Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected w32/detrahere.b!dr, w32/tiggre.fn & browser reditects to Bing


  • This topic is locked This topic is locked
9 replies to this topic

#1 shotsky

shotsky

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 05 April 2018 - 08:19 AM

First noticed a problem when Google redirected to Bing after a search. System started getting slower and slower.
 
I have run
 
Malware Bytes(nothing found)
 
- ESET On Line Scanner(Would not complete)
 
- Hitman Pro(nothing found)
 
- Microsoft Security Essential
 
       found win32/Detrahere.b!dr
 
       found win32/Tiggre!fn
 
I found 3 files in Process Explorer that appear to be random files and appear beneath
 
Winlogon
 
They are (in order)
 
- upintzrsvc,exe
 
- psmlznh.exe
 
- sbtakg.exe (several instances)
 
I can get no information on these files, I get no permission or access denied messages
 
Unable to rename these files or delete them.
 
I have difficulty downloading additional Anti-Virus software
 
I have the original CD/DVD.
 
I tried a system repair through Recovery Console but my password will not work for Administrator
 
I am running Windows 7 Professional, 32 Bit, Service Pack 1
 
FRST Log
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018
Ran by rschott (administrator) on OPDESK (05-04-2018 07:38:55)
Running from C:\Users\rschott\Downloads
Loaded Profiles: rschott & Bob (Available Profiles: rschott & Bob)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Windows\System32\upintzrsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Users\rschott\AppData\Local\psmlznh\psmlznh.exe
() C:\Users\rschott\AppData\Local\psmlznh\sbrtakg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-21-3554609007-1474533479-2271469533-1139\...\RunOnce: [Application Restart #0] => C:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKU\S-1-5-21-3619198119-2651186406-1755481072-1000\...\MountPoints2: {86bc9ece-e7d7-11e6-a3dc-806e6f6e6963} - D:\autoRcd.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-3554609007-1474533479-2271469533-1122] => localhost:8080
AutoConfigURL: [S-1-5-21-3554609007-1474533479-2271469533-1122] => localhost:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.1.5
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{ACE68852-B3EB-49FD-BEDD-4E9C1D71AC71}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{ACE68852-B3EB-49FD-BEDD-4E9C1D71AC71}: [DhcpNameServer] 192.168.1.5
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-3554609007-1474533479-2271469533-1122\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131647340331818006&GUID=52066FDC-DC90-457E-9376-39621A81C30F
HKU\S-1-5-21-3554609007-1474533479-2271469533-1122\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3619198119-2651186406-1755481072-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll [2017-03-07] (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll [2017-03-07] (LastPass)
 
FireFox:
========
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2017-11-21] (DivX, LLC)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files\LastPass\nplastpass.dll [2017-03-07] (LastPass)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default [2018-04-05]
CHR Extension: (US Weather Radar) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\abdnkhfljcoblghnaabndinjadlmhknj [2017-01-31]
CHR Extension: (No Name) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-31]
CHR Extension: (Photo resize compress and Zip) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blinbhliohhhnddefmgbaelknpjpopjh [2017-10-03]
CHR Extension: (No Name) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-31]
CHR Extension: (Adblock Plus) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-29]
CHR Extension: (No Name) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjanmonomjogheabiocdamfpknlpdehm [2018-03-21]
CHR Extension: (Space Station Finder) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcalalddojoejbjlfjgenljkkmjfmije [2017-01-31]
CHR Extension: (Application Name) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2018-01-22]
CHR Extension: (Google News) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2017-01-31]
CHR Extension: (Chameleon) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpojjilddefgnhiicjcmhbkjgbbclob [2018-02-20]
CHR Extension: (Multiple Account Checker for Gmail™) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnimhgelcnggigekhdjlifjpndgmnglm [2017-01-31]
CHR Extension: (World News) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\dodpnnoknmnbhnmoonenfmhdpfflbkmn [2017-01-31]
CHR Extension: (No Name) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2018-02-13]
CHR Extension: (Blacklist Whitelist) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpiobebbffkbhnbijjibcnifgnidnmkd [2017-08-09]
CHR Extension: (Black Menu for Google™) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\eignhdfgaldabilaaegmdfbajngjmoke [2018-04-04]
CHR Extension: (MailChimp) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\einnfnfpkbbebamphappjlmbedgjbnoe [2017-01-31]
CHR Extension: (Gmail Offline) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2017-01-31]
CHR Extension: (No Name) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhgfjppipknidohpibdcibpnlngepei [2017-01-31]
CHR Extension: (Chrome Remote Desktop) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-11-07]
CHR Extension: (Planetarium) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2017-01-31]
CHR Extension: (Save to Google Drive) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2017-11-27]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2017-08-01]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-04-02]
CHR Extension: (TuneIn Radio) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhkolpgedpldcfmkgbdokgiljfbblpfj [2017-01-31]
CHR Extension: (SpeedAnalysis.com) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\iccflhnofikabhofiecmimkdmdjbkpnn [2017-01-31]
CHR Extension: (Pixlr Editor) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2017-01-31]
CHR Extension: (No Name) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2017-01-31]
CHR Extension: (Open in VLC media player) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihpiinojhnfhpdmmacgmpoonphhimkaj [2017-09-25]
CHR Extension: (No Name) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2018-03-26]
CHR Extension: (Waze - Google Maps™ link) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jblojdkgpamepmiammlgkkhknojnlmai [2017-01-31]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-02-01]
CHR Extension: (No Name) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpedbpkelbhcbkdaglillalioeeekbpb [2017-01-31]
CHR Extension: (No Name) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2018-01-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2018-03-28]
CHR Extension: (No Name) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-31]
CHR Extension: (Chrome Media Router) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-28]
CHR Profile: C:\Users\rschott\AppData\Local\Google\Chrome\User Data\System Profile [2018-04-03]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3554609007-1474533479-2271469533-1122\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\imdhvtlu <==== ATTENTION (Rootkit!)
 
