-4F11-4787-8839-C249BBF0B8D1}) (Version: 2.2.0.0 - Rosetta Stone) Hidden
Rosetta Stone 2.2.0.0A (HKLM-x32\...\InstallShield_{6ABA3523-4F11-4787-8839-C249BBF0B8D1}) (Version: 2.2.0.0 - Rosetta Stone)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
SlingBoxWatchYourTVAnyWhere (HKLM-x32\...\{4313E16C-811B-469F-8815-6EB98085F8B2}) (Version: 2.1.1.58 - Sling Media)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.13 - Tweaking.com)
UCheck version 2.3.2.0 (HKLM\...\C4E7EE54-826F-41C4-BE3C-375CC70DC1D8_is1) (Version: 2.3.2.0 - Adlice Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VectorVest 7 (HKLM-x32\...\{04996b42-3644-41a7-8d57-0a93d811cdd6}) (Version: 1.33.39.0 - VectorVest, Inc.)
VectorVest Data Files (HKLM-x32\...\{E1BA5475-4C53-4D19-8775-FCD34D414E6C}) (Version: 1.00.0000 - VectorVest Inc) Hidden
VectorVest ProGraphics 6.0 (HKLM-x32\...\{85B29DC2-1C85-4CC1-84C8-F4A43E0FCEE3}) (Version: 7.0.8 - VectorVest Inc.)
VectorVest ProTrader 6.0 (HKLM-x32\...\{466F1245-8A13-40D6-8E41-6C463D94E179}) (Version: 1.00.0000 - VectorVest Inc.)
VectorVest U.S. (HKLM-x32\...\{0759B594-927E-41AB-8E7C-0924A5ACFC98}) (Version: 1.4.5 - VectorVest, Inc.)
VideoStudio (HKLM-x32\...\{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}) (Version: 12.0.0.0000 - Corel Corporation) Hidden
WebEx (HKU\S-1-5-21-2201664741-1172039188-2711802596-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2201664741-1172039188-2711802596-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\7107\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
ContextMenuHandlers2-x32: [Ulead UDF Driver] -> {DBD8E168-244D-448C-9922-25508950D1DC} => C:\Program Files (x86)\Common Files\Ulead Systems\DVD\USIShex.dll [2008-06-09] (Ulead Systems, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2009-07-23] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1377B0A0-AC7A-45AE-BB85-DA0A5602BFA2} - System32\Tasks\McAfeeLogon => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
Task: {1599E634-DD14-4A47-9798-995431E6AD71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {25376C84-F150-4833-8B54-407C898951F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {29689AD1-208C-4A21-A33F-94F7151ACF8D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2F79E28D-0B3C-4366-9575-F1C25331D8B9} - System32\Tasks\G2MUpdateTask-S-1-5-21-2201664741-1172039188-2711802596-1000 => C:\Program Files (x86)\GoToMeeting\8404\g2mupdate.exe [2018-02-24] (LogMeIn, Inc.)
Task: {302804A1-1252-495B-8F5A-32A557F61144} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-01-30] (HP Inc.)
Task: {30CFEBCD-3121-4482-B86E-5B4CA184721C} - System32\Tasks\HPCeeScheduleForBob => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {3B4E1323-1249-4441-B7E1-29DA37C55097} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe
Task: {3FE44761-F766-4911-ABCD-7467FD25ABFC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-12] (Adobe Systems Incorporated)
Task: {4383404B-F850-4500-84D9-322F60F30F3A} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] ()
Task: {4DECC971-D109-4F5B-87EB-57A576DD674E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {504B9B7D-0A9D-41CE-AD8E-B6027D6F1CE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {51F19FF0-3692-48E4-AAA3-BEF6EEF03E8F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {544DB039-90C8-42B5-B6CF-8148FEED934A} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {561BC66E-2334-4190-B985-2CCCD95918C3} - System32\Tasks\{9A2774E1-EE2C-4E85-863F-BF49C225FEFA} => C:\Windows\system32\pcalua.exe -a "C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3WCU5IH\cjq730EN.exe" -d C:\Users\Bob\Desktop
Task: {705A7991-20F4-4501-86DC-F0AE11634786} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-07-24] (CL)
Task: {7CBEF037-3FB7-4C2E-9C35-186101CB4E7A} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-07-23] (CyberLink)
Task: {7E532AEC-650D-4EE2-A962-23FB90FB5EB1} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-07-24] (CyberLink Corp.)
Task: {8094FFA6-8A57-4E24-AE3C-643ABE941ADE} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {8AC2AAC4-03AC-4BC5-A600-C2E8A00A5A63} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {8EE3CE15-7B8C-4BC4-83F7-8ECF83AFB238} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-07-24] (CL)
Task: {AD50F3B5-8DA6-481D-99C8-033A14BEEB44} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B05CAB35-B856-47DA-942B-9BEC4C42BBA6} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {B677C0CF-A87F-4384-9177-D1C67792C50D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)
