Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS Hijack/Malware


  • This topic is locked This topic is locked
13 replies to this topic

#1 Sluggy

Sluggy

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 04 April 2018 - 12:40 PM

(from the following thread: https://www.bleepingcomputer.com/forums/t/674756/dns-hijack-malware/)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by DredNawt (administrator) on DREDNAWT-PC (04-04-2018 13:34:38)
Running from I:\Portable Anti-Malware
Loaded Profiles: DredNawt (Available Profiles: DredNawt)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "E:\Software\ISP\firefox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) E:\Software\Security\Comodo\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) E:\Software\Security\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
() C:\Windows\System32\PnkBstrA.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe
(COMODO) E:\Software\Security\Comodo\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(AVAST Software) E:\Software\Security\Avast\x64\aswidsagenta.exe
(COMODO) E:\Software\Security\Comodo\COMODO Internet Security\cistray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(AVAST Software) E:\Software\Security\Avast\AvLaunch.exe
() C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(Advanced Micro Devices Inc.) D:\Hardware\Drivers\Graphics\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) E:\Software\Security\Avast\AvastUI.exe
(ATI Technologies Inc.) D:\Hardware\Drivers\Graphics\ATI.ACE\Core-Static\CCC.exe
(Piriform Ltd) E:\Software\Security\Cleaner\CCleaner64.exe
(COMODO) E:\Software\Security\Comodo\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Mozilla Corporation) E:\Software\ISP\firefox.exe
(Mozilla Corporation) E:\Software\ISP\firefox.exe
(Mozilla Corporation) E:\Software\ISP\firefox.exe
(Mozilla Corporation) E:\Software\ISP\firefox.exe
(Mozilla Corporation) E:\Software\ISP\firefox.exe
(AVAST Software) E:\Software\Security\Avast\Setup\instup.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-23] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-23] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] => E:\Software\Security\COMODO\COMODO Internet Security\cistray.exe [2208448 2018-03-13] (COMODO)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15009400 2015-10-23] (Logitech Inc.)
HKLM\...\Run: [AvastUI.exe] => E:\Software\Security\Avast\AvLaunch.exe [242392 2018-04-03] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => D:\Hardware\Drivers\Graphics\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\Run: [CCleaner Monitoring] => E:\Software\Security\Cleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\Run: [Google Update] => C:\Users\DredNawt\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-15] (Google Inc.)
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {12614da5-3d9b-11e2-8413-00261854a5b9} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {1c293854-a073-11e1-9123-00261854a5b9} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {214ca499-8664-11e1-aff3-00261854a5b9} - J:\LaunchU3.exe -a
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {348c99cc-55e7-11e2-a15a-00261854a5b9} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {3a621339-3206-11e1-ae17-806e6f6e6963} - F:\setup.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {3a621345-3206-11e1-ae17-806e6f6e6963} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {44144153-c99b-11e2-b274-00261854a5b9} - K:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {44144154-c99b-11e2-b274-00261854a5b9} - J:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {5143976f-b444-11e2-8217-00261854a5b9} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {5f2c259f-d7f3-11e3-b128-00261854a5b9} - G:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {5f2c25a0-d7f3-11e3-b128-00261854a5b9} - K:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {635cecf9-5307-11e7-9270-c8dbee6384e9} - J:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {a8a64fd3-754c-11e2-8e49-00261854a5b9} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {a8a64fd5-754c-11e2-8e49-00261854a5b9} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {c48b3cb4-4ed5-11e2-9210-00261854a5b9} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {d4e7a48d-b261-11e1-b0ba-00261854a5b9} - I:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {d51722d8-c177-11e5-aa99-b580a2d4a9be} - G:\setup.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {dfaa134a-c785-11e4-a669-9c6306562072} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {eb76f021-a3fa-11e2-861f-00261854a5b9} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {eb76f022-a3fa-11e2-861f-00261854a5b9} - I:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {f54e00ed-d1d3-11e1-9f40-00261854a5b9} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {f568bc0d-a601-11e2-9260-00261854a5b9} - I:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\avastSS.scr [53208 2016-10-27] (AVAST Software)
Startup: C:\Users\DredNawt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2018-02-17]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
BootExecute: 耀

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{84D3B620-23C4-47CD-88D7-004D079CCCFC}: [NameServer] 192.168.137.1
Tcpip\..\Interfaces\{8F1BF86E-DAF8-4192-9169-90C55E9E6E4D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B2284C2B-F870-409D-91DF-957C1ED8EEF5}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{F3328A91-15B0-4799-9079-7038A2EB1B3D}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKU\S-1-5-21-249627006-3391249319-856258202-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> E:\Software\Security\Avast\aswWebRepIE64.dll [2018-02-18] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> E:\Software\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> E:\Software\Security\Avast\aswWebRepIE.dll [2018-02-18] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> E:\Software\Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKU\S-1-5-21-249627006-3391249319-856258202-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: HKLM {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File

FireFox:
========
FF DefaultProfile: 00pax454.default-1387386287991
FF ProfilePath: C:\Users\DredNawt\AppData\Roaming\Mozilla\Firefox\Profiles\00pax454.default-1387386287991 [2018-04-04]
FF Homepage: Mozilla\Firefox\Profiles\00pax454.default-1387386287991 -> hxxps://www.google.com/
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\DredNawt\AppData\Roaming\Mozilla\Firefox\Profiles\00pax454.default-1387386287991\Extensions\adblockpopups@jessehakanen.net.xpi [2016-04-28] [Legacy]
FF Extension: (EPUBReader) - C:\Users\DredNawt\AppData\Roaming\Mozilla\Firefox\Profiles\00pax454.default-1387386287991\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2017-08-02]
FF Extension: (Adblock Plus) - C:\Users\DredNawt\AppData\Roaming\Mozilla\Firefox\Profiles\00pax454.default-1387386287991\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-13]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\DredNawt\AppData\Roaming\Mozilla\Firefox\Profiles\00pax454.default-1387386287991\features\{8b93aba2-997d-4e09-9b4d-0d9ca8542628}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-03-28] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-30] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll [2012-09-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> E:\Software\Java\bin\plugin2\npjp2.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-12-30] (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-30] ()
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-12-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> E:\Software\Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> E:\Software\Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> E:\Software\Media\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> E:\Software\Adobe\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-249627006-3391249319-856258202-1000: @citrixonline.com/appdetectorplugin -> C:\Users\DredNawt\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-12] (Citrix Online)
FF Plugin HKU\S-1-5-21-249627006-3391249319-856258202-1000: @tools.google.com/Google Update;version=3 -> C:\Users\DredNawt\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-249627006-3391249319-856258202-1000: @tools.google.com/Google Update;version=9 -> C:\Users\DredNawt\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
StartMenuInternet: FIREFOX.EXE - E:\Software\ISP\firefox.exe

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/"
CHR Profile: C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default [2018-04-03]
CHR Extension: (Google Slides) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-02]
CHR Extension: (Google Docs) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-02]
CHR Extension: (Google Drive) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02]
CHR Extension: (YouTube) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-02]
CHR Extension: (Google Search) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Google Sheets) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-02]
CHR Extension: (Google Docs Offline) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-23]
CHR Extension: (Avast Online Security) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-02]
CHR Extension: (Video Speed Controller) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2015-11-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-02]
CHR Extension: (Gmail) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-02]
CHR Profile: C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-04-04]
CHR Extension: (Docs) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-01]
CHR Extension: (YouTube) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-01]
CHR Extension: (Google Search) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-01]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2016-02-29]
CHR Extension: (Google Docs Offline) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Avast Online Security) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-19]
CHR Extension: (Video Speed Controller) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2018-04-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-01]
CHR Extension: (Chrome Media Router) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Software\Security\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; E:\Software\Security\Avast\x64\aswidsagenta.exe [7603408 2018-04-03] (AVAST Software)
R2 avast! Antivirus; E:\Software\Security\Avast\AvastSvc.exe [313640 2018-04-03] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2018-03-07] ()
R2 cmdAgent; E:\Software\Security\COMODO\COMODO Internet Security\cmdagent.exe [11395096 2018-03-13] (COMODO)
S3 cmdvirth; E:\Software\Security\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2018-03-13] (COMODO)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-21] (EasyAntiCheat Ltd)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-10-23] (Logitech Inc.)
S3 MBAMService; E:\Software\Security\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S3 Microsoft SharePoint Workspace Audit Service; E:\Software\Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-09-09] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-09-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
S2 HPSLPSVC; C:\Users\DredNawt\AppData\Local\Temp\7zS647C\hpslpsvc64.dll [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [17008 2015-10-20] () [File not signed]
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2015-10-20] () [File not signed]
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2015-05-26] (Wondershare)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-04-03] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-08] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-08] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-08] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-08] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [227784 2018-04-03] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-04-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-06-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [147224 2018-04-03] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111352 2018-04-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-04-03] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-04-03] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-04-03] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-04-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-04-03] (AVAST Software)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [34280 2018-01-31] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [846624 2018-01-31] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [59096 2018-01-31] (COMODO)
S1 fanio; C:\Windows\SysWOW64\drivers\fanio.sys [14464 2007-02-16] (Christian Diefer) [File not signed]
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [123544 2018-01-31] (COMODO)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-08-15] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2015-02-21] (Logitech Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-11-01] (Duplex Secure Ltd.)
S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1306624 2009-05-14] (C-Media Electronics Inc)
U3 a9mpjoa2; C:\Windows\System32\Drivers\a9mpjoa2.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S0 79890540; system32\drivers\89629951.sys [X]
S3 ALSysIO; \??\C:\Users\DredNawt\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S1 Capsax64Drv0; System32\Drivers\Capsax64Drv0.sys [X]
S1 CSN5PDTS82; System32\Drivers\CSN5PDTS82.sys [X]
S1 CSN5PDTS82x64; System32\Drivers\CSN5PDTS82x64.sys [X]
S1 CsNdisLWF; System32\Drivers\CsNdisLWF.sys [X]
S3 easytether; system32\DRIVERS\easytthr.sys [X]
S3 LGELTEBus; system32\DRIVERS\LGELTEBus.sys [X]
S3 LGELTEmdm; system32\DRIVERS\LGELTEmdm.sys [X]
S3 LGELTEMux; system32\DRIVERS\LGELTEMux.sys [X]
S3 LGELTENdis; system32\DRIVERS\LGELTENdis.sys [X]
S3 LGELTEprt; system32\DRIVERS\LGELTEprt.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 0DC2A9882540DEA4A55B08785E09D8FC
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys FBB35875FEFE53D4280259842069ED72
C:\Windows\System32\DRIVERS\atikmpag.sys A32BCAD9377E3B75D034CAFBA463A0AE
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\ampa.sys 091F08BCEE2AEDDC89070370552DFD34
C:\Windows\SysWOW64\ampa.sys 091F08BCEE2AEDDC89070370552DFD34
C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys 4542CC17440E85D2D2D73A7D40FAED0A
C:\Windows\system32\drivers\appid.sys C16B5B379A2A79702CC5FF923EAAE3FD
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\AsIO.sys A82C01606DC27D05D9D3BFB6BB807E32
C:\Windows\System32\drivers\aswArPot.sys 300D6AC47A146EB8EB159F51BC13F7CF
C:\Windows\System32\drivers\aswbidsdrivera.sys A2F689B3E2BEAF05DD6DBE6ED862F781
C:\Windows\System32\drivers\aswbidsha.sys 9CAF76B70650DBF39AD85E6CE885F5B7
C:\Windows\System32\drivers\aswbloga.sys A846D0306A72F8AF5515009D811F344B
C:\Windows\System32\drivers\aswbuniva.sys 6A4C9AEBDBB30D9DF0A6F03BC3B4007B
C:\Windows\System32\drivers\aswHdsKe.sys F671444D530705D87E97D2DEA0F0240F
C:\Windows\System32\drivers\aswHwid.sys C13780FF7B75D5D2BDB7491038AE5A61
C:\Windows\system32\drivers\aswKbd.sys 5E6FD2CB74138C6AF591779D2619BD6C
C:\Windows\System32\drivers\aswMonFlt.sys EBAF255D03FBDEE9E6C6DDED3298B872
C:\Windows\System32\drivers\aswRdr2.sys 65A437FE46CD8357A1F9B38FF89DE02A
C:\Windows\System32\drivers\aswRvrt.sys 809F63E2A32A54451EFCD86E7441CD5C
C:\Windows\System32\drivers\aswSnx.sys E2343CB37394EC3AF6151ADAF30B64CA
C:\Windows\System32\drivers\aswSP.sys 50B01BDC0DDF6899E8C5C215012FC4E7
C:\Windows\System32\drivers\aswStm.sys 55B0953394B255B16F3013B922993594
C:\Windows\System32\drivers\aswVmm.sys 0BC5031C59054FB1D7B318C21B40FCA5
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 770A3B0D78232B0C1054495392A1FBA3
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ABA3984C822E4D3F889699912D85D6C5
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 3963FEC1892368DD500E6ED1F5C286CE
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cmderd.sys 7840258B8CA23C7E4DAD9F30CFCC2B89
C:\Windows\System32\DRIVERS\cmdguard.sys 881670F90B6A4799F2394182349F9C4F
C:\Windows\System32\DRIVERS\cmdhlp.sys 59E1CF1BEFDFCD3588091623D816B74B
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys A98CED39AD91B445E2E442A9BD67E8B4
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 9B38580063D281A99E68EF5813022A5F
C:\Windows\System32\DRIVERS\ssudbus.sys BC319C065335B10A5AA5938A677A60D5
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\drivers\dxgkrnl.sys 5CEF80AE869336376F550ECAE91E424A
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys 7E45F8B117419ABA3BB26579F6E70324
C:\Windows\SysWOW64\drivers\fanio.sys 0DD24DABB0B8C4AC0D8F2EBF0492276A
C:\Windows\System32\Drivers\fastfat.sys 6EDFA237D25433C03F42FBFDB16BDD24
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ANDROIDUSB.sys F47CEC45FB85791D4AB237563AD0FA8F
C:\Windows\System32\DRIVERS\HtcVComV64.sys 7C7C986776D00E575BFBDE5DCBDC615D
C:\Windows\System32\drivers\HTTP.sys CF5C9BD985120781200D35FD445D0BD5
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\inspect.sys 1D1053ACB6DF95882838F74AD0965F92
C:\Windows\System32\drivers\RTKVHD64.sys D42D651676883181400E22957A7E0B1E
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys DFE85B031220F8E0271716BBB3C4C8FF
C:\Windows\System32\Drivers\ksecpkg.sys 70D7302DD70B979637179BFD8295C924
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\drivers\LGBusEnum.sys 17325C9B9ADB2BB99049936D0C9812C8
C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys 2D7F1C02B94D6F0F3E10107E5EA8E141
C:\Windows\System32\drivers\LGJoyXlCore.sys C7AF05942E041D4B1F345ACF79993BB3
C:\Windows\System32\DRIVERS\LGSHidFilt.Sys 94AF1384A67B9FCF5651E70BC9D4C526
C:\Windows\System32\drivers\LGVirHid.sys 1DDB8DE3D6EEF31EDCF4977B2D2FAACC
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys 5416CEB2916BBE635288C4D1075B045E
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 072D8646E23ECF8A3F5F0157017B4DB6
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 98DB1790F0A584E0A2528B92B052417F
C:\Windows\System32\DRIVERS\mrxsmb.sys 767C6DF04C5758B9F0790D400541B44F
C:\Windows\System32\DRIVERS\mrxsmb10.sys BD55F604FFABC911F8E5500186AE70E5
C:\Windows\System32\DRIVERS\mrxsmb20.sys 92EECFB046D4706A4B8D699A4069B6EC
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ASACPI.sys 19B006B181E3875FD254F7B67ACF1E7C
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys 9FB2A095B1166CB3C9A06651863B3452
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys 734837208CAFD6E0959A7A0333C95C9D
C:\Windows\System32\DRIVERS\netr7364.sys 81B8D0C1CE44A7FDBD596B693783950C
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys BE313E566EEA2A4B7F9AAC9782A567D4
C:\Windows\System32\Drivers\Ntfs.sys 1065D9AFE491706EB00AD3CBB76C9E54
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys DD81FBC57AB9134CDDC5CE90880BFD80
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys EA4D67448BE493D543F1730D6CD04694
C:\Windows\System32\DRIVERS\pneteth.sys A010F13D27C1033A8BE09D5FA9BF348B
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 4D3B50366F453BF1D17CB3DD72A024FF
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys 656736958178461D25B51BB0D9EC7D09
C:\Windows\System32\DRIVERS\srv.sys 72E6A150A8C8530B201832D1C801CDE6
C:\Windows\System32\DRIVERS\srv2.sys C4F67ABCC5033D334613F28F9E782809
C:\Windows\System32\DRIVERS\srvnet.sys C53CB62B0E57488AAE41FDA0FF8A0AB9
C:\Windows\System32\DRIVERS\ssudmdm.sys 37680AECA1BF2D430719A297F68ECD49
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 7FB36A0A036ADDACE0A868E4A43C1C27
C:\Windows\System32\DRIVERS\tcpip.sys 7FB36A0A036ADDACE0A868E4A43C1C27
C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 4DD986720F7CB7A8A5D1226793097B9A
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 2CF58216424757ED29605B4F18EC443C
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\system32\drivers\usbccgp.sys 9E68E917FB4B5C983438969643F53BEF
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 3F9D3902CE931E2A28DD8452AE915B67
C:\Windows\System32\DRIVERS\usbhub.sys 86B65EEBC03B936DE8B26E5A18D98FA2
C:\Windows\System32\drivers\CM10664.sys 49C26DAC5A04080061670E2951BA4880
C:\Windows\system32\drivers\usbohci.sys 099C2931C6F73EB1B9E13C560F61B50D
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys 5D7651347C7D702F4A5DE53603DC024F
C:\Windows\System32\DRIVERS\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29
C:\Windows\System32\DRIVERS\VClone.sys 3C8E2C591345F38149C69FE8E5DF8C90
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys 85C5468BC395819AE2A0C747334BA14C
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\Drivers\a9mpjoa2.sys D41D8CD98F00B204E9800998ECF8427E