S2 chromoting; C:\Program Files\Google\Chrome Remote Desktop\65.0.3325.40\remoting_host.exe [71512 2018-02-01] (Google Inc.)
S2 e22f02dadddbee8749c5207c136a7b10; C:\Windows\e22f02dadddbee8749c5207c136a7b10.dll [1306624 2018-03-05] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 --; C:\Users\rschott\AppData\Local\Temp\343262353\ic-0.e2f56beb6e31b8.exe /wl 1 [X] <==== ATTENTION
S2 SDUpdateService; "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" [X]
S2 SDWSCService; "C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [84992 2009-05-11] (Broadcom Corporation)
R4 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [47552 2018-04-04] ()
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
S3 eilorv; system32\drivers\loruyb.sys [X]
S3 MBAMSwissArmy; System32\Drivers\mbamswissarmy.sys [X]
S1 msidntfs; system32\drivers\msidntfs.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-05 07:38 - 2018-04-05 07:39 - 000013338 _____ C:\Users\rschott\Downloads\FRST.txt
2018-04-04 14:51 - 2009-06-10 17:42 - 000001688 _____ C:\Windows\system32\autoexec - Copy.nt
2018-04-04 14:12 - 2018-04-04 14:12 - 000421240 _____ C:\Users\rschott\Desktop\dllhost.dmp
2018-04-04 14:09 - 2018-04-04 14:09 - 000000000 ____D C:\Users\rschott\AppData\Roaming\Google
2018-04-04 14:04 - 2018-04-04 14:04 - 000000000 ____D C:\Users\rschott\AppData\Roaming\Adobe
2018-04-04 12:40 - 2018-04-04 12:40 - 000000000 ____D C:\Users\rschott\AppData\Local\ElevatedDiagnostics
2018-04-04 10:58 - 2018-04-05 07:38 - 001116490 _____ C:\Windows\ntbtlog.txt
2018-04-04 10:58 - 2018-04-04 10:58 - 000147008 _____ C:\Windows\Minidump\040418-26629-01.dmp
2018-04-04 10:58 - 2018-04-04 10:58 - 000047552 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2018-04-03 13:45 - 2018-04-03 13:45 - 000000000 ____D C:\Users\rschott\AppData\Local\CEF
2018-04-03 10:39 - 2018-04-03 10:40 - 000000079 _____ C:\Windows\wininit.ini
2018-04-03 09:48 - 2018-04-03 09:48 - 039722608 _____ (Microsoft Corporation) C:\Users\rschott\Downloads\Windows-KB890830-V5.58.exe
2018-04-03 09:29 - 2018-04-03 09:29 - 000113488 ____N C:\Windows\system32\Drivers\sbsvybfi.sys
2018-04-03 08:50 - 2018-04-03 08:51 - 000013576 _____ C:\TDSSKiller.3.1.0.16_03.04.2018_08.50.30_log.txt
2018-04-03 08:49 - 2018-04-03 08:33 - 005546648 _____ (COMODO) C:\cav_installer_10309_3f.exe
2018-04-03 08:31 - 2018-04-03 08:32 - 000000000 ____D C:\Users\rschott\Desktop\avs
2018-04-02 13:18 - 2018-04-02 13:18 - 000233244 _____ C:\Users\rschott\Desktop\winlogon.dmp
2018-04-02 12:19 - 2018-04-02 12:19 - 000000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2018-04-02 12:19 - 2018-04-02 12:19 - 000000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2018-04-02 12:19 - 2018-04-02 12:19 - 000000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2018-04-02 12:03 - 2018-04-02 12:03 - 000000233 _____ C:\Users\rschott\Desktop\test.txt
2018-04-02 11:57 - 2018-04-02 11:57 - 000013092 _____ C:\TDSSKiller.3.1.0.16_02.04.2018_11.57.30_log.txt
2018-04-02 09:50 - 2018-04-04 10:58 - 001966080 ____N C:\Windows\system32\upintzrsvc.exe
2018-04-02 07:54 - 2018-04-04 11:01 - 000000000 ____D C:\Users\rschott\AppData\Local\psmlznh
2018-04-02 07:48 - 2018-04-02 07:49 - 000147008 _____ C:\Windows\Minidump\040218-50981-01.dmp
2018-03-29 22:09 - 2018-03-29 22:09 - 000147000 _____ C:\Windows\Minidump\032918-49015-01.dmp
2018-03-29 04:33 - 2018-03-29 04:33 - 000147000 _____ C:\Windows\Minidump\032918-55754-01.dmp
2018-03-28 10:49 - 2018-04-03 09:27 - 000000344 _____ C:\Windows\system32\.crusader
2018-03-28 10:05 - 2018-03-28 10:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-03-28 10:05 - 2018-03-28 10:05 - 000000000 ____D C:\Program Files\HitmanPro
2018-03-28 10:04 - 2018-03-29 08:24 - 000000000 ____D C:\ProgramData\HitmanPro
2018-03-28 10:04 - 2018-03-28 10:04 - 010993872 _____ (SurfRight B.V.) C:\Users\rschott\Downloads\HitmanPro.exe
2018-03-28 09:43 - 2018-03-28 09:44 - 000023796 _____ C:\TDSSKiller.3.1.0.16_28.03.2018_09.43.01_log.txt
2018-03-28 09:37 - 2018-03-28 10:51 - 000151699 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-03-28 09:37 - 2018-03-28 10:18 - 000206558 _____ C:\Windows\ZAM.krnl.trace
2018-03-28 09:37 - 2018-03-28 09:37 - 000000000 ____D C:\Users\rschott\AppData\Local\Wolf of Webstreet OPC Private Limited
2018-03-28 09:36 - 2018-03-28 09:36 - 000000000 ____D C:\Users\rschott\AppData\Local\Zemana
2018-03-28 09:32 - 2018-03-28 09:32 - 000000000 ____D C:\Users\rschott\Downloads\tdl-detector
2018-03-28 09:19 - 2018-03-28 09:19 - 000000796 _____ C:\Users\rschott\Downloads\Fixlog.txt
2018-03-28 09:15 - 2018-04-05 07:38 - 000000000 ____D C:\FRST
2018-03-28 09:14 - 2018-03-28 09:14 - 001764352 _____ (Farbar) C:\Users\rschott\Downloads\FRST.exe
2018-03-27 10:07 - 2018-04-03 13:43 - 000000000 ____D C:\AdwCleaner
2018-03-27 10:00 - 2018-04-04 10:57 - 000000000 ____D C:\Windows\pss
2018-03-27 09:39 - 2018-03-27 09:42 - 007872224 _____ C:\Users\rschott\Downloads\spybotsd_includes.exe
2018-03-27 09:22 - 2018-04-04 10:58 - 264844035 _____ C:\Windows\MEMORY.DMP
2018-03-27 09:22 - 2018-04-04 10:58 - 000000000 ____D C:\Windows\Minidump
2018-03-27 09:22 - 2018-03-27 09:22 - 000147008 _____ C:\Windows\Minidump\032718-61823-01.dmp
2018-03-27 08:53 - 2018-04-03 13:43 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-03-27 08:53 - 2018-04-03 10:40 - 000000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2018-03-27 08:50 - 2018-03-27 08:51 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\rschott\Downloads\spybotsd-2.6.46.exe
2018-03-27 08:08 - 2018-03-27 08:09 - 006968952 _____ (ESET spol. s r.o.) C:\Users\rschott\Downloads\esetonlinescanner_enu.exe
2018-03-27 07:50 - 2018-03-27 07:52 - 001790024 _____ (Malwarebytes) C:\Users\rschott\Downloads\JRT.exe
2018-03-27 07:50 - 2018-03-27 07:52 - 001790024 _____ (Malwarebytes) C:\Users\rschott\Downloads\JRT (1).exe
2018-03-27 07:33 - 2018-03-28 10:52 - 000213723 ____N C:\Windows\Minidump\032818-67969-01.dmp
2018-03-26 13:51 - 2018-03-26 13:51 - 000000000 ____D C:\Users\rschott\AppData\Local\ESET
2018-03-26 13:17 - 2018-03-26 13:17 - 008222496 _____ (Malwarebytes) C:\Users\rschott\Downloads\AdwCleaner2.exe
2018-03-26 13:14 - 2018-03-26 13:16 - 000014534 _____ C:\TDSSKiller.3.1.0.16_26.03.2018_13.14.50_log.txt
2018-03-26 13:13 - 2018-03-26 13:14 - 004944584 _____ (AO Kaspersky Lab) C:\Users\rschott\Downloads\tdsskiller.exe
2018-03-22 03:24 - 2018-03-22 03:24 - 000000000 ____D C:\Users\rschott\AppData\Local\wmcagent