Task: {C66ADE5D-4182-45C4-BC87-7EE4F173C083} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {CA0CC234-1DFA-46DB-9B9B-ACE4972BE3E5} - System32\Tasks\G2MUploadTask-S-1-5-21-2201664741-1172039188-2711802596-1000 => C:\Program Files (x86)\GoToMeeting\8404\g2mupload.exe [2018-02-24] (LogMeIn, Inc.)
Task: {D1A92368-85E0-4872-97DD-0D6CAABB3218} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D6DCEDA4-DF4D-4A3F-A718-B67AB0BA2008} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-01-17] (Adobe Systems Incorporated)
Task: {D8A80B22-A246-421F-8561-539E33C294A8} - System32\Tasks\{B3779BED-D022-4A2B-924C-977708252880} => C:\Windows\system32\pcalua.exe -a C:\drivers\printer\730\Setup.exe -d C:\drivers\printer\730
Task: {E0241263-78A6-4344-998F-4F466DDA0410} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {E0463D1B-6096-424C-B6DC-20D853B4AB0A} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {E0D4443E-FC9E-48B5-A979-7A41A7397836} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-07-24] (CL)
Task: {E154EFBC-AC06-44BB-A772-6B95384E8F9D} - System32\Tasks\HPCeeScheduleForBOB-PC$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {EDDCBF02-707A-4CA8-88C9-802F79252BFB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EE8ED371-8AA4-4F15-A5AE-F6ACB4D31E58} - System32\Tasks\{233AE49A-4FDB-4182-BBD9-5EFA43A6C21C} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2016-10-17] (Skype Technologies S.A.)
Task: {F39A25FB-7B06-4EF2-8075-E5D86395CE9A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {F8969499-E92C-4BF5-B8C0-F588AD451AC0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN46JCW25F => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2201664741-1172039188-2711802596-1000.job => C:\Program Files (x86)\GoToMeeting\8404\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2201664741-1172039188-2711802596-1000.job => C:\Program Files (x86)\GoToMeeting\8404\g2mupload.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBOB-PC$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBob.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\McAfeeLogon.job => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2011-05-16 17:56 - 2006-10-06 06:27 - 000045056 _____ () C:\Windows\System32\DLPRMON.DLL
2011-05-16 17:55 - 2006-10-06 06:24 - 000016384 _____ () C:\Program Files (x86)\Dell PC Fax\DlCtrStr.dll
2011-05-16 17:55 - 2006-10-06 06:24 - 000081408 _____ () C:\Program Files (x86)\Dell PC Fax\ipcmt64.dll
2009-12-12 09:44 - 2007-02-28 08:53 - 000116224 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dlbkpp6c.dll
2009-08-16 19:40 - 2009-01-21 13:47 - 000247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2018-02-24 18:28 - 2018-02-24 20:20 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-02-24 18:28 - 2018-02-24 20:20 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2009-07-21 13:34 - 2009-07-21 13:34 - 000610872 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-06-22 15:37 - 2009-06-22 15:37 - 000016712 ____R () C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
2009-07-16 18:09 - 2009-07-16 18:09 - 000074536 ____N () c:\Program Files (x86)\Hewlett-Packard\Media\iTV\Kernel\Common\MCEMediaStatus64.dll
2009-07-01 17:44 - 2009-07-01 17:44 - 000632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2010-06-16 11:48 - 2010-06-16 11:48 - 002121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-06-16 11:48 - 2010-06-16 11:48 - 007745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-06-16 11:48 - 2010-06-16 11:48 - 000135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2009-07-15 19:51 - 2009-07-15 19:51 - 000061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-07-15 19:51 - 2009-07-15 19:51 - 000131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-07-15 19:50 - 2009-07-15 19:50 - 000040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-07-15 19:50 - 2009-07-15 19:50 - 000005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-07-15 19:50 - 2009-07-15 19:50 - 000018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-07-15 19:50 - 2009-07-15 19:50 - 000036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-07-15 19:50 - 2009-07-15 19:50 - 000028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-07-15 19:50 - 2009-07-15 19:50 - 000007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2009-07-23 14:37 - 2009-07-23 14:37 - 000931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2201664741-1172039188-2711802596-1000\...\vectorvest.com -> hxxps://www.vectorvest.com
IE trusted site: HKU\S-1-5-21-2201664741-1172039188-2711802596-1000\...\vectorvest.com -> hxxp://www.vectorvest.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2018-02-25 13:07 - 000000855 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2201664741-1172039188-2711802596-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