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-04 01:05 - 2018-04-04 01:06 - 000217756 _____ C:\TDSSKiller.3.1.0.16_04.04.2018_01.05.26_log.txt
2018-04-04 01:03 - 2018-04-04 01:03 - 000003648 ____N C:\bootsqm.dat
2018-04-04 00:53 - 2018-04-04 00:54 - 000218476 _____ C:\TDSSKiller.3.1.0.16_04.04.2018_00.53.49_log.txt
2018-04-03 11:40 - 2018-04-03 11:40 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-04-03 11:40 - 2017-10-17 12:40 - 000334488 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2018-04-03 04:03 - 2018-04-04 13:34 - 000000000 ____D C:\FRST
2018-04-03 03:48 - 2018-04-03 03:54 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-04-03 03:45 - 2018-04-03 03:54 - 000000000 ____D C:\Users\DredNawt\Desktop\mbar
2018-04-03 03:45 - 2018-04-03 03:45 - 000097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-04-03 03:44 - 2018-04-03 03:44 - 000000000 ____D C:\Rem-VBSqt
2018-04-03 03:42 - 2018-04-03 03:49 - 000000000 ____D C:\ProgramData\Sophos
2018-04-03 03:38 - 2018-04-03 03:56 - 000000000 ____D C:\AdwCleaner
2018-04-03 03:35 - 2018-04-04 00:12 - 000002472 _____ C:\Users\DredNawt\Desktop\Rkill.txt
2018-04-03 03:30 - 2018-04-03 03:48 - 000136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-03 03:30 - 2018-04-03 03:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-03 03:21 - 2018-04-03 03:25 - 000670214 _____ C:\Windows\ntbtlog.txt
2018-04-03 03:18 - 2018-04-03 03:18 - 002861969 _____ C:\Users\DredNawt\Desktop\Pain Localization via BCI.pdf
2018-04-01 14:51 - 2018-04-01 14:51 - 001291167 _____ C:\Users\DredNawt\Desktop\Thermoreceptors.pdf
2018-04-01 13:43 - 2018-04-01 13:43 - 001558588 _____ C:\Users\DredNawt\Desktop\JCI42843.pdf
2018-04-01 13:42 - 2018-04-01 13:42 - 003286169 _____ C:\Users\DredNawt\Desktop\242.full.pdf
2018-03-29 12:45 - 2018-03-29 20:28 - 000000000 ____D C:\Program Files (x86)\Trend Micro
2018-03-29 12:45 - 2018-03-29 12:53 - 000000000 ____D C:\Users\DredNawt\AppData\Local\Trend Micro
2018-03-29 12:37 - 2018-04-03 11:52 - 000691263 _____ C:\Users\DredNawt\AppData\Local\census.cache
2018-03-29 12:37 - 2018-04-03 11:52 - 000330825 _____ C:\Users\DredNawt\AppData\Local\ars.cache
2018-03-29 12:35 - 2018-04-03 11:51 - 000000010 _____ C:\Users\DredNawt\AppData\Local\sponge.last.runtime.cache
2018-03-29 12:28 - 2018-04-03 11:44 - 000000000 ____D C:\ProgramData\Trend Micro
2018-03-29 12:28 - 2018-03-29 12:28 - 000000000 ____D C:\Windows\Trend Micro
2018-03-29 12:20 - 2018-03-29 12:20 - 000000036 _____ C:\Users\DredNawt\AppData\Local\housecall.guid.cache
2018-03-28 21:23 - 2018-03-28 21:23 - 000026948 _____ C:\Users\DredNawt\Desktop\amcas activities.pdf
2018-03-27 00:12 - 2018-03-27 00:12 - 001378370 _____ C:\Users\DredNawt\Desktop\Geisinger_opioids_paper_American_J_Prev_Med_March15_embargo.pdf
2018-03-22 17:12 - 2018-03-22 17:12 - 000000000 ___HD C:\$Windows.~WS
2018-03-22 17:05 - 2018-03-22 17:05 - 000000000 ____D C:\$WINDOWS.~BT
2018-03-21 01:15 - 2018-03-21 01:15 - 000000000 ____D C:\Users\DredNawt\AppData\Roaming\EasyAntiCheat
2018-03-21 01:15 - 2018-03-21 01:15 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-03-21 00:05 - 2018-03-21 00:05 - 000093832 _____ C:\Users\DredNawt\AppData\Local\GDIPFONTCACHEV1.DAT
2018-03-21 00:00 - 2018-03-21 00:00 - 000359528 _____ C:\Windows\system32\FNTCACHE.DAT
2018-03-09 22:43 - 2018-03-09 22:43 - 000000000 ____D C:\Users\DredNawt\Documents\Wondershare Video Converter Free
2018-03-09 22:43 - 2018-03-09 22:43 - 000000000 ____D C:\Users\DredNawt\AppData\Roaming\Wondershare Video Converter Free
2018-03-09 22:42 - 2018-03-09 22:43 - 000000000 ____D C:\ProgramData\Wondershare Video Converter Free
2018-03-09 22:41 - 2018-03-09 22:42 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2018-03-07 01:25 - 2018-03-06 00:23 - 000000235 ___SH C:\Users\Public\Libraries.ini
2018-03-07 01:22 - 2018-03-07 01:22 - 000000000 ____D C:\Users\DredNawt\AppData\Local\NVIDIA Corporation
2018-03-07 01:21 - 2018-03-07 01:21 - 000000000 ____D C:\Users\DredNawt\AppData\Local\FortniteGame
2018-03-07 00:07 - 2018-03-07 01:21 - 000000000 ____D C:\Users\DredNawt\AppData\Local\UnrealEngine
2018-03-06 01:48 - 2018-03-06 01:48 - 000011408 _____ C:\Users\DredNawt\Downloads\How to Recognize Plagiarism -- Certificate Award for Graduate Students  School of Education, Indiana University Bloomington.htm
2018-02-18 01:29 - 2018-02-18 01:29 - 000000208 _____ C:\Users\DredNawt\Desktop\Torchlight II.url
2018-02-17 22:13 - 2018-02-17 22:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android
2018-01-31 23:18 - 2018-01-31 23:31 - 000013031 _____ C:\Users\DredNawt\Desktop\NSAIDS and Steroids.xlsx
2018-01-10 22:57 - 2018-04-03 11:40 - 000227784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-01-10 22:57 - 2018-04-03 11:40 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-01-07 12:23 - 2018-01-07 12:23 - 000000655 _____ C:\Users\DredNawt\Desktop\Lectures - Shortcut.lnk

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-04 13:34 - 2016-11-19 01:32 - 000000000 ____D C:\Users\DredNawt\AppData\LocalLow\Mozilla
2018-04-04 13:30 - 2009-07-14 01:13 - 000744692 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-04 13:30 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-04-04 13:27 - 2013-03-26 11:28 - 000000501 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-04-04 13:26 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-04 01:13 - 2009-07-14 00:45 - 000015632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-04 01:13 - 2009-07-14 00:45 - 000015632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-03 22:22 - 2017-10-29 18:10 - 000004136 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-04-03 22:22 - 2017-04-16 18:22 - 000004146 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-04-03 17:46 - 2016-03-06 03:30 - 000003510 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-249627006-3391249319-856258202-1000UA
2018-04-03 17:46 - 2016-03-06 03:30 - 000003238 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-249627006-3391249319-856258202-1000Core
2018-04-03 17:46 - 2015-12-03 21:54 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-04-03 17:46 - 2015-09-12 20:17 - 000003086 _____ C:\Windows\System32\Tasks\{E875F5B3-CD82-45BE-B1CE-0340A1446F7A}
2018-04-03 17:46 - 2015-08-03 17:52 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-04-03 17:46 - 2015-06-26 03:59 - 000003154 _____ C:\Windows\System32\Tasks\{CA767068-8B23-44BF-9382-ACDFBFED06C6}
2018-04-03 17:46 - 2015-06-22 19:24 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-04-03 17:46 - 2015-06-22 19:24 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-04-03 17:46 - 2015-02-06 17:47 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-04-03 17:46 - 2013-11-01 22:25 - 000003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2018-04-03 17:46 - 2013-01-19 03:43 - 000003194 _____ C:\Windows\System32\Tasks\{A69DD18D-7A30-4E88-B5A9-01AF913E0DA7}
2018-04-03 17:46 - 2012-12-03 18:55 - 000002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-04-03 17:46 - 2012-05-25 20:05 - 000003158 _____ C:\Windows\System32\Tasks\{134D7E72-FCED-4016-A43F-71839922121B}
2018-04-03 17:46 - 2012-05-25 18:52 - 000003136 _____ C:\Windows\System32\Tasks\{E1DB095C-8176-459B-AAB9-CC1F84E6FA5F}
2018-04-03 17:46 - 2012-02-20 23:16 - 000002994 _____ C:\Windows\System32\Tasks\{F87FB2DA-3218-480D-A53E-A78934CD4513}
2018-04-03 17:46 - 2012-02-20 23:16 - 000002994 _____ C:\Windows\System32\Tasks\{6134EA2C-8014-4D68-965A-D0A6C13902C6}
2018-04-03 17:46 - 2011-12-29 13:11 - 000003204 _____ C:\Windows\System32\Tasks\{94760C82-932A-4821-9479-98C0EAEDE8B2}
2018-04-03 17:46 - 2011-12-29 12:42 - 000003110 _____ C:\Windows\System32\Tasks\{A1DD1871-BFC7-4505-BE55-6B11F6F1689F}
2018-04-03 11:40 - 2014-05-09 23:40 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-04-03 11:40 - 2014-01-07 11:24 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-04-03 11:40 - 2013-03-02 14:44 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-04-03 11:40 - 2013-03-02 14:44 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-04-03 11:40 - 2012-05-26 03:13 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-04-03 11:40 - 2012-05-26 03:13 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-04-03 11:40 - 2012-05-26 03:13 - 000147224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-04-03 11:40 - 2012-05-26 03:13 - 000111352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-04-03 04:05 - 2015-08-18 11:44 - 000000000 ____D C:\Users\DredNawt\AppData\Local\VirtualStore
2018-04-03 00:51 - 2015-03-14 04:10 - 000000000 ____D C:\Users\DredNawt\AppData\Roaming\vlc
2018-04-01 12:25 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
2018-03-28 21:08 - 2015-07-19 18:55 - 000000000 ____D C:\Users\DredNawt\AppData\Roaming\uTorrent
2018-03-27 03:37 - 2013-06-28 23:59 - 000402454 _____ C:\Windows\system32\Drivers\fvstore.dat
2018-03-25 00:35 - 2015-09-01 16:10 - 000000000 ____D C:\Users\DredNawt\Documents\my games
2018-03-24 20:32 - 2013-04-26 22:31 - 000000000 ____D C:\Windows\System32\Tasks\COMODO
2018-03-23 00:16 - 2015-11-02 11:35 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-23 00:16 - 2015-11-02 11:35 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-22 17:12 - 2011-12-29 06:16 - 000000000 ____D C:\Windows\Panther
2018-03-22 03:44 - 2013-04-01 20:31 - 000000000 ____D C:\Users\DredNawt\Desktop\Med School Applications
2018-03-21 00:00 - 2009-07-14 01:08 - 000032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-03-19 12:57 - 2017-12-14 01:36 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-03-13 13:20 - 2013-04-15 18:38 - 000923720 _____ (COMODO) C:\Windows\system32\guard64.dll
2018-03-13 13:20 - 2013-04-15 18:38 - 000710168 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2018-03-13 13:20 - 2013-04-15 18:38 - 000051808 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2018-03-13 13:18 - 2013-04-15 18:38 - 000467648 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2018-03-13 13:16 - 2013-04-15 18:38 - 000371392 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2018-03-09 22:45 - 2017-10-28 18:13 - 000000000 ____D C:\ProgramData\xml_param
2018-03-08 01:21 - 2017-04-16 18:22 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-03-08 01:21 - 2017-04-16 18:22 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-03-08 01:21 - 2017-04-16 18:22 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-03-08 01:21 - 2017-04-16 18:22 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-03-07 00:14 - 2013-01-29 01:46 - 000000000 ____D C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2018-03-29 12:37 - 2018-04-03 11:52 - 000330825 _____ () C:\Users\DredNawt\AppData\Local\ars.cache
2018-03-29 12:37 - 2018-04-03 11:52 - 000691263 _____ () C:\Users\DredNawt\AppData\Local\census.cache
2018-03-29 12:20 - 2018-03-29 12:20 - 000000036 _____ () C:\Users\DredNawt\AppData\Local\housecall.guid.cache
2012-03-05 09:47 - 2017-09-09 02:06 - 000007632 _____ () C:\Users\DredNawt\AppData\Local\resmon.resmoncfg
2018-03-29 12:35 - 2018-04-03 11:51 - 000000010 _____ () C:\Users\DredNawt\AppData\Local\sponge.last.runtime.cache
2011-12-29 16:23 - 2011-12-29 16:26 - 000463466 _____ () C:\Users\DredNawt\AppData\Local\WinRARXPENGLISH.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {19913a26-3206-11e1-8b61-9fc2983c0829}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 0

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {19913a28-3206-11e1-8b61-9fc2983c0829}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {19913a26-3206-11e1-8b61-9fc2983c0829}
nx                      OptIn
sos                     No

Windows Boot Loader
-------------------
identifier              {19913a28-3206-11e1-8b61-9fc2983c0829}
device                  ramdisk=[C:]\Recovery\19913a28-3206-11e1-8b61-9fc2983c0829\Winre.wim,{19913a29-3206-11e1-8b61-9fc2983c0829}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\19913a28-3206-11e1-8b61-9fc2983c0829\Winre.wim,{19913a29-3206-11e1-8b61-9fc2983c0829}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {19913a26-3206-11e1-8b61-9fc2983c0829}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {19913a29-3206-11e1-8b61-9fc2983c0829}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\19913a28-3206-11e1-8b61-9fc2983c0829\boot.sdi


LastRegBack: 2018-03-30 21:33

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 AM

Posted 09 April 2018 - 12:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/674816 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Sluggy

Sluggy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 09 April 2018 - 07:47 PM

I received a recent scan notification that Avast found I had a DNS Hijack. Access to certain websites, like Facebook, turn up the following error, SSL_ERROR_RX_RECORD_TOO_LONG or result in a connection time out. When I try to boot into safemode to run other tools, my computer restarts on the log-in screen after about 3 seconds and entering my password does not work. I am using my Android phone as a tether and am running AVG and no-root firewall. Checking on F-secure Router Checker comes back with no issues. I do not have my original windows DVD's available.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by DredNawt (administrator) on DREDNAWT-PC (09-04-2018 20:35:13)
Running from I:\Portable Anti-Malware
Loaded Profiles: DredNawt (Available Profiles: DredNawt)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "E:\Software\ISP\firefox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) E:\Software\Security\Comodo\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) E:\Software\Security\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
() C:\Windows\System32\PnkBstrA.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe
(COMODO) E:\Software\Security\Comodo\COMODO Internet Security\cavwp.exe
(AVAST Software) E:\Software\Security\Avast\x64\aswidsagenta.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(COMODO) E:\Software\Security\Comodo\COMODO Internet Security\cistray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(Advanced Micro Devices Inc.) D:\Hardware\Drivers\Graphics\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) E:\Software\Security\Avast\AvastUI.exe
(ATI Technologies Inc.) D:\Hardware\Drivers\Graphics\ATI.ACE\Core-Static\CCC.exe
(Piriform Ltd) E:\Software\Security\Cleaner\CCleaner64.exe
(Mozilla Corporation) E:\Software\ISP\firefox.exe
(COMODO) E:\Software\Security\Comodo\COMODO Internet Security\cis.exe
(Mozilla Corporation) E:\Software\ISP\firefox.exe
(Mozilla Corporation) E:\Software\ISP\firefox.exe
(Mozilla Corporation) E:\Software\ISP\firefox.exe
(Mozilla Corporation) E:\Software\ISP\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-23] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-23] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] => E:\Software\Security\COMODO\COMODO Internet Security\cistray.exe [2208448 2018-03-13] (COMODO)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15009400 2015-10-23] (Logitech Inc.)
HKLM\...\Run: [AvastUI.exe] => E:\Software\Security\Avast\AvLaunch.exe [242392 2018-04-03] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => D:\Hardware\Drivers\Graphics\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\Run: [CCleaner Monitoring] => E:\Software\Security\Cleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\Run: [Google Update] => C:\Users\DredNawt\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-15] (Google Inc.)
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {12614da5-3d9b-11e2-8413-00261854a5b9} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {1c293854-a073-11e1-9123-00261854a5b9} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {214ca499-8664-11e1-aff3-00261854a5b9} - J:\LaunchU3.exe -a
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {348c99cc-55e7-11e2-a15a-00261854a5b9} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {3a621339-3206-11e1-ae17-806e6f6e6963} - F:\setup.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {3a621345-3206-11e1-ae17-806e6f6e6963} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {44144153-c99b-11e2-b274-00261854a5b9} - K:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {44144154-c99b-11e2-b274-00261854a5b9} - J:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {5143976f-b444-11e2-8217-00261854a5b9} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {5f2c259f-d7f3-11e3-b128-00261854a5b9} - G:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {5f2c25a0-d7f3-11e3-b128-00261854a5b9} - K:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {635cecf9-5307-11e7-9270-c8dbee6384e9} - J:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {a8a64fd3-754c-11e2-8e49-00261854a5b9} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {a8a64fd5-754c-11e2-8e49-00261854a5b9} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {c48b3cb4-4ed5-11e2-9210-00261854a5b9} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {d4e7a48d-b261-11e1-b0ba-00261854a5b9} - I:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {d51722d8-c177-11e5-aa99-b580a2d4a9be} - G:\setup.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {dfaa134a-c785-11e4-a669-9c6306562072} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {eb76f021-a3fa-11e2-861f-00261854a5b9} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {eb76f022-a3fa-11e2-861f-00261854a5b9} - I:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {f54e00ed-d1d3-11e1-9f40-00261854a5b9} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {f568bc0d-a601-11e2-9260-00261854a5b9} - I:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\avastSS.scr [53208 2016-10-27] (AVAST Software)
Startup: C:\Users\DredNawt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2018-02-17]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
BootExecute: 耀