2018-03-21 13:24 - 2018-03-23 03:00 - 000000000 ____D C:\Users\rschott\AppData\Local\nvouwct
2018-03-21 11:58 - 2018-03-21 11:58 - 000000162 _____ C:\Users\rschott\Documents\Web-Act-Redo.txt
2018-03-21 10:24 - 2018-03-21 10:37 - 000000000 ____D C:\Users\rschott\Downloads\Alvin Lee The Anthology 2003 disc1-2
2018-03-21 10:12 - 2018-03-21 10:12 - 000017071 _____ C:\Users\rschott\Downloads\(Rok) Alvin Lee The Anthology(CD1) (CD2) - 2002, APE (image + .cue), lossless [rutracker-310270].torrent
2018-03-21 07:31 - 2018-03-21 07:31 - 000001205 _____ C:\Users\rschott\Desktop\MediaHuman Audio Converter.lnk
2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Users\rschott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaHuman
2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Users\rschott\AppData\Local\MediaHuman
2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Program Files\MediaHuman
2018-03-21 07:23 - 2018-03-21 07:24 - 032488744 _____ (MediaHuman ) C:\Users\rschott\Downloads\MHAudioConverter.exe
2018-03-20 14:59 - 2018-03-20 14:59 - 000000000 ____D C:\Users\rschott\Downloads\Phil Keaggy - Premium Jams {1999}{Canis Major 0005-2}
2018-03-20 14:46 - 2018-03-20 14:46 - 036925048 _____ C:\Users\rschott\Downloads\NASA's Eyes.exe
2018-03-20 13:55 - 2018-03-20 13:55 - 000224950 _____ C:\Users\rschott\Desktop\Microsoft Access Query Tips and Techniques with SQL and VBA Code.html
2018-03-20 13:55 - 2018-03-20 13:55 - 000000000 ____D C:\Users\rschott\Desktop\Microsoft Access Query Tips and Techniques with SQL and VBA Code_files
2018-03-15 14:43 - 2018-03-15 14:43 - 000230679 _____ C:\Users\rschott\Downloads\Class-Descriptions.pdf
2018-03-15 11:42 - 2018-03-15 11:42 - 000244202 _____ C:\Users\rschott\Desktop\Class-Descriptions.pdf
2018-03-14 23:17 - 2018-02-13 14:31 - 000117440 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-03-14 23:17 - 2018-02-13 14:24 - 000534016 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-03-14 23:17 - 2018-02-13 10:04 - 001893888 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-03-14 23:17 - 2018-02-13 10:04 - 001319424 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-03-14 23:17 - 2018-02-13 10:04 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-03-14 23:17 - 2018-02-13 10:04 - 000508416 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-03-14 23:17 - 2018-02-13 10:04 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-03-14 23:17 - 2018-02-13 10:04 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-03-14 23:17 - 2018-02-13 10:04 - 000212992 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-03-14 23:17 - 2018-02-13 10:04 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-03-12 11:38 - 2018-03-12 11:38 - 000059837 _____ C:\Users\rschott\Downloads\generatedPDF.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-05 07:33 - 2009-07-13 22:03 - 013631488 _____ C:\Windows\system32\config\HARDWARE
2018-04-03 14:14 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\winevt
2018-04-03 14:11 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\spool
2018-04-03 14:10 - 2009-07-14 00:34 - 000000000 ____D C:\Windows\Setup
2018-04-03 14:10 - 2009-07-13 22:37 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-04-03 14:10 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\SMI
2018-04-03 14:10 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\Setup
2018-04-03 14:10 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\MUI
2018-04-03 14:10 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\com
2018-04-03 14:09 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\security
2018-04-03 14:09 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\Registration
2018-04-03 14:09 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\PLA
2018-04-03 14:08 - 2017-01-31 13:05 - 000000000 ____D C:\Windows\Panther
2018-04-03 14:08 - 2017-01-31 11:35 - 000000000 ____D C:\Program Files\Google
2018-04-03 14:08 - 2017-01-31 10:50 - 000000000 ____D C:\Users\rschott
2018-04-03 14:08 - 2013-09-17 11:29 - 000000000 ____D C:\VC
2018-04-03 14:08 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2018-04-03 14:08 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\Help
2018-04-03 14:07 - 2017-02-01 10:52 - 000000000 ___RD C:\Users\rschott\Google Drive
2018-04-03 13:47 - 2018-03-05 10:11 - 000000000 ____D C:\Users\rschott\AppData\Roaming\AGData
2018-04-03 13:47 - 2017-06-15 13:56 - 000000000 ____D C:\Users\rschott\AppData\Roaming\DivX
2018-04-03 13:47 - 2017-04-04 07:23 - 000000000 ____D C:\Users\rschott\AppData\Roaming\Audacity
2018-04-03 13:47 - 2017-02-01 09:53 - 000000000 ____D C:\Users\rschott\AppData\Roaming\MediaMonkey
2018-04-03 13:45 - 2017-01-31 11:35 - 000000000 ____D C:\Users\rschott\AppData\Local\Google
2018-04-03 13:44 - 2018-01-31 09:43 - 000000000 ____D C:\Users\edoruszewski
2018-04-03 13:44 - 2017-01-31 13:26 - 000000000 ____D C:\Users\Bob
2018-04-03 13:44 - 2017-01-31 11:34 - 000000000 ____D C:\Users\rschott\AppData\Local\Apps\2.0
2018-04-03 13:44 - 2009-07-14 03:49 - 000000000 ___RD C:\Users\Public\Recorded TV
2018-04-03 13:43 - 2018-01-31 09:16 - 000000000 ____D C:\Program Files\TFP_for_2017
2018-04-03 13:43 - 2009-11-03 18:45 - 000000000 ____D C:\dell
2018-04-03 13:43 - 2009-07-14 00:52 - 000000000 ____D C:\Program Files\Windows Sidebar
2018-04-03 13:43 - 2009-07-13 22:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-04-03 09:52 - 2017-10-11 03:02 - 127391104 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-03 09:52 - 2017-02-09 10:59 - 127391104 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-03 09:42 - 2009-07-14 00:34 - 000014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-03 09:42 - 2009-07-14 00:34 - 000014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-03 09:31 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-02 09:43 - 2017-01-31 10:48 - 000000136 _____ C:\Windows\system32\config\netlogon.ftl
2018-04-02 07:10 - 2009-07-13 22:04 - 000000478 _____ C:\Windows\win.ini
2018-03-26 09:21 - 2017-01-31 13:28 - 000785794 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-21 13:19 - 2017-06-28 07:13 - 000416072 _____ C:\Windows\system32\FNTCACHE.DAT
2018-03-21 10:12 - 2017-06-28 07:15 - 000112536 _____ C:\Users\rschott\AppData\Local\GDIPFONTCACHEV1.DAT
2018-03-21 09:56 - 2017-01-31 11:01 - 000000000 ____D C:\Program Files\Microsoft Office
2018-03-21 09:47 - 2017-08-15 12:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2018-03-15 03:07 - 2017-03-15 03:25 - 000000000 ____D C:\Windows\system32\appraiser
 