12-02-2018 07:04:25 rcs
23-02-2018 19:06:01 Scheduled Checkpoint
23-02-2018 21:38:39 Malwarebytes Anti-Rootkit Restore Point
23-02-2018 23:27:33 JRT Pre-Junkware Removal
24-02-2018 10:40:53 Removed Java 8 Update 151
24-02-2018 11:41:05 Removed Java 8 Update 151 (64-bit)
24-02-2018 11:42:06 Removed Java 8 Update 151
25-02-2018 11:58:18 Installed Easy fix 50202
25-02-2018 12:26:29 Installed Easy fix 50202
25-02-2018 12:48:43 Installed Easy fix 50202

==================== Faulty Device Manager Devices =============

Name: Intel® Turbo Boost Technology Driver
Description: Intel® Turbo Boost Technology Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: Impcd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/25/2018 05:26:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (02/25/2018 05:26:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (02/25/2018 05:25:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (02/25/2018 05:25:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (02/25/2018 05:25:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (02/25/2018 05:25:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (02/25/2018 05:25:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (02/25/2018 05:25:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.


System errors:
=============
Error: (02/25/2018 05:24:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 6 time(s).

Error: (02/25/2018 05:24:50 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.

Error: (02/25/2018 03:23:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%-1906441657

Error: (02/25/2018 03:21:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 5 time(s).

Error: (02/25/2018 03:21:28 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.

Error: (02/25/2018 03:21:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 4 time(s).

Error: (02/25/2018 03:21:15 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.

Error: (02/25/2018 03:21:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 3 time(s).


CodeIntegrity:
===================================

Date: 2012-10-05 20:46:28.548
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-10-05 20:46:28.501
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 39%
Total physical RAM: 4086.88 MB
Available physical RAM: 2466.5 MB
Total Virtual: 8171.93 MB
Available Virtual: 6335.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:450.39 GB) (Free:325.47 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:243.49 GB) (Free:230.88 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{20d71d91-d80e-11de-9ca6-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:3.14 GB) (Free:3.09 GB) NTFS
\\?\Volume{20d71d94-d80e-11de-9ca6-806e6f6e6963}\ (HP_TOOLS) (Fixed) (Total:1.61 GB) (Free:1.61 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 2E5C62AA)
Partition 1: (Active) - (Size=3.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=243.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1.6 GB) - (Type=0C)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 02 March 2018 - 09:56 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:15 AM

Posted 02 March 2018 - 09:57 AM

Greetings Turbo_Bob and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Though McAfee appears to have been installed at some point it is not listed under your Security Programs list. You also have Zemana AntiMalware installed and that is not listed either. Your computer should only have one antivirus program installed. Which one would you like to keep?