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{8F1BF86E-DAF8-4192-9169-90C55E9E6E4D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B2284C2B-F870-409D-91DF-957C1ED8EEF5}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{F3328A91-15B0-4799-9079-7038A2EB1B3D}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-249627006-3391249319-856258202-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> E:\Software\Security\Avast\aswWebRepIE64.dll [2018-02-18] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> E:\Software\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> E:\Software\Security\Avast\aswWebRepIE.dll [2018-02-18] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> E:\Software\Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-249627006-3391249319-856258202-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: HKLM {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File

FireFox:
========
FF DefaultProfile: 00pax454.default-1387386287991
FF ProfilePath: C:\Users\DredNawt\AppData\Roaming\Mozilla\Firefox\Profiles\00pax454.default-1387386287991 [2018-04-09]
FF Homepage: Mozilla\Firefox\Profiles\00pax454.default-1387386287991 -> hxxps://www.google.com/
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\DredNawt\AppData\Roaming\Mozilla\Firefox\Profiles\00pax454.default-1387386287991\Extensions\adblockpopups@jessehakanen.net.xpi [2016-04-28] [Legacy]
FF Extension: (EPUBReader) - C:\Users\DredNawt\AppData\Roaming\Mozilla\Firefox\Profiles\00pax454.default-1387386287991\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2017-08-02]
FF Extension: (Adblock Plus) - C:\Users\DredNawt\AppData\Roaming\Mozilla\Firefox\Profiles\00pax454.default-1387386287991\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-13]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\DredNawt\AppData\Roaming\Mozilla\Firefox\Profiles\00pax454.default-1387386287991\features\{48450b5f-481e-459c-8477-28555859ece5}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-05] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-30] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll [2012-09-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> E:\Software\Java\bin\plugin2\npjp2.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-12-30] (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-30] ()
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-12-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> E:\Software\Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> E:\Software\Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> E:\Software\Media\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> E:\Software\Adobe\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-249627006-3391249319-856258202-1000: @citrixonline.com/appdetectorplugin -> C:\Users\DredNawt\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-12] (Citrix Online)
FF Plugin HKU\S-1-5-21-249627006-3391249319-856258202-1000: @tools.google.com/Google Update;version=3 -> C:\Users\DredNawt\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-249627006-3391249319-856258202-1000: @tools.google.com/Google Update;version=9 -> C:\Users\DredNawt\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
StartMenuInternet: FIREFOX.EXE - E:\Software\ISP\firefox.exe

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/"
CHR Profile: C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default [2018-04-05]
CHR Extension: (Google Slides) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-02]
CHR Extension: (Google Docs) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-02]
CHR Extension: (Google Drive) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02]
CHR Extension: (YouTube) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-02]
CHR Extension: (Google Search) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Google Sheets) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-02]
CHR Extension: (Google Docs Offline) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-23]
CHR Extension: (Avast Online Security) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-02]
CHR Extension: (Video Speed Controller) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2015-11-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-02]
CHR Extension: (Gmail) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-02]
CHR Profile: C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-04-07]
CHR Extension: (Docs) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-01]
CHR Extension: (YouTube) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-01]
CHR Extension: (Google Search) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-01]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2016-02-29]
CHR Extension: (Google Docs Offline) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Avast Online Security) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-19]
CHR Extension: (Video Speed Controller) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2018-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Gmail) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-01]
CHR Extension: (Chrome Media Router) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Software\Security\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; E:\Software\Security\Avast\x64\aswidsagenta.exe [7603408 2018-04-03] (AVAST Software)
R2 avast! Antivirus; E:\Software\Security\Avast\AvastSvc.exe [313640 2018-04-03] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2018-03-07] ()
R2 cmdAgent; E:\Software\Security\COMODO\COMODO Internet Security\cmdagent.exe [11395096 2018-03-13] (COMODO)
S3 cmdvirth; E:\Software\Security\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2018-03-13] (COMODO)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-21] (EasyAntiCheat Ltd)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-10-23] (Logitech Inc.)
S3 MBAMService; E:\Software\Security\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S3 Microsoft SharePoint Workspace Audit Service; E:\Software\Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-09-09] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-09-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
S2 HPSLPSVC; C:\Users\DredNawt\AppData\Local\Temp\7zS647C\hpslpsvc64.dll [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [17008 2015-10-20] () [File not signed]
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2015-10-20] () [File not signed]
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2015-05-26] (Wondershare)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-04-03] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-08] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-08] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-08] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-08] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [227784 2018-04-03] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-04-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-06-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [147224 2018-04-03] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111352 2018-04-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-04-03] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-04-03] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-04-03] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-04-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-04-03] (AVAST Software)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [34280 2018-01-31] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [846624 2018-01-31] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [59096 2018-01-31] (COMODO)
S1 fanio; C:\Windows\SysWOW64\drivers\fanio.sys [14464 2007-02-16] (Christian Diefer) [File not signed]
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [123544 2018-01-31] (COMODO)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-08-15] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2015-02-21] (Logitech Inc.)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-04] (Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-11-01] (Duplex Secure Ltd.)
S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1306624 2009-05-14] (C-Media Electronics Inc)
U3 aq0kke6m; C:\Windows\System32\Drivers\aq0kke6m.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S0 79890540; system32\drivers\89629951.sys [X]
S3 ALSysIO; \??\C:\Users\DredNawt\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S1 Capsax64Drv0; System32\Drivers\Capsax64Drv0.sys [X]
S1 CSN5PDTS82; System32\Drivers\CSN5PDTS82.sys [X]
S1 CSN5PDTS82x64; System32\Drivers\CSN5PDTS82x64.sys [X]
S1 CsNdisLWF; System32\Drivers\CsNdisLWF.sys [X]
S3 easytether; system32\DRIVERS\easytthr.sys [X]
S3 LGELTEBus; system32\DRIVERS\LGELTEBus.sys [X]
S3 LGELTEmdm; system32\DRIVERS\LGELTEmdm.sys [X]
S3 LGELTEMux; system32\DRIVERS\LGELTEMux.sys [X]
S3 LGELTENdis; system32\DRIVERS\LGELTENdis.sys [X]
S3 LGELTEprt; system32\DRIVERS\LGELTEprt.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-05 22:54 - 2018-04-05 22:54 - 000359528 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-05 02:10 - 2018-04-05 02:10 - 000093832 _____ C:\Users\DredNawt\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-05 01:46 - 2018-04-05 01:46 - 015333512 _____ (Piriform Ltd) C:\Users\DredNawt\Downloads\ccsetup541.exe
2018-04-04 22:35 - 2018-04-04 22:35 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\3556E261.sys
2018-04-04 22:10 - 2018-04-04 22:10 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-04 20:35 - 2018-04-04 20:42 - 000218384 _____ C:\TDSSKiller.3.1.0.16_04.04.2018_20.35.34_log.txt
2018-04-04 20:25 - 2018-04-04 20:25 - 000000000 ____D C:\Users\DredNawt\AppData\Roaming\Comodo
2018-04-04 17:43 - 2018-04-04 17:43 - 000063438 _____ C:\Users\DredNawt\Desktop\2018 AMCAS Application.pdf
2018-04-04 01:05 - 2018-04-04 01:06 - 000217756 _____ C:\TDSSKiller.3.1.0.16_04.04.2018_01.05.26_log.txt
2018-04-04 00:53 - 2018-04-04 00:54 - 000218476 _____ C:\TDSSKiller.3.1.0.16_04.04.2018_00.53.49_log.txt
2018-04-03 11:40 - 2018-04-03 11:40 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-04-03 11:40 - 2017-10-17 12:40 - 000334488 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2018-04-03 04:03 - 2018-04-09 20:35 - 000000000 ____D C:\FRST
2018-04-03 03:48 - 2018-04-04 22:42 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-04-03 03:45 - 2018-04-04 22:42 - 000000000 ____D C:\Users\DredNawt\Desktop\mbar
2018-04-03 03:45 - 2018-04-04 22:34 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-04-03 03:44 - 2018-04-03 03:44 - 000000000 ____D C:\Rem-VBSqt
2018-04-03 03:42 - 2018-04-03 03:49 - 000000000 ____D C:\ProgramData\Sophos
2018-04-03 03:38 - 2018-04-04 20:31 - 000000000 ____D C:\AdwCleaner
2018-04-03 03:30 - 2018-04-03 03:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-03 03:18 - 2018-04-03 03:18 - 002861969 _____ C:\Users\DredNawt\Desktop\Pain Localization via BCI.pdf
2018-04-01 14:51 - 2018-04-01 14:51 - 001291167 _____ C:\Users\DredNawt\Desktop\Thermoreceptors.pdf
2018-04-01 13:43 - 2018-04-01 13:43 - 001558588 _____ C:\Users\DredNawt\Desktop\JCI42843.pdf
2018-04-01 13:42 - 2018-04-01 13:42 - 003286169 _____ C:\Users\DredNawt\Desktop\242.full.pdf
2018-03-29 12:45 - 2018-03-29 20:28 - 000000000 ____D C:\Program Files (x86)\Trend Micro
2018-03-29 12:45 - 2018-03-29 12:53 - 000000000 ____D C:\Users\DredNawt\AppData\Local\Trend Micro
2018-03-29 12:37 - 2018-04-03 11:52 - 000691263 _____ C:\Users\DredNawt\AppData\Local\census.cache
2018-03-29 12:37 - 2018-04-03 11:52 - 000330825 _____ C:\Users\DredNawt\AppData\Local\ars.cache
2018-03-29 12:35 - 2018-04-03 11:51 - 000000010 _____ C:\Users\DredNawt\AppData\Local\sponge.last.runtime.cache
2018-03-29 12:28 - 2018-04-03 11:44 - 000000000 ____D C:\ProgramData\Trend Micro
2018-03-29 12:28 - 2018-03-29 12:28 - 000000000 ____D C:\Windows\Trend Micro
2018-03-29 12:20 - 2018-03-29 12:20 - 000000036 _____ C:\Users\DredNawt\AppData\Local\housecall.guid.cache
2018-03-28 21:23 - 2018-03-28 21:23 - 000026948 _____ C:\Users\DredNawt\Desktop\amcas activities.pdf
2018-03-27 00:12 - 2018-03-27 00:12 - 001378370 _____ C:\Users\DredNawt\Desktop\Geisinger_opioids_paper_American_J_Prev_Med_March15_embargo.pdf
2018-03-22 17:12 - 2018-03-22 17:12 - 000000000 ___HD C:\$Windows.~WS
2018-03-22 17:05 - 2018-03-22 17:05 - 000000000 ____D C:\$WINDOWS.~BT
2018-03-21 01:15 - 2018-03-21 01:15 - 000000000 ____D C:\Users\DredNawt\AppData\Roaming\EasyAntiCheat
2018-03-21 01:15 - 2018-03-21 01:15 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-09 20:32 - 2016-11-19 01:32 - 000000000 ____D C:\Users\DredNawt\AppData\LocalLow\Mozilla
2018-04-09 20:31 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-08 23:12 - 2015-03-14 04:10 - 000000000 ____D C:\Users\DredNawt\AppData\Roaming\vlc
2018-04-08 20:58 - 2017-10-29 18:10 - 000004136 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-04-08 20:58 - 2017-04-16 18:22 - 000004146 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-04-08 20:58 - 2009-07-14 00:45 - 000015632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-08 20:58 - 2009-07-14 00:45 - 000015632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-08 20:53 - 2009-07-14 01:13 - 000744692 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-08 20:53 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-04-07 18:40 - 2016-03-06 03:30 - 000003510 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-249627006-3391249319-856258202-1000UA
2018-04-07 18:40 - 2016-03-06 03:30 - 000003238 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-249627006-3391249319-856258202-1000Core
2018-04-07 18:40 - 2015-12-03 21:54 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-04-07 18:40 - 2015-09-12 20:17 - 000003086 _____ C:\Windows\System32\Tasks\{E875F5B3-CD82-45BE-B1CE-0340A1446F7A}
2018-04-07 18:40 - 2015-08-03 17:52 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-04-07 18:40 - 2015-06-26 03:59 - 000003154 _____ C:\Windows\System32\Tasks\{CA767068-8B23-44BF-9382-ACDFBFED06C6}
2018-04-07 18:40 - 2015-06-22 19:24 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-04-07 18:40 - 2015-06-22 19:24 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-04-07 18:40 - 2015-02-06 17:47 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-04-07 18:40 - 2013-11-01 22:25 - 000003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2018-04-07 18:40 - 2013-01-19 03:43 - 000003194 _____ C:\Windows\System32\Tasks\{A69DD18D-7A30-4E88-B5A9-01AF913E0DA7}
2018-04-07 18:40 - 2012-12-03 18:55 - 000002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-04-07 18:40 - 2012-05-25 20:05 - 000003158 _____ C:\Windows\System32\Tasks\{134D7E72-FCED-4016-A43F-71839922121B}
2018-04-07 18:40 - 2012-05-25 18:52 - 000003136 _____ C:\Windows\System32\Tasks\{E1DB095C-8176-459B-AAB9-CC1F84E6FA5F}
2018-04-07 18:40 - 2012-02-20 23:16 - 000002994 _____ C:\Windows\System32\Tasks\{F87FB2DA-3218-480D-A53E-A78934CD4513}
2018-04-07 18:40 - 2012-02-20 23:16 - 000002994 _____ C:\Windows\System32\Tasks\{6134EA2C-8014-4D68-965A-D0A6C13902C6}
2018-04-07 18:40 - 2011-12-29 13:11 - 000003204 _____ C:\Windows\System32\Tasks\{94760C82-932A-4821-9479-98C0EAEDE8B2}
2018-04-07 18:40 - 2011-12-29 12:42 - 000003110 _____ C:\Windows\System32\Tasks\{A1DD1871-BFC7-4505-BE55-6B11F6F1689F}
2018-04-06 01:04 - 2015-07-19 18:55 - 000000000 ____D C:\Users\DredNawt\AppData\Roaming\uTorrent
2018-04-05 23:06 - 2013-03-26 11:28 - 000000504 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-04-05 01:59 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
2018-04-03 11:40 - 2018-01-10 22:57 - 000227784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-04-03 11:40 - 2018-01-10 22:57 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-04-03 11:40 - 2014-05-09 23:40 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-04-03 11:40 - 2014-01-07 11:24 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-04-03 11:40 - 2013-03-02 14:44 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-04-03 11:40 - 2013-03-02 14:44 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-04-03 11:40 - 2012-05-26 03:13 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-04-03 11:40 - 2012-05-26 03:13 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-04-03 11:40 - 2012-05-26 03:13 - 000147224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-04-03 11:40 - 2012-05-26 03:13 - 000111352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-04-03 04:05 - 2015-08-18 11:44 - 000000000 ____D C:\Users\DredNawt\AppData\Local\VirtualStore
2018-03-27 03:37 - 2013-06-28 23:59 - 000402454 _____ C:\Windows\system32\Drivers\fvstore.dat
2018-03-25 00:35 - 2015-09-01 16:10 - 000000000 ____D C:\Users\DredNawt\Documents\my games
2018-03-24 20:32 - 2013-04-26 22:31 - 000000000 ____D C:\Windows\System32\Tasks\COMODO
2018-03-23 00:16 - 2015-11-02 11:35 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-23 00:16 - 2015-11-02 11:35 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-22 17:12 - 2011-12-29 06:16 - 000000000 ____D C:\Windows\Panther
2018-03-22 03:44 - 2013-04-01 20:31 - 000000000 ____D C:\Users\DredNawt\Desktop\Med School Applications
2018-03-21 00:00 - 2009-07-14 01:08 - 000032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-03-19 12:57 - 2017-12-14 01:36 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-03-13 13:20 - 2013-04-15 18:38 - 000923720 _____ (COMODO) C:\Windows\system32\guard64.dll
2018-03-13 13:20 - 2013-04-15 18:38 - 000710168 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2018-03-13 13:20 - 2013-04-15 18:38 - 000051808 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2018-03-13 13:18 - 2013-04-15 18:38 - 000467648 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2018-03-13 13:16 - 2013-04-15 18:38 - 000371392 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll

==================== Files in the root of some directories =======

2018-03-29 12:37 - 2018-04-03 11:52 - 000330825 _____ () C:\Users\DredNawt\AppData\Local\ars.cache
2018-03-29 12:37 - 2018-04-03 11:52 - 000691263 _____ () C:\Users\DredNawt\AppData\Local\census.cache
2018-03-29 12:20 - 2018-03-29 12:20 - 000000036 _____ () C:\Users\DredNawt\AppData\Local\housecall.guid.cache
2012-03-05 09:47 - 2017-09-09 02:06 - 000007632 _____ () C:\Users\DredNawt\AppData\Local\resmon.resmoncfg
2018-03-29 12:35 - 2018-04-03 11:51 - 000000010 _____ () C:\Users\DredNawt\AppData\Local\sponge.last.runtime.cache
2011-12-29 16:23 - 2011-12-29 16:26 - 000463466 _____ () C:\Users\DredNawt\AppData\Local\WinRARXPENGLISH.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-08 17:43

==================== End of FRST.txt ============================



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:11 PM

Posted 15 April 2018 - 07:48 PM

Greetings Sluggy and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please run a fresh FRST scan leaving the default settings and copy/paste the contents of the 2 reports in your reply. Use multiple posts if necessary.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Sluggy

Sluggy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 15 April 2018 - 11:29 PM

Hello Gary,

 

Thank you for helping me! I greatly appreciate it, you can call me Moe. If this is indeed an issue and you can help me take care of it, I have donated before to someone who helped me on this forum and will be glad to do so again. Below are the FRST's.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2018
Ran by DredNawt (administrator) on DREDNAWT-PC (16-04-2018 00:27:42)
Running from I:\Portable Anti-Malware
Loaded Profiles: DredNawt (Available Profiles: DredNawt)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "E:\Software\ISP\firefox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) E:\Software\Security\Comodo\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) E:\Software\Security\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
() C:\Windows\System32\PnkBstrA.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe
(COMODO) E:\Software\Security\Comodo\COMODO Internet Security\cavwp.exe
(AVAST Software) E:\Software\Security\Avast\x64\aswidsagenta.exe
(COMODO) E:\Software\Security\Comodo\COMODO Internet Security\cistray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(Advanced Micro Devices Inc.) D:\Hardware\Drivers\Graphics\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) E:\Software\Security\Avast\AvastUI.exe
(ATI Technologies Inc.) D:\Hardware\Drivers\Graphics\ATI.ACE\Core-Static\CCC.exe
(Piriform Ltd) E:\Software\Security\Cleaner\CCleaner64.exe
(COMODO) E:\Software\Security\Comodo\COMODO Internet Security\cis.exe
(VideoLAN) E:\Software\Media\VLC\vlc.exe
(Mozilla Corporation) E:\Software\ISP\firefox.exe
(Mozilla Corporation) E:\Software\ISP\firefox.exe
(Mozilla Corporation) E:\Software\ISP\firefox.exe
(Mozilla Corporation) E:\Software\ISP\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Mozilla Corporation) E:\Software\ISP\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-23] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-23] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] => E:\Software\Security\COMODO\COMODO Internet Security\cistray.exe [2208448 2018-03-13] (COMODO)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15009400 2015-10-23] (Logitech Inc.)
HKLM\...\Run: [AvastUI.exe] => E:\Software\Security\Avast\AvLaunch.exe [242392 2018-04-03] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => D:\Hardware\Drivers\Graphics\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\Run: [CCleaner Monitoring] => E:\Software\Security\Cleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\Run: [Google Update] => C:\Users\DredNawt\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-15] (Google Inc.)
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {12614da5-3d9b-11e2-8413-00261854a5b9} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {1c293854-a073-11e1-9123-00261854a5b9} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {214ca499-8664-11e1-aff3-00261854a5b9} - J:\LaunchU3.exe -a
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {348c99cc-55e7-11e2-a15a-00261854a5b9} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {3a621339-3206-11e1-ae17-806e6f6e6963} - F:\setup.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {3a621345-3206-11e1-ae17-806e6f6e6963} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {44144153-c99b-11e2-b274-00261854a5b9} - K:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {44144154-c99b-11e2-b274-00261854a5b9} - J:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {5143976f-b444-11e2-8217-00261854a5b9} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {5f2c259f-d7f3-11e3-b128-00261854a5b9} - G:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {5f2c25a0-d7f3-11e3-b128-00261854a5b9} - K:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {635cecf9-5307-11e7-9270-c8dbee6384e9} - J:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {a8a64fd3-754c-11e2-8e49-00261854a5b9} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {a8a64fd5-754c-11e2-8e49-00261854a5b9} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {c48b3cb4-4ed5-11e2-9210-00261854a5b9} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {d4e7a48d-b261-11e1-b0ba-00261854a5b9} - I:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {d51722d8-c177-11e5-aa99-b580a2d4a9be} - G:\setup.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {dfaa134a-c785-11e4-a669-9c6306562072} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {eb76f021-a3fa-11e2-861f-00261854a5b9} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {eb76f022-a3fa-11e2-861f-00261854a5b9} - I:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {f54e00ed-d1d3-11e1-9f40-00261854a5b9} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MountPoints2: {f568bc0d-a601-11e2-9260-00261854a5b9} - I:\TL-Bootstrap.exe
HKU\S-1-5-21-249627006-3391249319-856258202-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\avastSS.scr [53208 2016-10-27] (AVAST Software)
Startup: C:\Users\DredNawt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2018-02-17]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
Startup: C:\Users\DredNawt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-04-16]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: 耀

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{8F1BF86E-DAF8-4192-9169-90C55E9E6E4D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B2284C2B-F870-409D-91DF-957C1ED8EEF5}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{F3328A91-15B0-4799-9079-7038A2EB1B3D}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-249627006-3391249319-856258202-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-04-16] (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> E:\Software\Security\Avast\aswWebRepIE64.dll [2018-02-18] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-04-16] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> E:\Software\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> E:\Software\Security\Avast\aswWebRepIE.dll [2018-02-18] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-04-16] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-249627006-3391249319-856258202-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: HKLM {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-16] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-16] (Microsoft Corporation)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File

FireFox:
========
FF DefaultProfile: 00pax454.default-1387386287991
FF ProfilePath: C:\Users\DredNawt\AppData\Roaming\Mozilla\Firefox\Profiles\00pax454.default-1387386287991 [2018-04-16]
FF Homepage: Mozilla\Firefox\Profiles\00pax454.default-1387386287991 -> hxxps://www.google.com/
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\DredNawt\AppData\Roaming\Mozilla\Firefox\Profiles\00pax454.default-1387386287991\Extensions\adblockpopups@jessehakanen.net.xpi [2016-04-28] [Legacy]
FF Extension: (EPUBReader) - C:\Users\DredNawt\AppData\Roaming\Mozilla\Firefox\Profiles\00pax454.default-1387386287991\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2017-08-02]
FF Extension: (Adblock Plus) - C:\Users\DredNawt\AppData\Roaming\Mozilla\Firefox\Profiles\00pax454.default-1387386287991\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-13]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\DredNawt\AppData\Roaming\Mozilla\Firefox\Profiles\00pax454.default-1387386287991\features\{48450b5f-481e-459c-8477-28555859ece5}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-05] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-30] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll [2012-09-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> E:\Software\Java\bin\plugin2\npjp2.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-12-30] (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-30] ()
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-12-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> E:\Software\Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-04-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> E:\Software\Media\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> E:\Software\Adobe\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-249627006-3391249319-856258202-1000: @citrixonline.com/appdetectorplugin -> C:\Users\DredNawt\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-12] (Citrix Online)
FF Plugin HKU\S-1-5-21-249627006-3391249319-856258202-1000: @tools.google.com/Google Update;version=3 -> C:\Users\DredNawt\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-249627006-3391249319-856258202-1000: @tools.google.com/Google Update;version=9 -> C:\Users\DredNawt\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
StartMenuInternet: FIREFOX.EXE - E:\Software\ISP\firefox.exe

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/"
CHR Profile: C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default [2018-04-05]
CHR Extension: (Google Slides) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-02]
CHR Extension: (Google Docs) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-02]
CHR Extension: (Google Drive) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02]
CHR Extension: (YouTube) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-02]
CHR Extension: (Google Search) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Google Sheets) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-02]
CHR Extension: (Google Docs Offline) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-23]
CHR Extension: (Avast Online Security) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-02]
CHR Extension: (Video Speed Controller) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2015-11-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-02]
CHR Extension: (Gmail) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-02]
CHR Profile: C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-04-12]
CHR Extension: (Docs) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-01]
CHR Extension: (YouTube) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-01]
CHR Extension: (Google Search) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-01]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2016-02-29]
CHR Extension: (Google Docs Offline) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Avast Online Security) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-19]
CHR Extension: (Video Speed Controller) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2018-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Gmail) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-01]
CHR Extension: (Chrome Media Router) - C:\Users\DredNawt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Software\Security\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; E:\Software\Security\Avast\x64\aswidsagenta.exe [7603408 2018-04-03] (AVAST Software)
R2 avast! Antivirus; E:\Software\Security\Avast\AvastSvc.exe [313640 2018-04-03] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2018-03-07] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8522416 2018-04-06] (Microsoft Corporation)
R2 cmdAgent; E:\Software\Security\COMODO\COMODO Internet Security\cmdagent.exe [11395096 2018-03-13] (COMODO)
S3 cmdvirth; E:\Software\Security\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2018-03-13] (COMODO)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-21] (EasyAntiCheat Ltd)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-10-23] (Logitech Inc.)
S3 MBAMService; E:\Software\Security\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S3 Microsoft SharePoint Workspace Audit Service; E:\Software\Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-09-09] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-09-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
S2 HPSLPSVC; C:\Users\DredNawt\AppData\Local\Temp\7zS647C\hpslpsvc64.dll [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [17008 2015-10-20] () [File not signed]
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2015-10-20] () [File not signed]
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2015-05-26] (Wondershare)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-04-03] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-08] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-08] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-08] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-08] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [227784 2018-04-03] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-04-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-06-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [147224 2018-04-12] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111352 2018-04-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-04-03] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-04-03] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-04-03] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-04-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-04-03] (AVAST Software)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [34280 2018-01-31] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [846624 2018-01-31] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [59096 2018-01-31] (COMODO)
S1 fanio; C:\Windows\SysWOW64\drivers\fanio.sys [14464 2007-02-16] (Christian Diefer) [File not signed]
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [123544 2018-01-31] (COMODO)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-08-15] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2015-02-21] (Logitech Inc.)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-04] (Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-11-01] (Duplex Secure Ltd.)
S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1306624 2009-05-14] (C-Media Electronics Inc)
U3 ahu4vmpt; C:\Windows\System32\Drivers\ahu4vmpt.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S0 79890540; system32\drivers\89629951.sys [X]
S3 ALSysIO; \??\C:\Users\DredNawt\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S1 Capsax64Drv0; System32\Drivers\Capsax64Drv0.sys [X]
S1 CSN5PDTS82; System32\Drivers\CSN5PDTS82.sys [X]
S1 CSN5PDTS82x64; System32\Drivers\CSN5PDTS82x64.sys [X]
S1 CsNdisLWF; System32\Drivers\CsNdisLWF.sys [X]
S3 easytether; system32\DRIVERS\easytthr.sys [X]
S3 LGELTEBus; system32\DRIVERS\LGELTEBus.sys [X]
S3 LGELTEmdm; system32\DRIVERS\LGELTEmdm.sys [X]
S3 LGELTEMux; system32\DRIVERS\LGELTEMux.sys [X]
S3 LGELTENdis; system32\DRIVERS\LGELTENdis.sys [X]
S3 LGELTEprt; system32\DRIVERS\LGELTEprt.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 0DC2A9882540DEA4A55B08785E09D8FC
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys FBB35875FEFE53D4280259842069ED72
C:\Windows\System32\DRIVERS\atikmpag.sys A32BCAD9377E3B75D034CAFBA463A0AE
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\ampa.sys 091F08BCEE2AEDDC89070370552DFD34
C:\Windows\SysWOW64\ampa.sys 091F08BCEE2AEDDC89070370552DFD34
C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys 4542CC17440E85D2D2D73A7D40FAED0A
C:\Windows\system32\drivers\appid.sys C16B5B379A2A79702CC5FF923EAAE3FD
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\AsIO.sys A82C01606DC27D05D9D3BFB6BB807E32
C:\Windows\System32\drivers\aswArPot.sys 300D6AC47A146EB8EB159F51BC13F7CF
C:\Windows\System32\drivers\aswbidsdrivera.sys A2F689B3E2BEAF05DD6DBE6ED862F781
C:\Windows\System32\drivers\aswbidsha.sys 9CAF76B70650DBF39AD85E6CE885F5B7
C:\Windows\System32\drivers\aswbloga.sys A846D0306A72F8AF5515009D811F344B
C:\Windows\System32\drivers\aswbuniva.sys 6A4C9AEBDBB30D9DF0A6F03BC3B4007B
C:\Windows\System32\drivers\aswHdsKe.sys F671444D530705D87E97D2DEA0F0240F
C:\Windows\System32\drivers\aswHwid.sys C13780FF7B75D5D2BDB7491038AE5A61
C:\Windows\system32\drivers\aswKbd.sys 5E6FD2CB74138C6AF591779D2619BD6C
C:\Windows\System32\drivers\aswMonFlt.sys C20217D115B0985A802B04A2EF58F8A6
C:\Windows\System32\drivers\aswRdr2.sys 65A437FE46CD8357A1F9B38FF89DE02A
C:\Windows\System32\drivers\aswRvrt.sys 809F63E2A32A54451EFCD86E7441CD5C
C:\Windows\System32\drivers\aswSnx.sys E2343CB37394EC3AF6151ADAF30B64CA
C:\Windows\System32\drivers\aswSP.sys 50B01BDC0DDF6899E8C5C215012FC4E7
C:\Windows\System32\drivers\aswStm.sys 55B0953394B255B16F3013B922993594
C:\Windows\System32\drivers\aswVmm.sys 0BC5031C59054FB1D7B318C21B40FCA5
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 770A3B0D78232B0C1054495392A1FBA3
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ABA3984C822E4D3F889699912D85D6C5
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 3963FEC1892368DD500E6ED1F5C286CE
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cmderd.sys 7840258B8CA23C7E4DAD9F30CFCC2B89
C:\Windows\System32\DRIVERS\cmdguard.sys 881670F90B6A4799F2394182349F9C4F
C:\Windows\System32\DRIVERS\cmdhlp.sys 59E1CF1BEFDFCD3588091623D816B74B
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys A98CED39AD91B445E2E442A9BD67E8B4
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 9B38580063D281A99E68EF5813022A5F
C:\Windows\System32\DRIVERS\ssudbus.sys BC319C065335B10A5AA5938A677A60D5
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\drivers\dxgkrnl.sys 5CEF80AE869336376F550ECAE91E424A
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys 7E45F8B117419ABA3BB26579F6E70324
C:\Windows\SysWOW64\drivers\fanio.sys 0DD24DABB0B8C4AC0D8F2EBF0492276A
C:\Windows\System32\Drivers\fastfat.sys 6EDFA237D25433C03F42FBFDB16BDD24
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ANDROIDUSB.sys F47CEC45FB85791D4AB237563AD0FA8F
C:\Windows\System32\DRIVERS\HtcVComV64.sys 7C7C986776D00E575BFBDE5DCBDC615D
C:\Windows\System32\drivers\HTTP.sys CF5C9BD985120781200D35FD445D0BD5
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\inspect.sys 1D1053ACB6DF95882838F74AD0965F92
C:\Windows\System32\drivers\RTKVHD64.sys D42D651676883181400E22957A7E0B1E
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys DFE85B031220F8E0271716BBB3C4C8FF
C:\Windows\System32\Drivers\ksecpkg.sys 70D7302DD70B979637179BFD8295C924
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\drivers\LGBusEnum.sys 17325C9B9ADB2BB99049936D0C9812C8
C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys 2D7F1C02B94D6F0F3E10107E5EA8E141
C:\Windows\System32\drivers\LGJoyXlCore.sys C7AF05942E041D4B1F345ACF79993BB3
C:\Windows\System32\DRIVERS\LGSHidFilt.Sys 94AF1384A67B9FCF5651E70BC9D4C526
C:\Windows\System32\drivers\LGVirHid.sys 1DDB8DE3D6EEF31EDCF4977B2D2FAACC
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys 5416CEB2916BBE635288C4D1075B045E
C:\Windows\System32\Drivers\mbamswissarmy.sys 351BF8F77B0A15A7B5A2AE098C52A387
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 072D8646E23ECF8A3F5F0157017B4DB6
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 98DB1790F0A584E0A2528B92B052417F
C:\Windows\System32\DRIVERS\mrxsmb.sys 767C6DF04C5758B9F0790D400541B44F
C:\Windows\System32\DRIVERS\mrxsmb10.sys BD55F604FFABC911F8E5500186AE70E5
C:\Windows\System32\DRIVERS\mrxsmb20.sys 92EECFB046D4706A4B8D699A4069B6EC
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ASACPI.sys 19B006B181E3875FD254F7B67ACF1E7C
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys 9FB2A095B1166CB3C9A06651863B3452
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys 734837208CAFD6E0959A7A0333C95C9D
C:\Windows\System32\DRIVERS\netr7364.sys 81B8D0C1CE44A7FDBD596B693783950C
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys BE313E566EEA2A4B7F9AAC9782A567D4
C:\Windows\System32\Drivers\Ntfs.sys 1065D9AFE491706EB00AD3CBB76C9E54
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys DD81FBC57AB9134CDDC5CE90880BFD80
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys EA4D67448BE493D543F1730D6CD04694
C:\Windows\System32\DRIVERS\pneteth.sys A010F13D27C1033A8BE09D5FA9BF348B
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 4D3B50366F453BF1D17CB3DD72A024FF
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys 656736958178461D25B51BB0D9EC7D09
C:\Windows\System32\DRIVERS\srv.sys 72E6A150A8C8530B201832D1C801CDE6
C:\Windows\System32\DRIVERS\srv2.sys C4F67ABCC5033D334613F28F9E782809
C:\Windows\System32\DRIVERS\srvnet.sys C53CB62B0E57488AAE41FDA0FF8A0AB9
C:\Windows\System32\DRIVERS\ssudmdm.sys 37680AECA1BF2D430719A297F68ECD49
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 7FB36A0A036ADDACE0A868E4A43C1C27
C:\Windows\System32\DRIVERS\tcpip.sys 7FB36A0A036ADDACE0A868E4A43C1C27
C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 4DD986720F7CB7A8A5D1226793097B9A
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 2CF58216424757ED29605B4F18EC443C
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\system32\drivers\usbccgp.sys 9E68E917FB4B5C983438969643F53BEF
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 3F9D3902CE931E2A28DD8452AE915B67
C:\Windows\System32\DRIVERS\usbhub.sys 86B65EEBC03B936DE8B26E5A18D98FA2
C:\Windows\System32\drivers\CM10664.sys 49C26DAC5A04080061670E2951BA4880
C:\Windows\system32\drivers\usbohci.sys 099C2931C6F73EB1B9E13C560F61B50D
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys 5D7651347C7D702F4A5DE53603DC024F
C:\Windows\System32\DRIVERS\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29
C:\Windows\System32\DRIVERS\VClone.sys 3C8E2C591345F38149C69FE8E5DF8C90
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys 85C5468BC395819AE2A0C747334BA14C
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\Drivers\ahu4vmpt.sys D41D8CD98F00B204E9800998ECF8427E