==================== Files in the root of some directories =======
 
1617-11-26 21:04 - 1617-11-26 21:04 - 000073216 ____N (Microsoft Corporation) C:\Program Files\Common Files\iPcPYoh.exe
2017-03-07 08:23 - 2017-03-07 08:23 - 022762520 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
1617-11-26 21:04 - 1617-11-26 21:04 - 000073216 ____N (Microsoft Corporation) C:\Users\rschott\AppData\Roaming\oyZLydUAmk.exe
2017-07-31 09:49 - 2018-02-20 09:51 - 000007168 _____ () C:\Users\rschott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-06-12 10:45 - 2017-06-12 10:45 - 000000036 _____ () C:\Users\rschott\AppData\Local\housecall.guid.cache
2018-03-05 10:15 - 2018-03-05 10:15 - 000140800 _____ () C:\Users\rschott\AppData\Local\installer.dat
2018-03-05 10:11 - 2018-03-05 10:11 - 000000003 _____ () C:\Users\rschott\AppData\Local\wbem.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\sbsvybfi.sys -> Access Denied <======= ATTENTION
 
 
safeboot: Minimal => The system is configured to boot to Safe Mode <==== ATTENTION
 
LastRegBack: 2018-03-29 00:32
 
==================== End of FRST.txt ============================
 
 
Addition Log
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by rschott (05-04-2018 07:39:36)
Running from C:\Users\rschott\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2017-01-31 17:26:48)
Boot Mode: Safe Mode (minimal)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3619198119-2651186406-1755481072-500 - Administrator - Disabled)
Bob (S-1-5-21-3619198119-2651186406-1755481072-1000 - Administrator - Enabled) => C:\Users\Bob
Guest (S-1-5-21-3619198119-2651186406-1755481072-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Audacity 2.1.3 (HKLM\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Backup and Sync from Google (HKLM\...\{AC62F3F2-61A2-4357-93EC-C308E3FEDF4E}) (Version: 3.39.8370.7843 - Google, Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}) (Version: 12.25.02 - Broadcom Corporation)
Bullzip PDF Printer 11.0.0.2588 (HKLM\...\Bullzip PDF Printer_is1) (Version: 11.0.0.2588 - Bullzip)
Chrome Remote Desktop Host (HKLM\...\{14C6B17A-F825-431E-9A36-8D89E65B24C8}) (Version: 65.0.3325.40 - Google Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.292 - SurfRight B.V.)
IrfanView 4.44 (32-bit) (HKLM\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
LastPass (uninstall only) (HKLM\...\LastPass) (Version:  - LastPass)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MediaHuman Audio Converter version 1.9.6.5 (HKLM\...\MHAudioConverter_is1) (Version: 1.9.6.5 - MediaHuman)
MediaMonkey 4.1 (HKLM\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (English) (HKLM\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{4A1DEB7A-341B-453E-A3AF-7EA9902F9711}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
NYI Massage_RICOH MP C8002 PCL 6_MPC8002 Server 2008 32 Bit [RICOH MP C8002 PCL 6] (HKLM\...\{6851D262-F4EA-4915-BFBF-735B041B981E}) (Version: 1.0.0 - RICOH)
Office-Logic Workstation (HKLM\...\Office-Logic Workstation) (Version: 9.0 - LAN-ACES Inc.)
SAP Crystal Reports runtime engine for .NET Framework (32-bit) (HKLM\...\{BB4E642E-4F07-4C2A-B146-AB4CB1C3CEA2}) (Version: 13.0.20.2399 - SAP)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
TFP for 2017 (HKLM\...\{40486C9F-4FF8-4B22-9193-4AE5B16B0183}) (Version: 1.0.0.0 - ComplyRight) Hidden
TFP for 2017 (HKLM\...\{646ce7c7-6cc8-414d-a8c8-6ea846ce6ce3}) (Version: 1.0.0.0 - ComplyRight, Inc.)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00000010-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> c:\program files\common files\microsoft shared\dao\dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00000011-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> c:\program files\common files\microsoft shared\dao\dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00000013-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> c:\program files\common files\microsoft shared\dao\dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00000014-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> c:\program files\common files\microsoft shared\dao\dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00000015-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> c:\program files\common files\microsoft shared\dao\dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00000016-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> c:\program files\common files\microsoft shared\dao\dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00000017-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> c:\program files\common files\microsoft shared\dao\dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00000018-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> c:\program files\common files\microsoft shared\dao\dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00000019-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> c:\program files\common files\microsoft shared\dao\dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00028C00-0000-0000-0000-000000000046}\InprocServer32 -> C:\Windows\system32\dbgrid32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00028C03-0000-0000-0000-000000000046}\InprocServer32 -> C:\Windows\system32\dbgrid32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00028C04-0000-0000-0000-000000000046}\InprocServer32 -> C:\Windows\system32\dbgrid32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00028C08-0000-0000-0000-000000000046}\InprocServer32 -> C:\Windows\system32\dbgrid32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00028C0D-0000-0000-0000-000000000046}\InprocServer32 -> C:\Windows\system32\dbgrid32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00028C0E-0000-0000-0000-000000000046}\InprocServer32 -> C:\Windows\system32\dbgrid32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{02A69B00-081B-101B-8933-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\dblist32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{030B4A80-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{030B4A81-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{030B4A82-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{0713E8C4-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\msdatlst.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> M:\PROGRA~1\VIRTUA~1.93\mfc40.dll => No File
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> M:\PROGRA~1\VIRTUA~1.93\mfc40.dll => No File
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> M:\PROGRA~1\VIRTUA~1.93\mfc40.dll => No File
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{0ECD9B64-23AA-11D0-B351-00A0C9055D8E}\InprocServer32 -> C:\Windows\system32\mshflxgd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{198887E6-AC76-11D0-A77C-00A024A55AB0}\InprocServer32 -> C:\Windows\system32\mswcrun.dll (Microsoft)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{1EFD6A40-3999-11CF-9150-00AA0059F70D}\InprocServer32 -> C:\Windows\system32\mci32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{1F6F8D20-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{20C62CA0-15DA-101B-B9A8-444553540000}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{20C62CAB-15DA-101B-B9A8-444553540000}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{21D93911-CB0F-11D0-84AC-00A0C90DC8A9}\InprocServer32 -> C:\Windows\system32\msdbrptr.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{21D93913-CB0F-11D0-84AC-00A0C90DC8A9}\InprocServer32 -> C:\Windows\system32\msdbrptr.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{22D9B560-783E-11CF-8E78-00A0D100038E}\InprocServer32 -> C:\Windows\system32\msrdc20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32 -> C:\Windows\system32\mswinsck.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32 -> C:\Windows\system32\mswinsck.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{27395F85-0C0C-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\picclp32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{275DBBA0-805A-11CF-91F7-C2863C385E30}\InprocServer32 -> C:\Windows\system32\msflxgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{27F8FFB1-7406-11D1-B18C-00A0C922E820}\InprocServer32 -> C:\Windows\system32\msadodc.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{27F8FFB2-7406-11D1-B18C-00A0C922E820}\InprocServer32 -> C:\Windows\system32\msadodc.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{3775D2E0-7C5D-11CF-899E-00AA00688B10}\InprocServer32 -> C:\Windows\system32\mci32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{3A2B370C-BA0A-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\Windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{3D5C6BF2-69A3-11D0-B393-00A0C9055D8E}\InprocServer32 -> C:\Windows\system32\msderun.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{43478D73-78E0-11CF-8E78-00A0D100038E}\InprocServer32 -> C:\Windows\system32\msrdc20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{4CAD92F0-D7C4-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\Windows\system32\msdatgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{59245250-7A2F-11D0-9482-00A0C91110ED}\InprocServer32 -> C:\Windows\system32\msbind.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{5E71F04C-551F-11CF-8152-00AA00A40C25}\InprocServer32 -> C:\Windows\system32\msrdo20.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{5EBB68F5-3BF1-11CF-814C-00AA00A40C25}\InprocServer32 -> C:\Windows\system32\msrdo20.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{601EB760-8909-11D0-9483-00A0C91110ED}\InprocServer32 -> C:\Windows\system32\msdatrep.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{615054E0-8909-11D0-9483-00A0C91110ED}\InprocServer32 -> C:\Windows\system32\msdatrep.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\InprocServer32 -> C:\Windows\system32\msflxgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{6319EEA0-531B-11CF-91F6-C2863C385E30}\InprocServer32 -> C:\Windows\system32\msflxgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{642AC766-AAB4-11D0-8494-00A0C90DC8A9}\InprocServer32 -> C:\Windows\system32\msdbrptr.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{648A5600-2C6E-101B-82B6-000000000014}\InprocServer32 -> C:\Windows\system32\mscomm32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{648A5604-2C6E-101B-82B6-000000000014}\InprocServer32 -> C:\Windows\system32\mscomm32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{67397AA3-7FB1-11D0-B148-00A0C922E820}\InprocServer32 -> C:\Windows\system32\msadodc.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{699DDBCC-DC7E-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{6B7F1602-D44C-11D0-A7D9-AE3D17000000}\InprocServer32 -> C:\Windows\system32\mswcrun.dll (Microsoft)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{6FBA474B-43AC-11CE-9A0E-00AA0062BB4C}\InprocServer32 -> C:\Windows\system32\sysinfo.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{78E93847-85FD-11D0-8487-00A0C90DC8A9}\InprocServer32 -> C:\Windows\system32\msdbrptr.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{7C3194FC-D942-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\Windows\system32\msdatgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{7EBDAAE0-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{7EBDAAE1-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{7EBDAAE2-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{83730EE4-6C46-11CF-A524-0080C77A7786}\InprocServer32 -> C:\Windows\system32\msmask32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{8D0A8460-D87E-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\Windows\system32\msdatgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{951738D1-D2B7-11D0-B292-00A0C908FB55}\InprocServer32 -> C:\Windows\system32\mshflxgd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{9A8831F0-A263-11D1-8DCF-00A0C90FFFC2}\InprocServer32 -> C:\Windows\system32\msrdo20.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{9A8831F1-A263-11D1-8DCF-00A0C90FFFC2}\InprocServer32 -> C:\Windows\system32\msrdo20.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{9A8831F2-A263-11D1-8DCF-00A0C90FFFC2}\InprocServer32 -> C:\Windows\system32\msrdo20.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{AA2073E6-7B9C-11D0-B143-00A0C922E820}\InprocServer32 -> C:\Windows\system32\msadodc.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{AB36A920-23A5-11D0-B351-00A0C9055D8E}\InprocServer32 -> C:\Windows\system32\mshflxgd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{AB36A921-805A-11CF-91F7-C2863C385E30}\InprocServer32 -> C:\Windows\system32\mshflxgd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{AB39D9A0-557A-11CF-AEBE-00AA00A8F7F3}\InprocServer32 -> C:\Windows\system32\dblist32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{AC5D0DDE-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\Windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{AC5D0DDF-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\Windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{AC5D0DE0-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\Windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{AC5D0DE1-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\Windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{AC5D0DE2-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\Windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{AC5D0DE3-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\Windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{AC5D0DE4-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\Windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{AC5D0DE5-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\Windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{BB1AE0D0-634E-11CF-8996-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{BB1AE0D1-634E-11CF-8996-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}\InprocServer32 -> C:\Windows\system32\mci32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{C932BA85-4374-101B-A56C-00AA003668DC}\InprocServer32 -> C:\Windows\system32\msmask32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{CDE57A43-8B86-11D0-B3C6-00A0C90AEA82}\InprocServer32 -> C:\Windows\system32\msdatgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{CDE57A44-8B86-11D0-B3C6-00A0C90AEA82}\InprocServer32 -> C:\Windows\system32\msdatgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{D0E0AA20-3082-11CF-AEBE-00AA00A8F7F3}\InprocServer32 -> C:\Windows\system32\dblist32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{D0FC8A81-2CB2-101B-82B6-000000000014}\InprocServer32 -> C:\Windows\system32\mscomm32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{E0DC8C80-3486-101B-82B6-000000000014}\InprocServer32 -> C:\Windows\system32\mscomm32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{E4599241-FE37-11D0-A320-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msdatrep.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{E791964C-208A-11CF-8146-00AA00A40C25}\InprocServer32 -> C:\Windows\system32\msrdo20.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{E9D00F06-D948-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\Windows\system32\msdatgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{F0D2F219-CCB0-11D0-A316-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msdatlst.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{F0D2F21C-CCB0-11D0-A316-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msdatlst.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{F0D2F21D-CCB0-11D0-A316-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msdatlst.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{F0D2F21E-CCB0-11D0-A316-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msdatlst.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{F1F6A820-2355-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\picclp32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{FAEEE760-117E-101B-8933-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\dblist32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2018-01-29] (Google)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [DivXShellExtensionItem] -> {48A8A3B0-57E8-4F2B-A49D-19E02B92377B} => C:\Program Files\Common Files\DivX Shared\DivXShellExtension.dll [2017-10-05] (DivX, LLC)
ContextMenuHandlers1: [DivXShellExtensionItem64] -> {6B49A276-0DBA-43F4-BC96-A841AD11B40B} => C:\Program Files\Common Files\DivX Shared\DivXShellExtension.dll [2017-10-05] (DivX, LLC)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2018-01-29] (Google)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2018-01-29] (Google)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {13D84110-EC31-49DC-A649-5C9DDB75804E} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {46FFCBFA-980B-4C9B-97B6-1EA293DCE72D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-01-31] (Google Inc.)
Task: {4F97C3E3-A572-4AFB-AA74-F30766170BF4} - System32\Tasks\{1390DC35-FC33-4698-8619-04A5F3C8A269} => C:\Users\rschott\AppData\Roaming\oyZLydUAmk.exe [1617-11-26] (Microsoft Corporation) <==== ATTENTION
Task: {9CBE97EE-B7EC-4D75-A498-5DAD549078F9} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {B763F374-16AA-469C-A5CF-9E0C662242ED} - System32\Tasks\DivXUpdate => C:\Program Files\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [2017-06-14] (DivX, LLC)
Task: {F61515BD-7332-4C39-BF0F-D0CF2829E4DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-01-31] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\НP Print fоr Сhrоme.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Сhrоmе Rеmotе Desktop.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Сhrоmе Rеmоte Desktор (1).lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnet Ехрlorеr (No Аdd-ons).lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Сhrоme.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Internet Exрlоrеr Вrоwser.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Сhrоme Remоte Desktоp.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооgle Chrоmе.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Сhrome Rеmоte Dеsktор.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a41ce5b91aa3166e\МightyТext - SМS from РC & Тeхt frоm Cоmрuter.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhromе.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
 