Do you use Norton Online Backup?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {A9DB8F31-C852-4A14-8E79-6764BD89638A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {A9DB8F31-C852-4A14-8E79-6764BD89638A} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-2201664741-1172039188-2711802596-1000 -> {A9DB8F31-C852-4A14-8E79-6764BD89638A} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKLM-x32 - TotalRecipeSearch - {a0154e07-2b48-475c-a82a-80efd84ea33e} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe"
U5 AppMgmt; C:\Windows\system32\svchost.exe
S3 catchme; \??\C:\ComboFix\catchme.sys
2018-02-13 11:07 - 2018-02-16 06:57 - 000000000 ____D C:\Users\Bob\AppData\Local\Enjeztu
2018-02-13 10:20 - 2018-02-18 09:02 - 000000000 ____D C:\Users\Bob\AppData\Local\Hofyjos
2012-05-30 15:56 - 2012-05-30 15:56 - 001313342 _____ () C:\Users\Bob\AppData\Local\tmpCIMG0275.0
2012-05-30 15:56 - 2012-05-30 15:56 - 000562485 _____ () C:\Users\Bob\AppData\Local\tmpCIMG0275.JPG
2010-11-24 20:49 - 2011-08-01 22:42 - 000025428 _____ () C:\Users\Bob\AppData\Local\tmpPHOTO.0
2011-08-01 22:42 - 2011-08-01 22:42 - 000010634 _____ () C:\Users\Bob\AppData\Local\tmpPHOTO.JPG
Task: {561BC66E-2334-4190-B985-2CCCD95918C3} - System32\Tasks\{9A2774E1-EE2C-4E85-863F-BF49C225FEFA} => C:\Windows\system32\pcalua.exe -a "C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3WCU5IH\cjq730EN.exe" -d C:\Users\Bob\Desktop
Task: {D8A80B22-A246-421F-8561-539E33C294A8} - System32\Tasks\{B3779BED-D022-4A2B-924C-977708252880} => C:\Windows\system32\pcalua.exe -a C:\drivers\printer\730\Setup.exe -d C:\drivers\printer\730
StartBatch:
net stop cryptsvc
cd %systemroot%\system32
ren catroot2 catroot2old
net start cryptsvc
EndBatch
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Which Antivirus?
  • Norton Online Backup?
  • Fixlog
  • Update on computer performance

Edited by Oh My!, 02 March 2018 - 11:12 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Turbo_Bob

Turbo_Bob
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 02 March 2018 - 02:53 PM

Gary,

 

  • Which Antivirus? - Mcafee as my dad still has 6 months left on his license
  • Norton Online Backup? - He never uses it so okay to delete
  • Fixlog - below
  • Update on computer performance - seems better

 

Forgot to run FRST as admin but it seems to have done okay.  It caused the machine to reboot.

 

Bob

 