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-16 00:23 - 2018-04-16 00:23 - 000000000 ____D C:\Users\DredNawt\Documents\OneNote Notebooks
2018-04-16 00:20 - 2018-04-16 00:22 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-04-16 00:20 - 2018-04-16 00:20 - 000002358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-04-16 00:20 - 2018-04-16 00:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-04-16 00:20 - 2018-04-16 00:17 - 014381616 _____ C:\Windows\MSYHBD.tt2
2018-04-16 00:20 - 2018-04-16 00:16 - 021543568 _____ C:\Windows\MSYH.tt2
2018-04-16 00:20 - 2018-04-16 00:16 - 021302624 _____ C:\Windows\MSJH.tt2
2018-04-16 00:20 - 2018-04-16 00:16 - 014343024 _____ C:\Windows\MSJHBD.tt2
2018-04-16 00:20 - 2018-04-16 00:16 - 000222632 _____ C:\Windows\MSUIGHUR.tt2
2018-04-16 00:20 - 2018-04-16 00:10 - 000094064 _____ C:\Windows\LEELAWAD.tt2
2018-04-16 00:20 - 2018-04-16 00:10 - 000093836 _____ C:\Windows\LEELAWDB.tt2
2018-04-16 00:06 - 2018-04-16 00:06 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-04-16 00:05 - 2018-04-16 00:05 - 004731168 _____ (Microsoft Corporation) C:\Users\DredNawt\Desktop\setuponenotefreeretail.x86.en-us_.exe
2018-04-14 23:05 - 2018-04-14 23:05 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\756107FF.sys
2018-04-05 22:54 - 2018-04-05 22:54 - 000359528 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-05 03:20 - 2018-04-05 03:20 - 000440128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2018-04-05 03:20 - 2018-04-05 03:20 - 000263856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2018-04-05 03:20 - 2018-04-05 03:20 - 000242496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2018-04-05 03:20 - 2018-04-05 03:20 - 000083792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2018-04-05 03:14 - 2018-04-05 03:14 - 000641696 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2018-04-05 03:14 - 2018-04-05 03:14 - 000389296 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2018-04-05 03:14 - 2018-04-05 03:14 - 000331432 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2018-04-05 03:14 - 2018-04-05 03:14 - 000087728 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2018-04-05 02:10 - 2018-04-05 02:10 - 000093832 _____ C:\Users\DredNawt\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-05 01:46 - 2018-04-05 01:46 - 015333512 _____ (Piriform Ltd) C:\Users\DredNawt\Downloads\ccsetup541.exe
2018-04-04 22:35 - 2018-04-04 22:35 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\3556E261.sys
2018-04-04 22:10 - 2018-04-04 22:10 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-04 20:35 - 2018-04-04 20:42 - 000218384 _____ C:\TDSSKiller.3.1.0.16_04.04.2018_20.35.34_log.txt
2018-04-04 20:25 - 2018-04-04 20:25 - 000000000 ____D C:\Users\DredNawt\AppData\Roaming\Comodo
2018-04-04 17:43 - 2018-04-04 17:43 - 000063438 _____ C:\Users\DredNawt\Desktop\2018 AMCAS Application.pdf
2018-04-04 01:05 - 2018-04-04 01:06 - 000217756 _____ C:\TDSSKiller.3.1.0.16_04.04.2018_01.05.26_log.txt
2018-04-04 00:53 - 2018-04-04 00:54 - 000218476 _____ C:\TDSSKiller.3.1.0.16_04.04.2018_00.53.49_log.txt
2018-04-03 11:40 - 2018-04-03 11:40 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-04-03 11:40 - 2017-10-17 12:40 - 000334488 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2018-04-03 04:03 - 2018-04-16 00:27 - 000000000 ____D C:\FRST
2018-04-03 03:48 - 2018-04-14 23:34 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-04-03 03:45 - 2018-04-14 23:34 - 000000000 ____D C:\Users\DredNawt\Desktop\mbar
2018-04-03 03:45 - 2018-04-14 23:04 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-04-03 03:44 - 2018-04-03 03:44 - 000000000 ____D C:\Rem-VBSqt
2018-04-03 03:42 - 2018-04-03 03:49 - 000000000 ____D C:\ProgramData\Sophos
2018-04-03 03:38 - 2018-04-04 20:31 - 000000000 ____D C:\AdwCleaner
2018-04-03 03:30 - 2018-04-03 03:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-03 03:18 - 2018-04-03 03:18 - 002861969 _____ C:\Users\DredNawt\Desktop\Pain Localization via BCI.pdf
2018-04-01 14:51 - 2018-04-01 14:51 - 001291167 _____ C:\Users\DredNawt\Desktop\Thermoreceptors.pdf
2018-04-01 13:43 - 2018-04-01 13:43 - 001558588 _____ C:\Users\DredNawt\Desktop\JCI42843.pdf
2018-04-01 13:42 - 2018-04-01 13:42 - 003286169 _____ C:\Users\DredNawt\Desktop\242.full.pdf
2018-03-29 12:45 - 2018-03-29 20:28 - 000000000 ____D C:\Program Files (x86)\Trend Micro
2018-03-29 12:45 - 2018-03-29 12:53 - 000000000 ____D C:\Users\DredNawt\AppData\Local\Trend Micro
2018-03-29 12:37 - 2018-04-03 11:52 - 000691263 _____ C:\Users\DredNawt\AppData\Local\census.cache
2018-03-29 12:37 - 2018-04-03 11:52 - 000330825 _____ C:\Users\DredNawt\AppData\Local\ars.cache
2018-03-29 12:35 - 2018-04-03 11:51 - 000000010 _____ C:\Users\DredNawt\AppData\Local\sponge.last.runtime.cache
2018-03-29 12:28 - 2018-04-03 11:44 - 000000000 ____D C:\ProgramData\Trend Micro
2018-03-29 12:28 - 2018-03-29 12:28 - 000000000 ____D C:\Windows\Trend Micro
2018-03-29 12:20 - 2018-03-29 12:20 - 000000036 _____ C:\Users\DredNawt\AppData\Local\housecall.guid.cache
2018-03-28 21:23 - 2018-03-28 21:23 - 000026948 _____ C:\Users\DredNawt\Desktop\amcas activities.pdf
2018-03-27 00:12 - 2018-03-27 00:12 - 001378370 _____ C:\Users\DredNawt\Desktop\Geisinger_opioids_paper_American_J_Prev_Med_March15_embargo.pdf
2018-03-22 17:12 - 2018-03-22 17:12 - 000000000 ___HD C:\$Windows.~WS
2018-03-22 17:05 - 2018-03-22 17:05 - 000000000 ____D C:\$WINDOWS.~BT
2018-03-21 01:15 - 2018-03-21 01:15 - 000000000 ____D C:\Users\DredNawt\AppData\Roaming\EasyAntiCheat
2018-03-21 01:15 - 2018-03-21 01:15 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-03-09 22:43 - 2018-03-09 22:43 - 000000000 ____D C:\Users\DredNawt\AppData\Roaming\Wondershare Video Converter Free
2018-03-09 22:42 - 2018-03-09 22:43 - 000000000 ____D C:\ProgramData\Wondershare Video Converter Free
2018-03-07 01:25 - 2018-03-06 00:23 - 000000235 ___SH C:\Users\Public\Libraries.ini
2018-03-07 01:22 - 2018-03-07 01:22 - 000000000 ____D C:\Users\DredNawt\AppData\Local\NVIDIA Corporation
2018-03-07 01:21 - 2018-03-07 01:21 - 000000000 ____D C:\Users\DredNawt\AppData\Local\FortniteGame
2018-03-07 00:07 - 2018-03-07 01:21 - 000000000 ____D C:\Users\DredNawt\AppData\Local\UnrealEngine
2018-03-06 01:48 - 2018-03-06 01:48 - 000011408 _____ C:\Users\DredNawt\Downloads\How to Recognize Plagiarism -- Certificate Award for Graduate Students  School of Education, Indiana University Bloomington.htm
2018-02-18 01:29 - 2018-02-18 01:29 - 000000208 _____ C:\Users\DredNawt\Desktop\Torchlight II.url
2018-02-17 22:13 - 2018-02-17 22:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android
2018-01-31 23:18 - 2018-01-31 23:31 - 000013031 _____ C:\Users\DredNawt\Desktop\NSAIDS and Steroids.xlsx

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-16 00:21 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-04-16 00:20 - 2012-02-17 19:35 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-04-16 00:06 - 2009-07-13 23:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-04-16 00:05 - 2016-11-19 01:32 - 000000000 ____D C:\Users\DredNawt\AppData\LocalLow\Mozilla
2018-04-15 23:15 - 2009-07-14 01:13 - 000744692 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-15 21:55 - 2009-07-14 00:45 - 000015632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-15 21:55 - 2009-07-14 00:45 - 000015632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-15 21:43 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-14 23:02 - 2015-03-14 04:10 - 000000000 ____D C:\Users\DredNawt\AppData\Roaming\vlc
2018-04-14 21:16 - 2017-10-29 18:10 - 000004136 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-04-14 21:16 - 2016-03-06 03:30 - 000003510 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-249627006-3391249319-856258202-1000UA
2018-04-14 21:16 - 2016-03-06 03:30 - 000003238 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-249627006-3391249319-856258202-1000Core
2018-04-14 21:16 - 2015-12-03 21:54 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-04-14 21:16 - 2015-09-12 20:17 - 000003086 _____ C:\Windows\System32\Tasks\{E875F5B3-CD82-45BE-B1CE-0340A1446F7A}
2018-04-14 21:16 - 2015-08-03 17:52 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-04-14 21:16 - 2015-06-26 03:59 - 000003154 _____ C:\Windows\System32\Tasks\{CA767068-8B23-44BF-9382-ACDFBFED06C6}
2018-04-14 21:16 - 2015-06-22 19:24 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-04-14 21:16 - 2015-06-22 19:24 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-04-14 21:16 - 2015-02-06 17:47 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-04-14 21:16 - 2013-11-01 22:25 - 000003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2018-04-14 21:16 - 2013-01-19 03:43 - 000003194 _____ C:\Windows\System32\Tasks\{A69DD18D-7A30-4E88-B5A9-01AF913E0DA7}
2018-04-14 21:16 - 2012-12-03 18:55 - 000002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-04-14 21:16 - 2012-05-25 20:05 - 000003158 _____ C:\Windows\System32\Tasks\{134D7E72-FCED-4016-A43F-71839922121B}
2018-04-14 21:16 - 2012-05-25 18:52 - 000003136 _____ C:\Windows\System32\Tasks\{E1DB095C-8176-459B-AAB9-CC1F84E6FA5F}
2018-04-14 21:16 - 2012-02-20 23:16 - 000002994 _____ C:\Windows\System32\Tasks\{F87FB2DA-3218-480D-A53E-A78934CD4513}
2018-04-14 21:16 - 2012-02-20 23:16 - 000002994 _____ C:\Windows\System32\Tasks\{6134EA2C-8014-4D68-965A-D0A6C13902C6}
2018-04-14 21:16 - 2011-12-29 13:11 - 000003204 _____ C:\Windows\System32\Tasks\{94760C82-932A-4821-9479-98C0EAEDE8B2}
2018-04-14 21:16 - 2011-12-29 12:42 - 000003110 _____ C:\Windows\System32\Tasks\{A1DD1871-BFC7-4505-BE55-6B11F6F1689F}
2018-04-12 23:17 - 2012-05-26 03:13 - 000147224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-04-11 23:40 - 2015-07-19 18:55 - 000000000 ____D C:\Users\DredNawt\AppData\Roaming\uTorrent
2018-04-08 20:58 - 2017-04-16 18:22 - 000004146 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-04-05 23:06 - 2013-03-26 11:28 - 000000504 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-04-05 01:59 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
2018-04-03 11:40 - 2018-01-10 22:57 - 000227784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-04-03 11:40 - 2018-01-10 22:57 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-04-03 11:40 - 2014-05-09 23:40 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-04-03 11:40 - 2014-01-07 11:24 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-04-03 11:40 - 2013-03-02 14:44 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-04-03 11:40 - 2013-03-02 14:44 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-04-03 11:40 - 2012-05-26 03:13 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-04-03 11:40 - 2012-05-26 03:13 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-04-03 11:40 - 2012-05-26 03:13 - 000111352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-04-03 04:05 - 2015-08-18 11:44 - 000000000 ____D C:\Users\DredNawt\AppData\Local\VirtualStore
2018-03-27 03:37 - 2013-06-28 23:59 - 000402454 _____ C:\Windows\system32\Drivers\fvstore.dat
2018-03-25 00:35 - 2015-09-01 16:10 - 000000000 ____D C:\Users\DredNawt\Documents\my games
2018-03-24 20:32 - 2013-04-26 22:31 - 000000000 ____D C:\Windows\System32\Tasks\COMODO
2018-03-23 00:16 - 2015-11-02 11:35 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-23 00:16 - 2015-11-02 11:35 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-22 17:12 - 2011-12-29 06:16 - 000000000 ____D C:\Windows\Panther
2018-03-22 03:44 - 2013-04-01 20:31 - 000000000 ____D C:\Users\DredNawt\Desktop\Med School Applications
2018-03-21 00:00 - 2009-07-14 01:08 - 000032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-03-19 12:57 - 2017-12-14 01:36 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys

==================== Files in the root of some directories =======

2018-03-29 12:37 - 2018-04-03 11:52 - 000330825 _____ () C:\Users\DredNawt\AppData\Local\ars.cache
2018-03-29 12:37 - 2018-04-03 11:52 - 000691263 _____ () C:\Users\DredNawt\AppData\Local\census.cache
2018-03-29 12:20 - 2018-03-29 12:20 - 000000036 _____ () C:\Users\DredNawt\AppData\Local\housecall.guid.cache
2012-03-05 09:47 - 2017-09-09 02:06 - 000007632 _____ () C:\Users\DredNawt\AppData\Local\resmon.resmoncfg
2018-03-29 12:35 - 2018-04-03 11:51 - 000000010 _____ () C:\Users\DredNawt\AppData\Local\sponge.last.runtime.cache
2011-12-29 16:23 - 2011-12-29 16:26 - 000463466 _____ () C:\Users\DredNawt\AppData\Local\WinRARXPENGLISH.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {19913a26-3206-11e1-8b61-9fc2983c0829}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 0

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {19913a28-3206-11e1-8b61-9fc2983c0829}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {19913a26-3206-11e1-8b61-9fc2983c0829}
nx                      OptIn
sos                     No