ShortcutWithArgument: C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_gbchcmhmhahfdphkhkmpfmihenigjmpp\Chrome Remote Desktop.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\rschott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\HP Print for Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-06-27 07:55 - 2017-11-29 10:11 - 001934792 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
1997-07-11 04:00 - 1997-07-11 04:00 - 000022016 _____ () C:\Windows\system32\docobj.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:04 - 2009-06-10 17:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3554609007-1474533479-2271469533-1122\Control Panel\Desktop\\Wallpaper -> C:\Users\rschott\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3554609007-1474533479-2271469533-1139\Control Panel\Desktop\\Wallpaper -> C:\Users\edoruszewski\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3619198119-2651186406-1755481072-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: AppMgmt => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: Audiosrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BFE => 2
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: chromoting => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: CscService => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: DiagTrack => 2
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: e22f02dadddbee8749c5207c136a7b10 => 2
MSCONFIG\Services: EapHost => 3
MSCONFIG\Services: EFS => 2
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: eventlog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: IKEEXT => 3
MSCONFIG\Services: IPBusEnum => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MMCSS => 2
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: msiserver => 3
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: Netlogon => 2
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: ose => 3
MSCONFIG\Services: osppsvc => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 3
MSCONFIG\Services: PeerDistSvc => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: ProtectedStorage => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: sppuinotify => 3
MSCONFIG\Services: SQLWriter => 2
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: StiSvc => 2
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: UxSms => 2
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WinDefend => 3
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: Wlansvc => 3
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass IE RunOnce.lnk => C:\Windows\pss\Install LastPass IE RunOnce.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Office-Logic.lnk => C:\Windows\pss\Office-Logic.lnk.CommonStartup
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E1727532-FFB7-461D-8E4F-AD7246CF7074}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{D5C8CE76-D2E8-42DB-AFA2-CB2C6F1BBE7E}] => (Allow) C:\Users\rschott\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C8F47A18-9CF7-44BD-91B5-03E349B6B1F8}] => (Allow) C:\Users\rschott\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D0E529BF-D9BB-41C4-8FAA-C365D5845321}] => (Allow) C:\Users\rschott\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E526FE09-3CE9-4014-8EF0-E6EBB9EC41BB}] => (Allow) C:\Users\rschott\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A16288AA-AE04-483D-8E53-9B9672C4BF9E}] => (Allow) C:\Users\rschott\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E29F9846-1230-49FB-8DF1-BD90A0CF56C7}] => (Allow) C:\Users\rschott\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{B8AB1744-266A-459F-92E4-4A728CA3A330}C:\users\rschott\downloads\utorrent.exe] => (Allow) C:\users\rschott\downloads\utorrent.exe
FirewallRules: [UDP Query User{7789FC40-FC92-4731-81C5-877A1F0F9316}C:\users\rschott\downloads\utorrent.exe] => (Allow) C:\users\rschott\downloads\utorrent.exe
FirewallRules: [TCP Query User{85249A3A-B3BE-476F-8783-C8BC3E41C881}C:\program files\mediamonkey\mediamonkey.exe] => (Block) C:\program files\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{4A4B4BDD-D216-45CA-8AC3-6AA2E89BCA8B}C:\program files\mediamonkey\mediamonkey.exe] => (Block) C:\program files\mediamonkey\mediamonkey.exe
FirewallRules: [TCP Query User{9E2FB8E6-144C-4796-86E5-BC541F28A7B5}C:\users\rschott\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\rschott\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{B44DC4C0-DD91-4CBC-B8C3-2DE6BDC42629}C:\users\rschott\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\rschott\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{60B56631-416F-4D57-A413-764A9A19C7E0}] => (Allow) C:\Program Files\Google\Chrome Remote Desktop\65.0.3325.40\remoting_host.exe
FirewallRules: [{EEAD435E-58C0-461A-AF0D-B9F8598DE8C9}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/04/2018 08:08:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.1.7601.23537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 11b4
 