fixlog.txt pasted below:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 28.02.2018
Ran by Bob (02-03-2018 14:36:49) Run:1
Running from C:\Virus Removal Apps\2 Farbar Recovery Scan Tool
Loaded Profiles: Bob &  (Available Profiles: Bob)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {A9DB8F31-C852-4A14-8E79-6764BD89638A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {A9DB8F31-C852-4A14-8E79-6764BD89638A} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-2201664741-1172039188-2711802596-1000 -> {A9DB8F31-C852-4A14-8E79-6764BD89638A} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKLM-x32 - TotalRecipeSearch - {a0154e07-2b48-475c-a82a-80efd84ea33e} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe"
U5 AppMgmt; C:\Windows\system32\svchost.exe
S3 catchme; \??\C:\ComboFix\catchme.sys
2018-02-13 11:07 - 2018-02-16 06:57 - 000000000 ____D C:\Users\Bob\AppData\Local\Enjeztu
2018-02-13 10:20 - 2018-02-18 09:02 - 000000000 ____D C:\Users\Bob\AppData\Local\Hofyjos
2012-05-30 15:56 - 2012-05-30 15:56 - 001313342 _____ () C:\Users\Bob\AppData\Local\tmpCIMG0275.0
2012-05-30 15:56 - 2012-05-30 15:56 - 000562485 _____ () C:\Users\Bob\AppData\Local\tmpCIMG0275.JPG
2010-11-24 20:49 - 2011-08-01 22:42 - 000025428 _____ () C:\Users\Bob\AppData\Local\tmpPHOTO.0
2011-08-01 22:42 - 2011-08-01 22:42 - 000010634 _____ () C:\Users\Bob\AppData\Local\tmpPHOTO.JPG
Task: {561BC66E-2334-4190-B985-2CCCD95918C3} - System32\Tasks\{9A2774E1-EE2C-4E85-863F-BF49C225FEFA} => C:\Windows\system32\pcalua.exe -a "C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3WCU5IH\cjq730EN.exe" -d C:\Users\Bob\Desktop
Task: {D8A80B22-A246-421F-8561-539E33C294A8} - System32\Tasks\{B3779BED-D022-4A2B-924C-977708252880} => C:\Windows\system32\pcalua.exe -a C:\drivers\printer\730\Setup.exe -d C:\drivers\printer\730
StartBatch:
net stop cryptsvc
cd %systemroot%\system32
ren catroot2 catroot2old
net start cryptsvc
EndBatch
emptytemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A9DB8F31-C852-4A14-8E79-6764BD89638A}" => removed successfully
HKLM\Software\Classes\CLSID\{A9DB8F31-C852-4A14-8E79-6764BD89638A} => key not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{A9DB8F31-C852-4A14-8E79-6764BD89638A}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A9DB8F31-C852-4A14-8E79-6764BD89638A} => key not found
"HKU\S-1-5-21-2201664741-1172039188-2711802596-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A9DB8F31-C852-4A14-8E79-6764BD89638A}" => removed successfully
HKLM\Software\Classes\CLSID\{A9DB8F31-C852-4A14-8E79-6764BD89638A} => key not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{a0154e07-2b48-475c-a82a-80efd84ea33e}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{a0154e07-2b48-475c-a82a-80efd84ea33e} => key not found
McComponentHostService => service not found.
"HKLM\System\CurrentControlSet\Services\AppMgmt" => removed successfully
AppMgmt => service removed successfully
"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully
catchme => service removed successfully
C:\Users\Bob\AppData\Local\Enjeztu => moved successfully
C:\Users\Bob\AppData\Local\Hofyjos => moved successfully
C:\Users\Bob\AppData\Local\tmpCIMG0275.0 => moved successfully
C:\Users\Bob\AppData\Local\tmpCIMG0275.JPG => moved successfully
C:\Users\Bob\AppData\Local\tmpPHOTO.0 => moved successfully
C:\Users\Bob\AppData\Local\tmpPHOTO.JPG => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{561BC66E-2334-4190-B985-2CCCD95918C3} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{561BC66E-2334-4190-B985-2CCCD95918C3} => could not remove key. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{9A2774E1-EE2C-4E85-863F-BF49C225FEFA} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9A2774E1-EE2C-4E85-863F-BF49C225FEFA} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8A80B22-A246-421F-8561-539E33C294A8} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8A80B22-A246-421F-8561-539E33C294A8} => could not remove key. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{B3779BED-D022-4A2B-924C-977708252880} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B3779BED-D022-4A2B-924C-977708252880} => could not remove key. ErrorCode1: 0x00000002
 
========= Batch: =========
The Cryptographic Services service is stopping..
The Cryptographic Services service was stopped successfully.
 