Windows Boot Loader
-------------------
identifier              {19913a28-3206-11e1-8b61-9fc2983c0829}
device                  ramdisk=[C:]\Recovery\19913a28-3206-11e1-8b61-9fc2983c0829\Winre.wim,{19913a29-3206-11e1-8b61-9fc2983c0829}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\19913a28-3206-11e1-8b61-9fc2983c0829\Winre.wim,{19913a29-3206-11e1-8b61-9fc2983c0829}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {19913a26-3206-11e1-8b61-9fc2983c0829}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {19913a29-3206-11e1-8b61-9fc2983c0829}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\19913a28-3206-11e1-8b61-9fc2983c0829\boot.sdi


LastRegBack: 2018-04-08 17:43

==================== End of FRST.txt ============================



#6 Sluggy

Sluggy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 15 April 2018 - 11:32 PM

Here is the addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by DredNawt (16-04-2018 00:28:32)
Running from I:\Portable Anti-Malware
Windows 7 Enterprise Service Pack 1 (X64) (2011-12-29 16:22:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-249627006-3391249319-856258202-500 - Administrator - Disabled)
DredNawt (S-1-5-21-249627006-3391249319-856258202-1000 - Administrator - Enabled) => C:\Users\DredNawt
Guest (S-1-5-21-249627006-3391249319-856258202-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Advanced Protection (Enabled - Up to date) {B3D9AA4C-EA4D-5505-9BB0-0420509C2BBB}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: COMODO Firewall (Enabled) {3083CA8D-8618-5BD3-8A5F-9667D5C8267D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Acrobat Reader DC MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AOMEI Partition Assistant Pro Edition 5.6 (HKLM-x32\...\AOMEI Partition Assistant Pro Edition 5.6_is1) (Version:  - M.A.G.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.3.2333 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
COMODO Firewall (HKLM\...\{F1EC4151-805B-4097-B9BB-7D71A417AAF1}) (Version: 10.2.0.6526 - COMODO Security Solutions Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ffdshow v1.1.4096 [2011-11-29] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4096.0 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Guild Wars (HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\Guild Wars) (Version:  - )
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Hewlett-Packard ACLM.NET v1.1.0.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 2.0.7.018 - HTC Corporation)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.2.6 - PandoraTV)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech Gaming Software 8.75 (HKLM\...\Logitech Gaming Software) (Version: 8.75.30 - Logitech Inc.)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Media Preview (HKLM\...\{52AFC3E1-0FAA-4C05-88FF-373911EA68F5}) (Version: 1.4.3.429 - BabelSoft)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.9126.2152 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Firefox 59.0.2 (x64 en-US) (HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Music Manager (HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\MusicManager) (Version:  - Google, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9126.2152 - Microsoft Corporation) Hidden
PdaNet+ for Android 5.10 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
Ralink Wireless LAN Card (HKLM-x32\...\{E91E8912-769D-42F0-8408-0E329443BABC}) (Version: 1.00.01 - RALINK)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tegrity Download Manager (HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\Tegrity Download Manager) (Version: 3.0.62950.0 - Tegrity)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
USB Multi-Channel Audio Device (HKLM\...\C-Media CM106 Like Sound Driver) (Version:  - )
VC 9.0 Runtime (HKLM-x32\...\{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\WinDirStat) (Version:  - )
ZoneAlarm Firewall (HKLM-x32\...\{6ADCBB79-7B9A-449B-AE31-E1C7116042B9}) (Version: 11.0.000.038 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (HKLM-x32\...\{325988C2-8D7B-460E-8F6F-4747129CA495}) (Version: 11.0.000.038 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-249627006-3391249319-856258202-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\DredNawt\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-249627006-3391249319-856258202-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\DredNawt\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Software\Security\Avast\ashShA64.dll [2018-04-03] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Software\Security\Avast\ashShA64.dll [2018-04-03] (AVAST Software)
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => E:\Software\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32-x32-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => E:\Software\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => E:\Software\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => E:\Software\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => E:\Software\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Software\Security\Avast\ashShA64.dll [2018-04-03] (AVAST Software)
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => E:\Software\Security\COMODO\COMODO Internet Security\cavshell.dll [2018-03-13] (COMODO)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\Software\Image and Rars\WIN Rar\rarext.dll [2011-05-28] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => E:\Software\Image and Rars\WIN Rar\rarext32.dll [2011-05-28] ()
ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} =>  -> No File
ContextMenuHandlers1-x32-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => E:\Software\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => E:\Software\Security\COMODO\COMODO Internet Security\cavshell.dll [2018-03-13] (COMODO)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Software\Security\Avast\ashShA64.dll [2018-04-03] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => E:\Software\Security\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers3-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => E:\Software\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\Software\Image and Rars\WIN Rar\rarext.dll [2011-05-28] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => E:\Software\Image and Rars\WIN Rar\rarext32.dll [2011-05-28] ()
ContextMenuHandlers4-x32-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => E:\Software\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => D:\Hardware\Drivers\Graphics\ATI.ACE\Core-Static\atiacm64.dll [2013-12-06] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => E:\Software\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Software\Security\Avast\ashShA64.dll [2018-04-03] (AVAST Software)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => E:\Software\Security\COMODO\COMODO Internet Security\cavshell.dll [2018-03-13] (COMODO)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => E:\Software\Security\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\Software\Image and Rars\WIN Rar\rarext.dll [2011-05-28] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => E:\Software\Image and Rars\WIN Rar\rarext32.dll [2011-05-28] ()
ContextMenuHandlers6-x32-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => E:\Software\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {001351C4-6BEA-4F56-A1BE-ACA14E37669B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-06] (Microsoft Corporation)
Task: {060008F0-E6B4-4A7A-BE0B-19C8DD92B6C5} - System32\Tasks\CCleaner Update => E:\Software\Security\Cleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd)
Task: {128253B6-4961-486B-9801-56C813C7CCBA} - System32\Tasks\{94760C82-932A-4821-9479-98C0EAEDE8B2} => C:\Windows\system32\pcalua.exe -a C:\Users\DredNawt\AppData\Local\Temp\Temp1_IntelX58ICH10R_Cipset_V9101007.zip\Chipset\AsusSetup.exe <==== ATTENTION
Task: {16E6995A-7DCF-4F23-828A-79970C41728E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-04-14] (AVAST Software)
Task: {2D426114-E4D0-4ABF-ACB6-10E374C92734} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => E:\Software\Security\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-13] (COMODO)
Task: {43B07E0A-3DF9-4451-B2AE-32B0FCEA5CE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-22] (Google Inc.)
Task: {4494C82F-254F-4505-B21E-BE6CF885AA6F} - System32\Tasks\{E875F5B3-CD82-45BE-B1CE-0340A1446F7A} => C:\Windows\system32\pcalua.exe -a E:\Downloads\pbsetup.exe -d E:\Downloads
Task: {51514A49-AFE4-45E9-A63A-3819FFE8914D} - System32\Tasks\{F87FB2DA-3218-480D-A53E-A78934CD4513} => E:\Downloads\battlelog-web-plugins-1.110.0-retail-prod.exe
Task: {66CD2E56-8AA8-40E7-B715-65623AA69B2E} - System32\Tasks\{6134EA2C-8014-4D68-965A-D0A6C13902C6} => E:\Downloads\battlelog-web-plugins-1.110.0-retail-prod.exe
Task: {6E4FB5F3-D07F-4748-A746-6E1A8CFEF908} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {77FC5779-E7F3-433D-BD6B-49CB3255FB4B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-22] (Google Inc.)
Task: {79C61CD9-0E9E-485B-9DF2-E042F731211D} - System32\Tasks\Avast Emergency Update => E:\Software\Security\Avast\AvEmUpdate.exe [2018-04-03] (AVAST Software)
Task: {7CDC6731-D413-42F4-9764-8A7C9723B724} - System32\Tasks\{CA767068-8B23-44BF-9382-ACDFBFED06C6} => C:\Windows\system32\pcalua.exe -a C:\Users\DredNawt\Downloads\jxpiinstall.exe -d C:\Users\DredNawt\Downloads
Task: {7F1AB577-C251-4A6D-8A86-99FDF43F3FFC} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => E:\Software\Security\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-13] (COMODO)
Task: {8F7BE41F-809C-4B3F-840E-8E083BC9A80B} - System32\Tasks\{E1DB095C-8176-459B-AAB9-CC1F84E6FA5F} => C:\Windows\system32\pcalua.exe -a C:\Users\DredNawt\Desktop\vpsupd.exe -d C:\Users\DredNawt\Desktop
Task: {997F0F55-6F49-4C9F-BA44-9A5834334406} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-30] (Adobe Systems Incorporated)
Task: {9A027F5F-5A1C-4D83-A311-F98067A9EC99} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-249627006-3391249319-856258202-1000UA => C:\Users\DredNawt\AppData\Local\Google\Update\GoogleUpdate.exe [2016-03-06] (Google Inc.)
Task: {A15DD243-4A44-431D-9049-56D9A22E24AE} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {A58AD7BA-6366-4971-94C6-80E715FB7B1E} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => E:\Software\Security\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-13] (COMODO)
Task: {AB887668-1C20-484E-B428-95608A0168D3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-16] (Microsoft Corporation)
Task: {ADA3A636-6BC3-4B6C-A47B-4821A4528C54} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => E:\Software\Security\COMODO\COMODO Internet Security\cistray.exe [2018-03-13] (COMODO)
Task: {B569C514-E222-4140-A5E3-1E356ED8D21B} - System32\Tasks\{134D7E72-FCED-4016-A43F-71839922121B} => C:\Windows\system32\pcalua.exe -a E:\Software\AV\aswRunDll.exe -c "E:\Software\AV\Setup\setiface.dll" RunSetup
Task: {C027EECA-352A-470C-9247-58E0FF3F366E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-249627006-3391249319-856258202-1000Core => C:\Users\DredNawt\AppData\Local\Google\Update\GoogleUpdate.exe [2016-03-06] (Google Inc.)
Task: {C4FFC038-5BAB-4403-802D-1609D6BAFFA1} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => E:\Software\Security\COMODO\COMODO Internet Security\cis.exe [2018-03-13] (COMODO)
Task: {CDC1E543-9EB2-4B44-97D9-D04B9359C1E8} - System32\Tasks\CCleanerSkipUAC => E:\Software\Security\Cleaner\CCleaner.exe [2017-10-18] (Piriform Ltd)
Task: {CDD987E6-7147-45C6-8D52-8FAA1EE23CC7} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.04\AsLoader.exe [2010-01-13] (ASUSTeK Computer Inc.)
Task: {CF8DDF09-2B72-43C4-916F-A629A1AAD8C7} - System32\Tasks\{A1DD1871-BFC7-4505-BE55-6B11F6F1689F} => C:\Windows\system32\pcalua.exe -a D:\Hardware\Chipset\Setup.exe -d D:\Hardware\Chipset
Task: {D6EC7F9E-4E9E-462C-A294-28C7C9592147} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-16] (Microsoft Corporation)
Task: {E13C8BF1-AA99-4908-B3CA-0393BF5B46CC} - System32\Tasks\{A69DD18D-7A30-4E88-B5A9-01AF913E0DA7} => C:\Windows\system32\pcalua.exe -a E:\Downloads\cmedia_cmi106_6.12.8.2131-7\Setup.exe -d E:\Downloads\cmedia_cmi106_6.12.8.2131-7
Task: {E84A938B-9013-4A09-A2B2-921E8E4DF6D1} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {F84AF8A3-BED0-4D13-BDC3-16C243A1642F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-06] (Microsoft Corporation)
Task: {FE0E9161-6B05-406E-847D-D5634726AF56} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2013-04-15 18:38 - 2018-03-13 13:17 - 000107200 _____ () E:\Software\Security\COMODO\COMODO Internet Security\cavwpps.dll
2013-04-15 18:38 - 2018-03-13 13:17 - 000244416 _____ () E:\Software\Security\COMODO\COMODO Internet Security\cmdcomps.dll
2014-09-09 00:28 - 2014-09-09 00:28 - 000076152 _____ () C:\Windows\system32\PnkBstrA.exe
2018-04-03 11:40 - 2018-04-03 11:40 - 000728792 _____ () e:\Software\Security\Avast\x64\vaarclient.dll
2018-04-03 11:40 - 2018-04-03 11:40 - 000920280 _____ () E:\Software\Security\Avast\x64\ffl2.dll
2018-04-03 11:40 - 2018-04-03 11:40 - 000348888 _____ () e:\Software\Security\Avast\x64\StreamBack.dll
2018-04-03 11:40 - 2018-04-03 11:40 - 000329432 _____ () E:\Software\Security\Avast\x64\tasks_core.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-10-14 12:35 - 2015-10-14 12:35 - 001095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-10-14 12:35 - 2015-10-14 12:35 - 000240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2018-02-17 22:13 - 2017-12-04 11:46 - 001263016 _____ () C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
2018-04-03 11:40 - 2018-04-03 11:40 - 000349912 _____ () E:\Software\Security\Avast\streamback_avast.dll
2018-04-03 11:40 - 2018-04-03 11:40 - 000295640 _____ () E:\Software\Security\Avast\streamback.dll
2018-04-03 11:40 - 2018-04-03 11:40 - 000282840 _____ () E:\Software\Security\Avast\tasks_core.dll
2018-04-03 11:40 - 2018-04-03 11:40 - 000763608 _____ () E:\Software\Security\Avast\ffl2.dll
2018-04-03 11:40 - 2018-04-03 11:40 - 000911064 _____ () E:\Software\Security\Avast\anen.dll
2018-04-03 11:40 - 2018-04-03 11:40 - 000172760 _____ () E:\Software\Security\Avast\hns_tools.dll
2018-04-03 11:40 - 2018-04-03 11:40 - 000969944 _____ () E:\Software\Security\Avast\shepherdsync.dll
2018-04-03 11:40 - 2018-04-03 11:40 - 000501464 _____ () E:\Software\Security\Avast\gui_cache.dll
2018-04-15 21:47 - 2018-04-15 21:47 - 005816976 _____ () E:\Software\Security\Avast\defs\18041500\algo.dll
2018-03-08 01:21 - 2018-03-08 01:21 - 067126928 _____ () E:\Software\Security\Avast\libcef.dll
2018-04-03 11:40 - 2018-04-03 11:40 - 000281816 _____ () E:\Software\Security\Avast\gaming_mode_ui.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000140568 _____ () E:\Software\Media\VLC\libvlc.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 002628888 _____ () E:\Software\Media\VLC\libvlccore.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000551192 _____ () E:\Software\Media\VLC\plugins\access\libdshow_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000039192 _____ () E:\Software\Media\VLC\plugins\audio_output\libdirectsound_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000037144 _____ () E:\Software\Media\VLC\plugins\audio_output\libwaveout_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000083736 _____ () E:\Software\Media\VLC\plugins\video_output\libdirect3d_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000075544 _____ () E:\Software\Media\VLC\plugins\video_output\libdirectdraw_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 002155800 _____ () E:\Software\Media\VLC\plugins\access\liblibbluray_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000111384 _____ () E:\Software\Media\VLC\plugins\access\libaccess_bd_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000240920 _____ () E:\Software\Media\VLC\plugins\access\libdvdnav_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000086808 _____ () E:\Software\Media\VLC\plugins\access\libvdr_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000053016 _____ () E:\Software\Media\VLC\plugins\access\libfilesystem_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000069400 _____ () E:\Software\Media\VLC\plugins\stream_filter\libsmooth_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000591128 _____ () E:\Software\Media\VLC\plugins\stream_filter\libhttplive_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000768792 _____ () E:\Software\Media\VLC\plugins\stream_filter\libdash_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000128792 _____ () E:\Software\Media\VLC\plugins\access\libzip_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000049944 _____ () E:\Software\Media\VLC\plugins\access\librar_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000020760 _____ () E:\Software\Media\VLC\plugins\stream_filter\librecord_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000137496 _____ () E:\Software\Media\VLC\plugins\demux\libplaylist_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 001563928 _____ () E:\Software\Media\VLC\plugins\meta_engine\libtaglib_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000330008 _____ () E:\Software\Media\VLC\plugins\lua\liblua_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 001261336 _____ () E:\Software\Media\VLC\plugins\misc\libxml_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000021784 _____ () E:\Software\Media\VLC\plugins\control\libwin_msg_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000066840 _____ () E:\Software\Media\VLC\plugins\control\libhotkeys_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000236824 _____ () E:\Software\Media\VLC\plugins\demux\libmp4_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000045848 _____ () E:\Software\Media\VLC\plugins\control\libwin_hotkeys_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 011994904 _____ () E:\Software\Media\VLC\plugins\gui\libqt4_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000043800 _____ () E:\Software\Media\VLC\plugins\meta_engine\libfolder_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000258328 _____ () E:\Software\Media\VLC\plugins\codec\libjpeg_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000024344 _____ () E:\Software\Media\VLC\plugins\codec\libcdg_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000301848 _____ () E:\Software\Media\VLC\plugins\codec\libpng_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 001288472 _____ () E:\Software\Media\VLC\plugins\codec\libschroedinger_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000751896 _____ () E:\Software\Media\VLC\plugins\codec\libvorbis_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000341784 _____ () E:\Software\Media\VLC\plugins\codec\libtheora_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000025880 _____ () E:\Software\Media\VLC\plugins\codec\libdts_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000034072 _____ () E:\Software\Media\VLC\plugins\codec\libaraw_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000049432 _____ () E:\Software\Media\VLC\plugins\codec\libsubstx3g_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000448792 _____ () E:\Software\Media\VLC\plugins\codec\libflac_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000033048 _____ () E:\Software\Media\VLC\plugins\codec\libg711_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000021784 _____ () E:\Software\Media\VLC\plugins\codec\libaes3_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000154904 _____ () E:\Software\Media\VLC\plugins\codec\libspeex_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 001546520 _____ () E:\Software\Media\VLC\plugins\codec\liblibass_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000353560 _____ () E:\Software\Media\VLC\plugins\codec\libfaad_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000025368 _____ () E:\Software\Media\VLC\plugins\codec\liba52_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000025368 _____ () E:\Software\Media\VLC\plugins\codec\libmpeg_audio_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000028952 _____ () E:\Software\Media\VLC\plugins\codec\liblpcm_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000360728 _____ () E:\Software\Media\VLC\plugins\codec\libopus_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000119064 _____ () E:\Software\Media\VLC\plugins\codec\libdvbsub_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000025880 _____ () E:\Software\Media\VLC\plugins\codec\libspudec_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 013153048 _____ () E:\Software\Media\VLC\plugins\codec\libavcodec_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000769816 _____ () E:\Software\Media\VLC\plugins\text_renderer\libfreetype_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000036120 _____ () E:\Software\Media\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000027416 _____ () E:\Software\Media\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000699160 _____ () E:\Software\Media\VLC\plugins\video_chroma\libswscale_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000034072 _____ () E:\Software\Media\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000122648 _____ () E:\Software\Media\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000061720 _____ () E:\Software\Media\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000025880 _____ () E:\Software\Media\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000024856 _____ () E:\Software\Media\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000021784 _____ () E:\Software\Media\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000027928 _____ () E:\Software\Media\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000024856 _____ () E:\Software\Media\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000019736 _____ () E:\Software\Media\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000026392 _____ () E:\Software\Media\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000024344 _____ () E:\Software\Media\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000034584 _____ () E:\Software\Media\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 001501976 _____ () E:\Software\Media\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000021272 _____ () E:\Software\Media\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000020760 _____ () E:\Software\Media\VLC\plugins\video_filter\libscale_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000020248 _____ () E:\Software\Media\VLC\plugins\video_filter\libyuvp_plugin.dll
2015-02-27 10:21 - 2015-02-27 10:21 - 000038680 _____ () E:\Software\Media\VLC\plugins\video_filter\libadjust_plugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\ampa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ac3filter64.acm:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ampa.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\chajei.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LkmdfCoInst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\phon.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quick.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WcsPlugInService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ac3filter.acm:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ampa.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\chajei.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hlink.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10.IME:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\imkr80.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\phon.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PnkBstrB.ex0:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quick.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\tbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WcsPlugInService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\Apowersoft_AudioDevice.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\LGBusEnum.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\LGJoyXlCore.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\LGSHidFilt.Sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\LGVirHid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\rndismpx.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\usb8023x.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\WdfCoInstaller01007.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\WinUSBCoInstaller.dll:$CmdTcID [130]
AlternateDataStreams: C:\ProgramData\TEMP:DED17083 [286]
AlternateDataStreams: C:\Users\DredNawt\Desktop\Moses Moua Certification_Form.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\DredNawt\Desktop\Moses Moua Certification_Form.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\DredNawt\Desktop\Moses Moua CV.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\DredNawt\Desktop\Moses Moua CV.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\DredNawt\Desktop\Moses Moua Resume 10-31-2016.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\DredNawt\Desktop\Moses Moua Resume 10-31-2016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\DredNawt\Desktop\Renee Descartes Principles of Philosophy.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\DredNawt\Desktop\Renee Descartes Principles of Philosophy.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\DredNawt\Downloads\Hiram.docx:$CmdTcID [64]
AlternateDataStreams: C:\Users\DredNawt\Downloads\Hiram.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Public\AppData:CSM [468]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\79890540.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\79890540.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-249627006-3391249319-856258202-1000\...\sharepoint.com -> hxxps://gcsom-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-249627006-3391249319-856258202-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DredNawt\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: IswSvc => 2
MSCONFIG\Services: LGE NDIS Connection Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: RalinkRegistryWriter => 2
MSCONFIG\Services: RalinkRegistryWriter64 => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk => C:\Windows\pss\Virtual Router Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^DredNawt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\Windows\pss\PdaNet Desktop.lnk.Startup
MSCONFIG\startupreg: CCleaner Monitoring => "E:\Software\Security\Cleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Cm106Sound => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd
MSCONFIG\startupreg: Google Update => "C:\Users\DredNawt\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: MusicManager => "C:\Users\DredNawt\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{875E8A09-A8B8-454B-B297-8396C3050E6E}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [{20D652A9-08CD-49D5-816F-5683B9E284C0}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [{762E0644-2CD9-4E85-A8E0-A6F96519FE8A}] => (Allow) E:\Software\Office\Office14\GROOVE.EXE
FirewallRules: [{13851AD6-64E1-4B99-B063-6DBE69121A63}] => (Allow) E:\Software\Office\Office14\GROOVE.EXE
FirewallRules: [TCP Query User{403AD092-A3F5-4402-AFFB-52D003316FFC}G:\games\starcraft\starcraft.exe] => (Allow) G:\games\starcraft\starcraft.exe
FirewallRules: [UDP Query User{C83F0AF5-5F49-4FEE-A8FE-8EDF67A7B04D}G:\games\starcraft\starcraft.exe] => (Allow) G:\games\starcraft\starcraft.exe
FirewallRules: [{B2889EE6-A316-459A-AB79-A7CE252AEFC2}] => (Block) G:\games\starcraft\starcraft.exe
FirewallRules: [{086E102B-42DB-4D42-AA4E-1DF0479BF739}] => (Block) G:\games\starcraft\starcraft.exe
FirewallRules: [{B6870765-3463-4137-B784-4FE893F0A0EF}] => (Allow) G:\Games\Steam\Steams\steamapps\common\Magicka\Magicka.exe
FirewallRules: [{CF51135F-04B0-4AD8-AEA3-4A35F50C7005}] => (Allow) G:\Games\Steam\Steams\steamapps\common\Magicka\Magicka.exe
FirewallRules: [{9CB51AF4-62D1-4873-A90E-B6374DBF5EA5}] => (Allow) D:\Games\Steam\steamapps\common\magicka\Magicka.exe
FirewallRules: [{352AA272-D93D-4700-AD77-AFB17FE495F6}] => (Allow) D:\Games\Steam\steamapps\common\magicka\Magicka.exe
FirewallRules: [{304AAFB3-BD19-465D-87FB-C3B973A5E787}] => (Allow) D:\Games\Steam\steamapps\common\magicka\Magicka.exe
FirewallRules: [{6E831411-ECC2-4A1E-840A-7C5EFF51468E}] => (Allow) D:\Games\Steam\steamapps\common\magicka\Magicka.exe
FirewallRules: [{B64FBCA0-1EA4-489B-A8C2-1D16B7BB2981}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [{662857F2-AF9F-4123-B449-8D2964A90F04}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [{ABB7AE95-190A-4057-AD54-6EFBA857DD82}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F651451C-ED7F-410C-91BE-8530EEBE5045}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9A0811CA-4674-472C-9752-8B5DC6F46CCD}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{9DFB1E4C-6BBC-49A1-AF28-6F47E9CCFE20}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{45FC6B65-A894-4905-8450-F2557DB9D9D5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F8E6A92F-81D0-4832-9E19-D3C745719C26}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{125D916C-669F-430C-8690-911743337856}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3223D254-DCFE-423D-A184-535B044C9DA8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{153ACBE7-D703-4595-AE63-981217A91B18}] => (Allow) E:\Software\ISP\firefox.exe
FirewallRules: [{F6AD2F69-37BA-4FAD-A194-C5F00B09F491}] => (Allow) E:\Software\ISP\firefox.exe
FirewallRules: [{93E41AC1-52D8-4B76-8473-EE57788C86B6}] => (Allow) D:\Software\Torrent\uTorrent.exe
FirewallRules: [{9BA0934D-D242-4238-A567-6D4DBD1863C7}] => (Allow) D:\Software\Torrent\uTorrent.exe
FirewallRules: [{85ADAAE1-3C9E-45DF-BC96-5C4FCD713986}] => (Allow) C:\Users\DredNawt\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1E6B43D9-DABE-4013-9F80-7888CE7BA3A7}] => (Allow) C:\Users\DredNawt\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2853B207-A2BB-49E2-A712-474DE0290F29}] => (Allow) C:\Users\DredNawt\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{48F657CE-F09C-4E9D-AA92-D5D025E665D5}] => (Allow) C:\Users\DredNawt\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{81473DBD-6F16-4F94-967E-ECD086E65181}] => (Allow) C:\Users\DredNawt\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F2107FFE-9C24-4F1C-A1A9-5C064904DF6A}] => (Allow) C:\Users\DredNawt\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E2BE5F98-1754-44A1-98AA-9DA7CB5DF9A6}] => (Allow) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E0B12E89-64BB-4741-B2C7-392686421C7C}] => (Allow) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7B7F3B97-192C-4141-AA06-E2F4DC080D16}] => (Allow) F:\Games\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{8022E89F-F434-44CB-BA6D-B74D9C0EC005}] => (Allow) F:\Games\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{5FEB5925-4B0C-4650-9C49-9AAFA7F18979}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: CSN5PDTS82x64 NDIS Protocol Driver
Description: CSN5PDTS82x64 NDIS Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CSN5PDTS82x64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Floppy disk drive
Description: Floppy disk drive
Class Guid: {4d36e980-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard floppy disk drives)
Service: flpydisk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Capsax64Drv0 NDIS Protocol Driver
Description: Capsax64Drv0 NDIS Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Capsax64Drv0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/14/2018 12:11:39 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (04/08/2018 09:19:32 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (04/08/2018 05:50:26 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (04/05/2018 10:57:41 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/05/2018 10:57:41 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/05/2018 10:57:41 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/05/2018 10:57:41 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (04/05/2018 10:57:41 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (04/15/2018 09:47:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
The specified module could not be found.