Start Time: 01d3cb60de8b31af
 
Termination Time: 8299
 
Application Path: C:\Windows\explorer.exe
 
Report Id: 40ad7852-3800-11e8-85e0-b8ac6f41a62a
 
Error: (04/04/2018 07:29:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program perfmon.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 22a4
 
Start Time: 01d3cb7579c41310
 
Termination Time: 188
 
Application Path: C:\Windows\System32\perfmon.exe
 
Report Id: 335279a7-37fa-11e8-85e0-b8ac6f41a62a
 
Error: (04/04/2018 01:37:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f74253
Faulting module name: ntdll.dll, version: 6.1.7601.23572, time stamp: 0x57fd0335
Exception code: 0xc0000005
Fault offset: 0x00031dca
Faulting process id: 0x3ec
Faulting application start time: 0x01d3cb501fc0a669
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 43c537c6-37ca-11e8-85e0-b8ac6f41a62a
 
Error: (04/03/2018 10:42:37 AM) (Source: MsiInstaller) (EventID: 11704) (User: NYMASSAGE)
Description: Продукт: IC__iPackage -- Ошибка 1704. Установка "IC__iPackage" приостановлена. Для продолжения необходимо отменить изменения, сделанные приостановленной установкой. Произвести отмену изменений?
 
Error: (04/03/2018 08:57:46 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (04/02/2018 12:22:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDFiles.exe, version: 2.6.46.135, time stamp: 0x535a5153
Faulting module name: SDFiles.exe, version: 2.6.46.135, time stamp: 0x535a5153
Exception code: 0xc0000005
Fault offset: 0x00223b13
Faulting process id: 0xe58
Faulting application start time: 0x01d3ca9eb706fb5d
Faulting application path: C:\Program Files\Spybot - Search & Destroy 2\SDFiles.exe
Faulting module path: C:\Program Files\Spybot - Search & Destroy 2\SDFiles.exe
Report Id: 10964513-3692-11e8-a392-8e21ff520982
 
Error: (04/02/2018 11:55:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HitmanPro.exe, version: 3.8.0.292, time stamp: 0x5a5c5f1c
Faulting module name: HitmanPro.exe, version: 3.8.0.292, time stamp: 0x5a5c5f1c
Exception code: 0xc0000005
Fault offset: 0x002cd0c7
Faulting process id: 0x9b8
Faulting application start time: 0x01d3ca996ec931ee
Faulting application path: C:\Program Files\HitmanPro\HitmanPro.exe
Faulting module path: C:\Program Files\HitmanPro\HitmanPro.exe
Report Id: 46e4f6a5-368e-11e8-a392-8e21ff520982
 
Error: (04/01/2018 07:07:29 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: The device is not ready. (0x80070015).
 
 
System errors:
=============
Error: (04/05/2018 07:40:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/05/2018 07:39:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/05/2018 07:39:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/05/2018 07:39:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/05/2018 07:39:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/05/2018 07:39:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/05/2018 07:38:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/05/2018 07:38:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
CodeIntegrity:
===================================
 
Date: 2018-01-31 08:34:28.179
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz
Percentage of memory in use: 67%
Total physical RAM: 2011.65 MB
Available physical RAM: 658.93 MB
Total Virtual: 4023.3 MB
Available Virtual: 3180.98 MB
 
==================== Drives ================================
 
Drive c: (xp) (Fixed) (Total:148.97 GB) (Free:23.86 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive i: (My Book) (Fixed) (Total:2794.49 GB) (Free:1488.34 GB) NTFS
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:45 AM

Posted 05 April 2018 - 11:56 AM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:
  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)
Let's begin... :)

The computer is infected with a version of the SmartService Rootkit.

You will need another computer to download FRST64 to a USB drive, run FRST64 in the Recovery Environment, then back in Normal Mode.

Please download Farbar Recovery Scan Tool in an uninfected computer and save it to a flash drive (Pen Drive).

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.exe

Please also download the attached file and save it in the same location the FRST64 is saved in the flash drive.

Boot in the Recovery Environment
  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
  • Restart the computer
  • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
  • Use the arrow keys to select Repair your computer, and press on Enter
  • Select your keyboard layout (US, French, etc.) and click on Next
  • Click on Command Prompt to open the command prompt
    Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
Once in the Command Prompt:
  • Insert the USB drive containing FRST64 and the Fixlist
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • First press the Scan button. That will deactivate the rootkit, once the scan is finished, press the Fix button.
  • These actions will make two logs, a Fixlog.txt and a FRST.txt logs in the flash drive. Please copy and paste them in your reply.
Once finished in the Recovery Environment, restart the computer in Normal Mode.
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.
I will expect the following reports:

Frst.txt produced in the Recovery Console
Fixlog.txt produced in the Recovery Console
Frst.txt produced in Normal Mode
Addition.txt produced in Normal Mode

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 shotsky

shotsky
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 05 April 2018 - 01:10 PM

Thanks for the quick response!