The Cryptographic Services service is starting.
The Cryptographic Services service was started successfully.
 
 
========= End of Batch: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 34108477 B
Java, Flash, Steam htmlcache => 1584 B
Windows/system/drivers => 95331 B
Edge => 0 B
Chrome => 29549640 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33125 B
Public => 0 B
ProgramData => 0 B
systemprofile => 44850011 B
systemprofile32 => 30915021 B
LocalService => 576218 B
NetworkService => 5914052 B
Bob => 4492489 B
 
RecycleBin => 0 B
EmptyTemp: => 151.6 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 02-03-2018 14:43:01)
 
 
Result of scheduled keys to remove after reboot:
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{561BC66E-2334-4190-B985-2CCCD95918C3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{561BC66E-2334-4190-B985-2CCCD95918C3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9A2774E1-EE2C-4E85-863F-BF49C225FEFA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8A80B22-A246-421F-8561-539E33C294A8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8A80B22-A246-421F-8561-539E33C294A8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B3779BED-D022-4A2B-924C-977708252880}" => removed successfully
 
==== End of Fixlog 14:43:01 ====
  • Which Antivirus?
  • Norton Online Backup?
  • Fixlog
  • Update on computer performance


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:15 AM

Posted 02 March 2018 - 03:29 PM

Thank you Bob.

We are going to reinstall Zemana Anti-Malware then use a special tool to uninstall it.

Please do this.

Download and install Zemana Anti-Malware Free Trial.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------
  • Please download and install Revo Uninstaller Free
  • Right click Revo Uninstaller and select Run as administrator
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Zemana Anti-Malware
  • Click Yes to any warning screen that may appear
  • If presented with the program uninstall option click Uninstall
  • If asked to restart now click No
  • Under Scanning Modes select Advanced then select Scan
  • On the Found leftover Registry items window click Select All, Delete, then Yes
  • If prompted click on Next
  • On the Found leftover files and folders window click on Select all, Delete, Yes, OK on any warning screen, then Finish
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CloseProcesses:
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)
C:\Program Files (x86)\Symantec\Norton Online Backup
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Security Analysis by Rocket Grannie

--------------------
  • Please download Security Analysis by Rocket Grannie and save it to your Desktop
  • Right click on the icon and select Run as admnistrator
  • Click OK on the disclaimer and ignore any security warnings that may appear
  • In your reply, please copy and paste the contents of the Notepad document that will appear on your desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Zemana uninstall?
  • Fixlog
  • ESET log
  • Security Analysis log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Turbo_Bob

Turbo_Bob
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 03 March 2018 - 03:55 PM

Gary,

 

All the steps completed succesfully.  The Zemana unistall went smoothly. The ESET scan does take a long time.  The computer seems to be running fine.  Files are pasted below:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 28.02.2018
Ran by Bob (03-03-2018 11:23:39) Run:2
Running from C:\Virus Removal Apps\2 Farbar Recovery Scan Tool
Loaded Profiles: Bob (Available Profiles: Bob)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)
C:\Program Files (x86)\Symantec\Norton Online Backup
 
*****************
 
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NortonOnlineBackupReminder" => removed successfully
C:\Program Files (x86)\Symantec\Norton Online Backup => moved successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 11:23:40 ====
 
C:\AdwCleaner\Quarantine\exuieaoEiI\GoogleCRXs\aaaanedilenlegkankjaglkappnjhfkj_7.15.2.0.crx Win32/Bundled.Toolbar.Ask.P potentially unsafe application deleted
C:\AdwCleaner\Quarantine\x3CF3EDNhm\Toolbar\Updater\IDC\IdcLdr.exe a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\x3CF3EDNhm\Toolbar\Updater\IDC\IdcLdr_x64.exe a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\x3CF3EDNhm\Toolbar\Updater\IDC\IdcSrv.dll a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\x3CF3EDNhm\Toolbar\Updater\IDC\IdcSrvStub.dll a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\x3CF3EDNhm\Toolbar\Updater\IDC\IdcSrvStub_x64.dll a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\x3CF3EDNhm\Toolbar\Updater\IDC\IdcSrv_x64.dll a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application cleaned by deleting
C:\Virus Removal Apps\4 Cleanup Tools\ccsetup540.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Windows\Installer\MSI21C3.tmp a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application cleaned by deleting
 