Error: (04/15/2018 09:45:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
79890540
Capsax64Drv0
CSN5PDTS82
CSN5PDTS82x64
CsNdisLWF

Error: (04/15/2018 09:45:01 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Wondershare Application Framework Service service hung on starting.

Error: (04/15/2018 09:43:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\fanio.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/14/2018 11:44:02 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (04/14/2018 07:38:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
The specified module could not be found.

Error: (04/14/2018 07:36:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
79890540
Capsax64Drv0
CSN5PDTS82
CSN5PDTS82x64
CsNdisLWF

Error: (04/14/2018 07:35:56 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\fanio.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Windows Defender:
===================================
Date: 2013-06-24 16:48:30.569
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.P&threatid=167506
Name:Trojan:Win32/Sirefef.P
ID:167506
Severity:Severe
Category:Trojan
Path Found:containerfile:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{46A212D0-D773-4344-8228-37C62D7418CE}-Axana Webcam All Videos 1407MB.zip;file:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{46A212D0-D773-4344-8228-37C62D7418CE}-Axana Webcam All Videos 1407MB.zip->Axana Webcam All Videos 1407MB.exe->[Obfuscator.PN];filelocalcopy:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{46A212D0-D773-4344-8228-37C62D7418CE}-Axana Webcam All Videos 1407MB.zip->Axana Webcam All Videos 1407MB.exe->[Obfuscator.PN];webfile:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{46A212D0-D773-4344-8228-37C62D7418CE}-Axana Webcam All Videos 1407MB.zip
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2013-06-21 16:09:01.795
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.P&threatid=167506
Name:Trojan:Win32/Sirefef.P
ID:167506
Severity:Severe
Category:Trojan
Path Found:containerfile:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{46A212D0-D773-4344-8228-37C62D7418CE}-Axana Webcam All Videos 1407MB.zip;file:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{46A212D0-D773-4344-8228-37C62D7418CE}-Axana Webcam All Videos 1407MB.zip->Axana Webcam All Videos 1407MB.exe->[Obfuscator.PN];filelocalcopy:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{46A212D0-D773-4344-8228-37C62D7418CE}-Axana Webcam All Videos 1407MB.zip->Axana Webcam All Videos 1407MB.exe->[Obfuscator.PN];webfile:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{46A212D0-D773-4344-8228-37C62D7418CE}-Axana Webcam All Videos 1407MB.zip
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2013-06-20 22:44:20.000
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.P&threatid=167506
Name:Trojan:Win32/Sirefef.P
ID:167506
Severity:Severe
Category:Trojan
Path Found:containerfile:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{46A212D0-D773-4344-8228-37C62D7418CE}-Axana Webcam All Videos 1407MB.zip;file:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{46A212D0-D773-4344-8228-37C62D7418CE}-Axana Webcam All Videos 1407MB.zip->Axana Webcam All Videos 1407MB.exe->[Obfuscator.PN];filelocalcopy:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{46A212D0-D773-4344-8228-37C62D7418CE}-Axana Webcam All Videos 1407MB.zip->Axana Webcam All Videos 1407MB.exe->[Obfuscator.PN];webfile:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{46A212D0-D773-4344-8228-37C62D7418CE}-Axana Webcam All Videos 1407MB.zip
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2013-06-20 15:05:50.478
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.P&threatid=167506
Name:Trojan:Win32/Sirefef.P
ID:167506
Severity:Severe
Category:Trojan
Path Found:containerfile:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{46A212D0-D773-4344-8228-37C62D7418CE}-Axana Webcam All Videos 1407MB.zip;file:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{46A212D0-D773-4344-8228-37C62D7418CE}-Axana Webcam All Videos 1407MB.zip->Axana Webcam All Videos 1407MB.exe->[Obfuscator.PN];filelocalcopy:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{46A212D0-D773-4344-8228-37C62D7418CE}-Axana Webcam All Videos 1407MB.zip->Axana Webcam All Videos 1407MB.exe->[Obfuscator.PN];webfile:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{46A212D0-D773-4344-8228-37C62D7418CE}-Axana Webcam All Videos 1407MB.zip
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2013-06-20 14:32:46.134
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.P&threatid=167506
Name:Trojan:Win32/Sirefef.P
ID:167506
Severity:Severe
Category:Trojan
Path Found:containerfile:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{46A212D0-D773-4344-8228-37C62D7418CE}-Axana Webcam All Videos 1407MB.zip;file:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{46A212D0-D773-4344-8228-37C62D7418CE}-Axana Webcam All Videos 1407MB.zip->Axana Webcam All Videos 1407MB.exe->[Obfuscator.PN];filelocalcopy:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{46A212D0-D773-4344-8228-37C62D7418CE}-Axana Webcam All Videos 1407MB.zip->Axana Webcam All Videos 1407MB.exe->[Obfuscator.PN];webfile:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{46A212D0-D773-4344-8228-37C62D7418CE}-Axana Webcam All Videos 1407MB.zip
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2015-10-18 21:02:15.158
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:1.207.2955.0
Update Source:User
Signature Type:AntiSpyware
Update Type:Delta
Current Engine Version:
Previous Engine Version:1.1.12101.0
Error code:0x80070070
Error description:There is not enough space on the disk.

Date: 2015-10-17 10:22:56.404
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:1.207.2955.0
Update Source:User
Signature Type:AntiSpyware
Update Type:Delta
Current Engine Version:
Previous Engine Version:1.1.12101.0
Error code:0x80070070
Error description:There is not enough space on the disk.

CodeIntegrity:
===================================

Date: 2018-03-24 19:49:34.063
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-03-24 19:49:34.004
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-03-24 19:27:40.577
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-03-24 19:27:40.514
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-03-24 13:05:44.762
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-03-24 13:05:44.700
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-03-24 12:56:41.717
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-03-24 12:56:41.670
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 42%
Total physical RAM: 6134.12 MB
Available physical RAM: 3548.13 MB
Total Virtual: 12266.42 MB
Available Virtual: 9375.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:49.53 GB) (Free:3.98 GB) NTFS
Drive d: (blah?) (Fixed) (Total:107.13 GB) (Free:84.33 GB) NTFS
Drive e: () (Fixed) (Total:10 GB) (Free:5.56 GB) NTFS
Drive f: (Huh?) (Fixed) (Total:232.88 GB) (Free:185.94 GB) NTFS
Drive i: () (Removable) (Total:1.95 GB) (Free:1.62 GB) FAT

\\?\Volume{3a621333-3206-11e1-ae17-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: F0025242)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 59.6 GB) (Disk ID: DA25DA25)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 107.1 GB) (Disk ID: 0CF7EB66)
Partition 1: (Not Active) - (Size=107.1 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 2 GB) (Disk ID: 9B0C2E14)
Partition 1: (Active) - (Size=2 GB) - (Type=06)

==================== End of Addition.txt ============================



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:11 PM

Posted 16 April 2018 - 11:00 AM

Greetings Mo,

Although I greatly appreciate your offer to donate, I prefer to offer assistance purely for free.

I am not knowledgeable when it comes to tethering phones but I believe the SSL_ERROR_RX_RECORD_TOO_LONG message pertains to your phone and not your computer.

You have a number of security programs installed and some of them should be removed. Since it appears you prefer Avast I recommend the removal of the following programs.