 

FRST - Recovery

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018
Ran by SYSTEM on MININT-9FGNFBI (05-04-2018 13:48:00)
Running from G:\
Platform: Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [1057240 2017-11-17] (DivX, LLC)
HKU\edoruszewski\...\RunOnce: [Application Restart #0] => C:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKU\rschott\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [41100328 2018-01-29] ()
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction ? <==== ATTENTION
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"HKLM\System\ControlSet001\Services\imdhvtlu" => removed successfully.
C:\Windows\System32\drivers\sbscfilp.sys => moved successfully
C:\Users\rschott\AppData\Local\psmlznh\psmlznh.exe => moved successfully
C:\Users\rschott\AppData\Local\psmlznh\sbrtakg.exe => moved successfully
C:\Users\rschott\AppData\Local\wmcagent\wmcagent.exe => moved successfully
C:\Users\rschott\AppData\Local\wmcagent\wow_helper.exe => moved successfully
S2 chromoting; C:\Program Files\Google\Chrome Remote Desktop\65.0.3325.40\remoting_host.exe [71512 2018-01-31] (Google Inc.)
S2 e22f02dadddbee8749c5207c136a7b10; C:\Windows\e22f02dadddbee8749c5207c136a7b10.dll [1306624 2018-03-05] ()
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S3 --; C:\Users\rschott\AppData\Local\Temp\343262353\ic-0.e2f56beb6e31b8.exe /wl 1 [X] <==== ATTENTION
S2 SDUpdateService; "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" [X]
S2 SDWSCService; "C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [84992 2009-05-11] (Broadcom Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
S1 MBAMSwissArmy; System32\Drivers\mbamswissarmy.sys [X]
S1 MpKslcbe734d7; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3FDAFC65-0C84-4AA7-9284-0AF7AEFD943B}\MpKslcbe734d7.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-05 08:53 - 2018-04-05 08:53 - 000000000 ____D C:\Users\rschott\Documents\DivX Movies
2018-04-05 04:03 - 2018-04-05 04:03 - 000000000 ____D C:\Users\rschott\AppData\Local\pwsekgt
2018-04-05 03:39 - 2018-04-05 09:10 - 000061410 _____ C:\Users\rschott\Downloads\Addition.txt
2018-04-05 03:38 - 2018-04-05 09:10 - 000028718 _____ C:\Users\rschott\Downloads\FRST.txt
2018-04-04 10:51 - 2009-06-10 13:42 - 000001688 _____ C:\Windows\System32\autoexec - Copy.nt
2018-04-04 10:12 - 2018-04-04 10:12 - 000421240 _____ C:\Users\rschott\Desktop\dllhost.dmp
2018-04-04 10:09 - 2018-04-04 10:09 - 000000000 ____D C:\Users\rschott\AppData\Roaming\Google
2018-04-04 10:04 - 2018-04-04 10:04 - 000000000 ____D C:\Users\rschott\AppData\Roaming\Adobe
2018-04-04 08:40 - 2018-04-04 08:40 - 000000000 ____D C:\Users\rschott\AppData\Local\ElevatedDiagnostics
2018-04-04 06:58 - 2018-04-05 03:58 - 001567780 _____ C:\Windows\ntbtlog.txt
2018-04-04 06:58 - 2018-04-04 06:58 - 000147008 _____ C:\Windows\Minidump\040418-26629-01.dmp
2018-04-04 06:58 - 2018-04-04 06:58 - 000047552 _____ C:\Windows\System32\Drivers\hitmanpro37.sys
2018-04-03 09:45 - 2018-04-03 09:45 - 000000000 ____D C:\Users\rschott\AppData\Local\CEF
2018-04-03 06:39 - 2018-04-03 06:40 - 000000079 _____ C:\Windows\wininit.ini
2018-04-03 05:48 - 2018-04-03 05:48 - 039722608 _____ (Microsoft Corporation) C:\Users\rschott\Downloads\Windows-KB890830-V5.58.exe
2018-04-03 04:50 - 2018-04-03 04:51 - 000013576 _____ C:\TDSSKiller.3.1.0.16_03.04.2018_08.50.30_log.txt
2018-04-03 04:49 - 2018-04-03 04:33 - 005546648 _____ (COMODO) C:\cav_installer_10309_3f.exe
2018-04-03 04:31 - 2018-04-03 04:32 - 000000000 ____D C:\Users\rschott\Desktop\avs
2018-04-02 09:18 - 2018-04-02 09:18 - 000233244 _____ C:\Users\rschott\Desktop\winlogon.dmp
2018-04-02 08:03 - 2018-04-02 08:03 - 000000233 _____ C:\Users\rschott\Desktop\test.txt
2018-04-02 07:57 - 2018-04-02 07:57 - 000013092 _____ C:\TDSSKiller.3.1.0.16_02.04.2018_11.57.30_log.txt
2018-04-02 05:50 - 2018-04-05 08:56 - 001966080 ____N C:\Windows\System32\upintzrsvc.exe
2018-04-02 03:54 - 2018-04-05 13:48 - 000000000 ____D C:\Users\rschott\AppData\Local\psmlznh
2018-04-02 03:48 - 2018-04-02 03:49 - 000147008 _____ C:\Windows\Minidump\040218-50981-01.dmp
2018-03-29 18:09 - 2018-03-29 18:09 - 000147000 _____ C:\Windows\Minidump\032918-49015-01.dmp
2018-03-29 00:33 - 2018-03-29 00:33 - 000147000 _____ C:\Windows\Minidump\032918-55754-01.dmp
2018-03-28 06:49 - 2018-04-03 05:27 - 000000344 _____ C:\Windows\System32\.crusader
2018-03-28 06:05 - 2018-03-28 06:05 - 000000000 ____D C:\Program Files\HitmanPro
2018-03-28 06:04 - 2018-03-29 04:24 - 000000000 ____D C:\ProgramData\HitmanPro
2018-03-28 06:04 - 2018-03-28 06:04 - 010993872 _____ (SurfRight B.V.) C:\Users\rschott\Downloads\HitmanPro.exe
2018-03-28 05:43 - 2018-03-28 05:44 - 000023796 _____ C:\TDSSKiller.3.1.0.16_28.03.2018_09.43.01_log.txt
2018-03-28 05:37 - 2018-03-28 06:51 - 000151699 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-03-28 05:37 - 2018-03-28 06:18 - 000206558 _____ C:\Windows\ZAM.krnl.trace
2018-03-28 05:37 - 2018-03-28 05:37 - 000000000 ____D C:\Users\rschott\AppData\Local\Wolf of Webstreet OPC Private Limited
2018-03-28 05:36 - 2018-03-28 05:36 - 000000000 ____D C:\Users\rschott\AppData\Local\Zemana
2018-03-28 05:32 - 2018-03-28 05:32 - 000000000 ____D C:\Users\rschott\Downloads\tdl-detector
2018-03-28 05:19 - 2018-03-28 05:19 - 000000796 _____ C:\Users\rschott\Downloads\Fixlog.txt
2018-03-28 05:15 - 2018-04-05 13:48 - 000000000 ____D C:\FRST
2018-03-28 05:14 - 2018-03-28 05:14 - 001764352 _____ (Farbar) C:\Users\rschott\Downloads\FRST.exe
2018-03-27 06:07 - 2018-04-03 09:43 - 000000000 ____D C:\AdwCleaner
2018-03-27 06:00 - 2018-04-05 08:49 - 000000000 ____D C:\Windows\pss
2018-03-27 05:39 - 2018-03-27 05:42 - 007872224 _____ C:\Users\rschott\Downloads\spybotsd_includes.exe
2018-03-27 05:22 - 2018-04-04 06:58 - 264844035 _____ C:\Windows\MEMORY.DMP
2018-03-27 05:22 - 2018-04-04 06:58 - 000000000 ____D C:\Windows\Minidump
2018-03-27 05:22 - 2018-03-27 05:22 - 000147008 _____ C:\Windows\Minidump\032718-61823-01.dmp
2018-03-27 04:53 - 2018-04-03 09:43 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-03-27 04:53 - 2018-04-03 06:40 - 000000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2018-03-27 04:50 - 2018-03-27 04:51 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\rschott\Downloads\spybotsd-2.6.46.exe
2018-03-27 04:08 - 2018-03-27 04:09 - 006968952 _____ (ESET spol. s r.o.) C:\Users\rschott\Downloads\esetonlinescanner_enu.exe
2018-03-27 03:50 - 2018-03-27 03:52 - 001790024 _____ (Malwarebytes) C:\Users\rschott\Downloads\JRT.exe
2018-03-27 03:50 - 2018-03-27 03:52 - 001790024 _____ (Malwarebytes) C:\Users\rschott\Downloads\JRT (1).exe