Result of Security Analysis by Rocket Grannie (x86) Updated: 16th February, 2018
Running from:C:\Users\Bob\Downloads (15:48:02 - 03/03/2018)
***---------------------------------------------------------***
Microsoft Windows 7 Home Premium X64 Service Pack 1
UAC is Enabled
Internet Explorer 11
Default Browser: Google Chrome
***------------Antivirus - Antispyware - Firewall-----------***
Malwarebytes (Enabled - up to Date)
Malwarebytes (Enabled - up to Date)
Windows Defender (Disabled - Not up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI is not installed
Adobe Acrobat Reader DC (18.011.20038)
CCleaner (5.40)
Google Chrome (64.0.3282.186)
HitmanPro (3.8.0.292)
Malwarebytes (3.3.1.2183)
Microsoft Silverlight (5.1.50907.0)
Windows Live Essentials (14.0.8089.726) ==> is out of Date ==> is no longer supported
 
***----------------Analysis Complete-------------------------***


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:15 AM

Posted 03 March 2018 - 04:05 PM

That looks great. Looks like we are all set.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean.

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. ohmy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Turbo_Bob

Turbo_Bob
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 03 March 2018 - 04:59 PM

Gary,

 

Windows Update still does not work.  I have attached a PDF as I could not paste the screen capture.  Pasted is the Farbar Service Scanner output.  Is it a problem that some files are not digitally signed are labelled legit?

 

Farbar Service Scanner Version: 27-01-2016
Ran by Bob (administrator) on 03-03-2018 at 16:56:19
Running from "C:\Virus Removal Apps\2 Farbar Recovery Scan Tool"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll
[2017-09-13 12:35] - [2017-08-11 01:35] - 0026112 ____A (Microsoft Corporation) 668B9EFF5CCA4542F435D2CD9CE3C778
 
C:\Windows\System32\drivers\nsiproxy.sys
[2017-09-13 12:35] - [2017-08-11 00:58] - 0026112 ____A (Microsoft Corporation) BE313E566EEA2A4B7F9AAC9782A567D4
 
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2017-05-18 16:03] - [2017-04-04 09:53] - 0496128 ____A (Microsoft Corporation) 0DC2A9882540DEA4A55B08785E09D8FC
 
C:\Windows\System32\drivers\tdx.sys
[2017-08-09 09:47] - [2017-07-29 09:56] - 0117248 ____A (Microsoft Corporation) 4DD986720F7CB7A8A5D1226793097B9A
 
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll
[2011-04-14 20:01] - [2011-03-03 01:24] - 0357888 ____A (Microsoft Corporation) 492D07D79E7024CA310867B526D9636D
 
C:\Windows\SysWOW64\dnsapi.dll
[2011-04-14 20:01] - [2011-03-03 00:38] - 0270336 ____A (Microsoft Corporation) B40420876B9288E0A1C8CCA8A84E5DC9
 
C:\Windows\System32\mpssvc.dll
[2018-01-08 19:22] - [2017-12-31 21:18] - 0828928 ____A (Microsoft Corporation) 92B4079384B8BE97AEE3CA8B43E0AAEB
 
C:\Windows\System32\bfe.dll
[2018-01-08 19:22] - [2017-12-31 21:18] - 0705024 ____A (Microsoft Corporation) E3ED6C06462FDDE33100F7E45E8F5213
 