Use the Zonealarm and Comodo uninstall tools from the links on this page.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time (there is no need to paste the information anywhere)
Start::
CreateRestorePoint:
CloseProcesses:
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9}
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
Toolbar: HKU\S-1-5-21-249627006-3391249319-856258202-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> E:\Software\Java\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Software\Security\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S2 HPSLPSVC; C:\Users\DredNawt\AppData\Local\Temp\7zS647C\hpslpsvc64.dll 
U3 aq0kke6m; C:\Windows\System32\Drivers\aq0kke6m.sys [0 ] (Microsoft Corporation)
C:\Windows\System32\Drivers\aq0kke6m.sys
S0 79890540; system32\drivers\89629951.sys
S3 ALSysIO; \??\C:\Users\DredNawt\AppData\Local\Temp\ALSysIO64.sys
S1 Capsax64Drv0; System32\Drivers\Capsax64Drv0.sys
S1 CSN5PDTS82; System32\Drivers\CSN5PDTS82.sys
S1 CSN5PDTS82x64; System32\Drivers\CSN5PDTS82x64.sys
S1 CsNdisLWF; System32\Drivers\CsNdisLWF.sys
S3 easytether; system32\DRIVERS\easytthr.sys
S3 LGELTEBus; system32\DRIVERS\LGELTEBus.sys
S3 LGELTEmdm; system32\DRIVERS\LGELTEmdm.sys
S3 LGELTEMux; system32\DRIVERS\LGELTEMux.sys
S3 LGELTENdis; system32\DRIVERS\LGELTENdis.sys
S3 LGELTEprt; system32\DRIVERS\LGELTEprt.sys
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys
S3 tsusbhub; system32\drivers\tsusbhub.sys
S3 VGPU; System32\drivers\rdvgkmd.sys
Task: {128253B6-4961-486B-9801-56C813C7CCBA} - System32\Tasks\{94760C82-932A-4821-9479-98C0EAEDE8B2} => C:\Windows\system32\pcalua.exe -a C:\Users\DredNawt\AppData\Local\Temp\Temp1_IntelX58ICH10R_Cipset_V9101007.zip\Chipset\AsusSetup.exe
C:\Windows\system32\pcalua.exe -a C:\Users\DredNawt\AppData\Local\Temp\Temp1_IntelX58ICH10R_Cipset_V9101007.zip
StartPowershell:
Get-Content - path C:\Users\Public\AppData -stream CSM
EndPowershell:
ExportKey: HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
cmd: chkdsk
cmd: sfc /scannow
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
===================================================

Rebuilding Windows Indexing

--------------------

Note: This process may take a long time to complete.
  • Click Start, then Control Panel (icons view)
  • Windows 8/10 right click on the Start button and select Control Panel
  • Click Indexing Options
  • Click Advanced
  • Click Rebuild, then OK
  • When completed you will see Indexing complete
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Programs uninstall?
  • Fixlist
  • Index rebuilt?
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Sluggy

Sluggy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 17 April 2018 - 09:06 PM

Uninstalled Zonealarm and Comodo using the tools. I generally don't use the P2P but am going to keep it for now and will exercise extreme caution should I use it.

Index rebuilt.

Interestingly I can access facebook.com now.

 

Below is the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by DredNawt (17-04-2018 20:42:28) Run:1
Running from I:\Portable Anti-Malware
Loaded Profiles: DredNawt (Available Profiles: DredNawt)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9}
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
Toolbar: HKU\S-1-5-21-249627006-3391249319-856258202-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> E:\Software\Java\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Software\Security\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S2 HPSLPSVC; C:\Users\DredNawt\AppData\Local\Temp\7zS647C\hpslpsvc64.dll
U3 aq0kke6m; C:\Windows\System32\Drivers\aq0kke6m.sys [0 ] (Microsoft Corporation)
C:\Windows\System32\Drivers\aq0kke6m.sys
S0 79890540; system32\drivers\89629951.sys
S3 ALSysIO; \??\C:\Users\DredNawt\AppData\Local\Temp\ALSysIO64.sys
S1 Capsax64Drv0; System32\Drivers\Capsax64Drv0.sys
S1 CSN5PDTS82; System32\Drivers\CSN5PDTS82.sys
S1 CSN5PDTS82x64; System32\Drivers\CSN5PDTS82x64.sys
S1 CsNdisLWF; System32\Drivers\CsNdisLWF.sys
S3 easytether; system32\DRIVERS\easytthr.sys
S3 LGELTEBus; system32\DRIVERS\LGELTEBus.sys
S3 LGELTEmdm; system32\DRIVERS\LGELTEmdm.sys
S3 LGELTEMux; system32\DRIVERS\LGELTEMux.sys
S3 LGELTENdis; system32\DRIVERS\LGELTENdis.sys
S3 LGELTEprt; system32\DRIVERS\LGELTEprt.sys
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys
S3 tsusbhub; system32\drivers\tsusbhub.sys
S3 VGPU; System32\drivers\rdvgkmd.sys
Task: {128253B6-4961-486B-9801-56C813C7CCBA} - System32\Tasks\{94760C82-932A-4821-9479-98C0EAEDE8B2} => C:\Windows\system32\pcalua.exe -a C:\Users\DredNawt\AppData\Local\Temp\Temp1_IntelX58ICH10R_Cipset_V9101007.zip\Chipset\AsusSetup.exe
C:\Windows\system32\pcalua.exe -a C:\Users\DredNawt\AppData\Local\Temp\Temp1_IntelX58ICH10R_Cipset_V9101007.zip
StartPowershell:
Get-Content - path C:\Users\Public\AppData -stream CSM
EndPowershell:
ExportKey: HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
cmd: chkdsk
cmd: sfc /scannow
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:

*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => not found
HKLM\Software\Classes\CLSID\BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} => not found
HKLM\Software\Classes\CLSID\BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
"HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" => removed successfully
HKLM\Software\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => removed successfully
HKLM\Software\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => not found
"HKU\S-1-5-21-249627006-3391249319-856258202-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" => removed successfully
HKLM\Software\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => not found
"HKLM\Software\Classes\PROTOCOLS\Handler\wlpg" => removed successfully
HKLM\Software\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} => not found
"HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1" => removed successfully
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.5.1" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => removed successfully
"HKLM\System\CurrentControlSet\Services\HPSLPSVC" => removed successfully
HPSLPSVC => service removed successfully
aq0kke6m => service not found.
"C:\Windows\System32\Drivers\aq0kke6m.sys" => not found
"HKLM\System\CurrentControlSet\Services\79890540" => removed successfully
79890540 => service removed successfully
"HKLM\System\CurrentControlSet\Services\ALSysIO" => removed successfully
ALSysIO => service removed successfully
"HKLM\System\CurrentControlSet\Services\Capsax64Drv0" => removed successfully
Capsax64Drv0 => service removed successfully
"HKLM\System\CurrentControlSet\Services\CSN5PDTS82" => removed successfully
CSN5PDTS82 => service removed successfully
"HKLM\System\CurrentControlSet\Services\CSN5PDTS82x64" => removed successfully
CSN5PDTS82x64 => service removed successfully
"HKLM\System\CurrentControlSet\Services\CsNdisLWF" => removed successfully
CsNdisLWF => service removed successfully
"HKLM\System\CurrentControlSet\Services\easytether" => removed successfully
easytether => service removed successfully
"HKLM\System\CurrentControlSet\Services\LGELTEBus" => removed successfully
LGELTEBus => service removed successfully
"HKLM\System\CurrentControlSet\Services\LGELTEmdm" => removed successfully
LGELTEmdm => service removed successfully
"HKLM\System\CurrentControlSet\Services\LGELTEMux" => removed successfully
LGELTEMux => service removed successfully
"HKLM\System\CurrentControlSet\Services\LGELTENdis" => removed successfully
LGELTENdis => service removed successfully
"HKLM\System\CurrentControlSet\Services\LGELTEprt" => removed successfully
LGELTEprt => service removed successfully
"HKLM\System\CurrentControlSet\Services\Synth3dVsc" => removed successfully
Synth3dVsc => service removed successfully
"HKLM\System\CurrentControlSet\Services\tsusbhub" => removed successfully
tsusbhub => service removed successfully
"HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully
VGPU => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{128253B6-4961-486B-9801-56C813C7CCBA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{128253B6-4961-486B-9801-56C813C7CCBA}" => removed successfully
C:\Windows\System32\Tasks\{94760C82-932A-4821-9479-98C0EAEDE8B2} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{94760C82-932A-4821-9479-98C0EAEDE8B2}" => removed successfully
"C:\Windows\system32\pcalua.exe -a C:\Users\DredNawt\AppData\Local\Temp\Temp1_IntelX58ICH10R_Cipset_V9101007.zip" => not found

========= Powershell: =========

Get-Content : A positional parameter cannot be found that accepts argument 'pat
h'.
At C:\FRST\tmp000.ps1:1 char:12
+ Get-Content <<<<  - path C:\Users\Public\AppData -stream CSM
    + CategoryInfo          : InvalidArgument: (:) [Get-Content], ParameterBin
   dingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell
   .Commands.GetContentCommand
 

========= End of Powershell: =========

================== ExportKey: ===================

"HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute" => not found

=== End of ExportKey ===

========= chkdsk =========

The type of the file system is FAT.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume Serial Number is 0038-7BF6
Windows is verifying files and folders...
0 percent completed.                  
1 percent completed..                 
2 percent completed...                
4 percent completed....               
6 percent completed.....              
7 percent completed......             
8 percent completed.                  
9 percent completed..                 
10 percent completed...                
11 percent completed....               
65 percent completed.....              
67 percent completed......             
68 percent completed.                  
69 percent completed..                 
73 percent completed...                
76 percent completed....               
77 percent completed.....              
78 percent completed......             
79 percent completed.                  
80 percent completed..                 
81 percent completed...                
82 percent completed....               
87 percent completed.....              
88 percent completed......             
89 percent completed.                  
90 percent completed..                 
91 percent completed...                
92 percent completed....               
94 percent completed.....              
95 percent completed......             
96 percent completed.                  
97 percent completed..                 
98 percent completed...                
99 percent completed....               
100 percent completed.....              
File and folder verification is complete.
Windows has checked the file system and found no problems.

2,095,284,224 bytes total disk space.
      131,072 bytes in 4 hidden files.
    1,146,880 bytes in 35 folders.
  359,628,800 bytes in 232 files.
1,734,377,472 bytes available on disk.

       32,768 bytes in each allocation unit.
       63,943 total allocation units on disk.
       52,929 allocation units available on disk.

========= End of CMD: =========


========= sfc /scannow =========



Beginning system scan.  This process will take some time.



Beginning verification phase of system scan.

Verification 0% complete.Verification 1% complete.Verification 1% complete.Verification 2% complete.Verification 3% complete.Verification 3% complete.Verification 4% complete.Verification 5% complete.Verification 5% complete.Verification 6% complete.Verification 7% complete.Verification 7% complete.Verification 8% complete.Verification 8% complete.Verification 9% complete.Verification 10% complete.Verification 10% complete.Verification 11% complete.Verification 12% complete.Verification 12% complete.Verification 13% complete.Verification 14% complete.Verification 14% complete.Verification 15% complete.Verification 16% complete.Verification 16% complete.Verification 17% complete.Verification 17% complete.Verification 18% complete.Verification 19% complete.Verification 19% complete.Verification 20% complete.Verification 21% complete.Verification 21% complete.Verification 22% complete.Verification 23% complete.Verification 23% complete.Verification 24% complete.Verification 24% complete.Verification 25% complete.Verification 26% complete.Verification 26% complete.Verification 27% complete.Verification 28% complete.Verification 28% complete.Verification 29% complete.Verification 30% complete.Verification 30% complete.Verification 31% complete.Verification 32% complete.Verification 32% complete.Verification 33% complete.Verification 33% complete.Verification 34% complete.Verification 35% complete.Verification 35% complete.Verification 36% complete.Verification 37% complete.Verification 37% complete.Verification 38% complete.Verification 39% complete.Verification 39% complete.Verification 40% complete.Verification 40% complete.Verification 41% complete.Verification 42% complete.Verification 42% complete.Verification 43% complete.Verification 44% complete.Verification 44% complete.Verification 45% complete.Verification 46% complete.Verification 46% complete.Verification 47% complete.Verification 48% complete.Verification 48% complete.Verification 49% complete.Verification 49% complete.Verification 50% complete.Verification 51% complete.Verification 51% complete.Verification 52% complete.Verification 53% complete.Verification 53% complete.Verification 54% complete.Verification 55% complete.Verification 55% complete.Verification 56% complete.Verification 56% complete.Verification 57% complete.Verification 58% complete.Verification 58% complete.Verification 59% complete.Verification 60% complete.Verification 60% complete.Verification 61% complete.Verification 62% complete.Verification 62% complete.Verification 63% complete.Verification 64% complete.Verification 64% complete.Verification 65% complete.Verification 65% complete.Verification 66% complete.Verification 67% complete.Verification 67% complete.Verification 68% complete.Verification 69% complete.Verification 69% complete.Verification 70% complete.Verification 71% complete.Verification 71% complete.Verification 72% complete.Verification 72% complete.Verification 73% complete.Verification 74% complete.Verification 74% complete.Verification 75% complete.Verification 76% complete.Verification 76% complete.Verification 77% complete.Verification 78% complete.Verification 78% complete.Verification 79% complete.Verification 80% complete.Verification 80% complete.Verification 81% complete.Verification 81% complete.Verification 82% complete.Verification 83% complete.Verification 83% complete.Verification 84% complete.Verification 85% complete.Verification 85% complete.Verification 86% complete.Verification 87% complete.Verification 87% complete.Verification 88% complete.Verification 89% complete.Verification 89% complete.Verification 90% complete.Verification 90% complete.Verification 91% complete.Verification 92% complete.Verification 92% complete.Verification 93% complete.Verification 94% complete.Verification 94% complete.Verification 95% complete.Verification 96% complete.Verification 96% complete.Verification 97% complete.Verification 97% complete.Verification 98% complete.Verification 99% complete.Verification 99% complete.Verification 100% complete.


Windows Resource Protection did not find any integrity violations.


========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset C:\resettcpip.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {6140CBBB-57C9-422A-97E0-4339C2D12630}.
Unable to cancel {C9102169-6043-4456-9D9E-56995E696DED}.
Unable to cancel {DAC736A5-28D2-4A4F-9292-93832190E3C7}.
0 out of 3 jobs canceled.

========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-249627006-3391249319-856258202-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-249627006-3391249319-856258202-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15583498 B
Java, Flash, Steam htmlcache => 253903022 B
Windows/system/drivers => 508388 B
Edge => 0 B
Chrome => 8183250 B
Firefox => 377215251 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33058 B
systemprofile32 => 33058 B
LocalService => 5850602 B
NetworkService => 5847034 B
DredNawt => 13465719 B

RecycleBin => 0 B
EmptyTemp: => 657.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:47:41 ====



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:11 PM

Posted 17 April 2018 - 09:55 PM

Good the hear.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
Startbatch:
@echo off
net stop BITS
ipconfig /flushdns
ren "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr0.dat" qmgr0.dat.old
ren "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr1.dat" qmgr1.dat.old
net start BITS
Endbatch:
Powershell: Get-BitsTransfer -AllUsers
zip: C:\Users\Public\AppData:CSM
reboot:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • The tool will also create a zip file on your Desktop with today's date and time, example 05.12.2016_13.04.06.zip. Please attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Attached zipped file
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Sluggy

Sluggy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 19 April 2018 - 12:25 AM

Error for Facebook came up again. Might have to call my provider and see, I thought that had to do with the DNS hijack and that is my primary concern.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by DredNawt (19-04-2018 01:16:51) Run:2
Running from I:\Portable Anti-Malware
Loaded Profiles: DredNawt (Available Profiles: DredNawt)
Boot Mode: Normal
==============================================

fixlist content:
*****************
 Startbatch:
@echo off
net stop BITS
ipconfig /flushdns
ren "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr0.dat" qmgr0.dat.old
ren "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr1.dat" qmgr1.dat.old
net start BITS
Endbatch:
Powershell: Get-BitsTransfer -AllUsers
zip: C:\Users\Public\AppData:CSM
reboot:
*****************


========= Batch: =========
The Background Intelligent Transfer Service service is stopping..
The Background Intelligent Transfer Service service was stopped successfully.


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.
The Background Intelligent Transfer Service service is starting.
The Background Intelligent Transfer Service service was started successfully.


========= End of Batch: =========


========= Get-BitsTransfer -AllUsers =========


========= End of Powershell: =========

================== Zip: ===================
C:\Users\Public\AppData:CSM -> Could not copy
=========== Zip: End ===========


The system needed a reboot.

==== End of Fixlog 01:16:58 ====

Attached Files



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:11 PM

Posted 19 April 2018 - 09:15 AM

There is no evidence this issue is related to your computer. Contacting your ISP might be a good idea.

Is there anything else I can assist you with?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Sluggy

Sluggy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 21 April 2018 - 11:49 AM

Ok, thank you for taking your time to help me, I will contact them and see what's going on! I greatly appreciate it and your verse is an excellent one.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:11 PM

Posted 21 April 2018 - 03:15 PM

Thank you Mo.

You are quite welcome and thank you for the encouragement.

You can delete the FRST icon and the C:\FRST folder if you'd like.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your computer is now clean. Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean.

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. ohmy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:11 PM

Posted 22 April 2018 - 07:53 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users