C:\Windows\System32\drivers\mpsdrv.sys
[2018-01-08 19:22] - [2017-12-31 20:54] - 0077312 ____A (Microsoft Corporation) 6D9BB8B53394B62540A3971FCE2BE8DB
 
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2017-06-13 21:09] - [2017-05-10 10:14] - 2651136 ____A (Microsoft Corporation) 88009DB9E1166B6B6713A858C176FECD
 
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2017-05-18 16:03] - [2017-04-12 10:32] - 0190976 ____A (Microsoft Corporation) 48FEDBE324F1EA9417BA1D62AE863011
 
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2018-01-08 19:22] - [2017-12-31 21:18] - 0512000 ____A (Microsoft Corporation) BA6C9EE518A11DA4AD061B223EBED3D3
 
 
 
**** End of log ****

 

  

Attached Files



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:15 AM

Posted 03 March 2018 - 08:16 PM

Greetings,

All of those files are legitimate.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
cmd: sc config wuauserv start= delayed-auto
reboot:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Attempt Windows Update
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Windows Update?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Turbo_Bob

Turbo_Bob
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 04 March 2018 - 10:03 AM

Gary,

 

No joy in mudville.  Windows update still does not run with the same error message.  Fixlog pasted below:

 

Bob

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Bob (04-03-2018 09:54:37) Run:3
Running from C:\Virus Removal Apps\2 Farbar Recovery Scan Tool
Loaded Profiles: Bob (Available Profiles: Bob)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
cmd: sc config wuauserv start= delayed-auto
reboot:
 
*****************
 
 
========= sc config wuauserv start= delayed-auto =========
 
[SC] ChangeServiceConfig SUCCESS
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 09:54:37 ====


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:15 AM

Posted 04 March 2018 - 10:43 AM

Thanks Bob, please do this.

===================================================

Reset and Reregister Windows Update Components

--------------------===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Turbo_Bob

Turbo_Bob
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 04 March 2018 - 11:18 AM

Gary,

 

The file seemed to run fine (hard to tell as the output scrolls by quickly), did a reboot, and Windows update still not running with the same error message from the screen capture.  Any more ideas as this is a stubborn problem.

 

Bob



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:15 AM

Posted 04 March 2018 - 11:41 AM

Hi Bob,

I will be away from my computer for a couple of hours but will reply upon my return.

Windows Update issues can be a bit of a pain requiring patience.

Please do this.

===================================================

System Update Readiness Tool Windows 7 64 bit

--------------------
  • Please click on System Update Readiness Tool and a download window will appear
  • Select Open with Windows Update Standalone Installer (default)
  • Click OK and wait patiently for the process to complete
  • When finished click Close in the Installation complete dialog box
  • Reboot your computer and attempt to update Windows
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Turbo_Bob

Turbo_Bob
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 04 March 2018 - 12:12 PM

Gary,

 

Could not get that file to run.  It came back with the following error:

 

Installer encountered an error:  0xc8000247

 

I have attached a pdf of the screen capture as I cannot paste it.

 

 What's next?  So close yet so far.

 

Bob

Attached Files



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:15 AM

Posted 04 March 2018 - 03:11 PM

Thank you for your patience.

Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
cmd: sfc /scannow
zip: c:\windows\logs\cbs\cbs.log
StartPowershell:
select-string -path $env:SystemRoot\WindowsUpdate.log FATAL
EndPowershell:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • The tool will also create a zip file on your Desktop with today's date and time, example 05.12.2016_13.04.06.zip. Please attach the file to your reply
===================================================

System Summary Information

--------------------
  • Press the Windows Key + R on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Attached cbs.log zip file
  • Attached System Summary file

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Turbo_Bob

Turbo_Bob
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 04 March 2018 - 08:04 PM

Gary,

 

Here is the info you requested.  The post was too long if I pasted the fixlog text and i could not post it.  So included it as an attached file.  Sorry - but only way it would let me reply.

 

Bob

 

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users