2018-03-27 03:33 - 2018-03-28 06:52 - 000213723 ____N C:\Windows\Minidump\032818-67969-01.dmp
2018-03-26 09:51 - 2018-03-26 09:51 - 000000000 ____D C:\Users\rschott\AppData\Local\ESET
2018-03-26 09:17 - 2018-03-26 09:17 - 008222496 _____ (Malwarebytes) C:\Users\rschott\Downloads\AdwCleaner2.exe
2018-03-26 09:14 - 2018-03-26 09:16 - 000014534 _____ C:\TDSSKiller.3.1.0.16_26.03.2018_13.14.50_log.txt
2018-03-26 09:13 - 2018-03-26 09:14 - 004944584 _____ (AO Kaspersky Lab) C:\Users\rschott\Downloads\tdsskiller.exe
2018-03-21 23:24 - 2018-04-05 13:48 - 000000000 ____D C:\Users\rschott\AppData\Local\wmcagent
2018-03-21 09:24 - 2018-03-22 23:00 - 000000000 ____D C:\Users\rschott\AppData\Local\nvouwct
2018-03-21 07:58 - 2018-03-21 07:58 - 000000162 _____ C:\Users\rschott\Documents\Web-Act-Redo.txt
2018-03-21 06:24 - 2018-03-21 06:37 - 000000000 ____D C:\Users\rschott\Downloads\Alvin Lee The Anthology 2003 disc1-2
2018-03-21 06:12 - 2018-03-21 06:12 - 000017071 _____ C:\Users\rschott\Downloads\(Rok) Alvin Lee The Anthology(CD1) (CD2) - 2002, APE (image + .cue), lossless [rutracker-310270].torrent
2018-03-21 03:31 - 2018-03-21 03:31 - 000001205 _____ C:\Users\rschott\Desktop\MediaHuman Audio Converter.lnk
2018-03-21 03:31 - 2018-03-21 03:31 - 000000000 ____D C:\Users\rschott\AppData\Local\MediaHuman
2018-03-21 03:31 - 2018-03-21 03:31 - 000000000 ____D C:\Program Files\MediaHuman
2018-03-21 03:23 - 2018-03-21 03:24 - 032488744 _____ (MediaHuman ) C:\Users\rschott\Downloads\MHAudioConverter.exe
2018-03-20 10:59 - 2018-03-20 10:59 - 000000000 ____D C:\Users\rschott\Downloads\Phil Keaggy - Premium Jams {1999}{Canis Major 0005-2}
2018-03-20 10:46 - 2018-03-20 10:46 - 036925048 _____ C:\Users\rschott\Downloads\NASA's Eyes.exe
2018-03-15 10:43 - 2018-03-15 10:43 - 000230679 _____ C:\Users\rschott\Downloads\Class-Descriptions.pdf
2018-03-15 07:42 - 2018-03-15 07:42 - 000244202 _____ C:\Users\rschott\Desktop\Class-Descriptions.pdf
2018-03-14 19:17 - 2018-02-13 10:31 - 000117440 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2018-03-14 19:17 - 2018-02-13 10:24 - 000534016 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2018-03-14 19:17 - 2018-02-13 06:04 - 001893888 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe
2018-03-14 19:17 - 2018-02-13 06:04 - 001319424 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2018-03-14 19:17 - 2018-02-13 06:04 - 000594944 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2018-03-14 19:17 - 2018-02-13 06:04 - 000508416 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2018-03-14 19:17 - 2018-02-13 06:04 - 000339968 _____ (Microsoft Corporation) C:\Windows\System32\centel.dll
2018-03-14 19:17 - 2018-02-13 06:04 - 000313856 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2018-03-14 19:17 - 2018-02-13 06:04 - 000212992 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2018-03-14 19:17 - 2018-02-13 06:04 - 000190976 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2018-03-12 07:38 - 2018-03-12 07:38 - 000059837 _____ C:\Users\rschott\Downloads\generatedPDF.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-05 09:33 - 2009-07-13 18:03 - 013631488 _____ C:\Windows\System32\config\HARDWARE
2018-04-05 09:26 - 2009-07-13 20:34 - 000014032 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-05 09:26 - 2009-07-13 20:34 - 000014032 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-05 09:04 - 2017-02-01 06:52 - 000000000 ___RD C:\Users\rschott\Google Drive
2018-04-05 09:00 - 2017-01-31 09:28 - 000785794 _____ C:\Windows\System32\PerfStringBackup.INI
2018-04-05 09:00 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\inf
2018-04-05 08:53 - 2017-06-15 09:56 - 000000000 ____D C:\Users\rschott\AppData\Roaming\DivX
2018-04-05 08:52 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\System32\spool
2018-04-03 10:14 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\System32\winevt
2018-04-03 10:10 - 2009-07-13 20:34 - 000000000 ____D C:\Windows\Setup
2018-04-03 10:10 - 2009-07-13 18:37 - 000000000 ___HD C:\Windows\System32\GroupPolicy
2018-04-03 10:10 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\System32\SMI
2018-04-03 10:10 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\System32\Setup
2018-04-03 10:10 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\System32\MUI
2018-04-03 10:10 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\System32\com
2018-04-03 10:09 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\security
2018-04-03 10:09 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\Registration
2018-04-03 10:09 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\PLA
2018-04-03 10:08 - 2017-01-31 09:05 - 000000000 ____D C:\Windows\Panther
2018-04-03 10:08 - 2017-01-31 07:35 - 000000000 ____D C:\Program Files\Google
2018-04-03 10:08 - 2017-01-31 06:50 - 000000000 ____D C:\users\rschott
2018-04-03 10:08 - 2013-09-17 07:29 - 000000000 ____D C:\VC
2018-04-03 10:08 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\Help
2018-04-03 09:47 - 2018-03-05 06:11 - 000000000 ____D C:\Users\rschott\AppData\Roaming\AGData
2018-04-03 09:47 - 2017-04-04 03:23 - 000000000 ____D C:\Users\rschott\AppData\Roaming\Audacity
2018-04-03 09:47 - 2017-02-01 05:53 - 000000000 ____D C:\Users\rschott\AppData\Roaming\MediaMonkey
2018-04-03 09:45 - 2017-01-31 07:35 - 000000000 ____D C:\Users\rschott\AppData\Local\Google
2018-04-03 09:44 - 2018-01-31 05:43 - 000000000 ____D C:\users\edoruszewski
2018-04-03 09:44 - 2017-01-31 09:26 - 000000000 ____D C:\users\Bob
2018-04-03 09:44 - 2017-01-31 07:34 - 000000000 ____D C:\Users\rschott\AppData\Local\Apps\2.0
2018-04-03 09:44 - 2009-07-13 23:49 - 000000000 ___RD C:\Users\Public\Recorded TV
2018-04-03 09:43 - 2018-01-31 05:16 - 000000000 ____D C:\Program Files\TFP_for_2017
2018-04-03 09:43 - 2009-11-03 14:45 - 000000000 ____D C:\dell
2018-04-03 09:43 - 2009-07-13 20:52 - 000000000 ____D C:\Program Files\Windows Sidebar
2018-04-03 09:43 - 2009-07-13 18:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-04-03 05:52 - 2017-10-10 23:02 - 127391104 ____C (Microsoft Corporation) C:\Windows\System32\MRT-KB890830.exe
2018-04-03 05:52 - 2017-02-09 06:59 - 127391104 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2018-04-02 05:43 - 2017-01-31 06:48 - 000000136 _____ C:\Windows\System32\config\netlogon.ftl
2018-04-02 03:10 - 2009-07-13 18:04 - 000000478 _____ C:\Windows\win.ini
2018-03-21 09:19 - 2017-06-28 03:13 - 000416072 _____ C:\Windows\System32\FNTCACHE.DAT
2018-03-21 06:12 - 2017-06-28 03:15 - 000112536 _____ C:\Users\rschott\AppData\Local\GDIPFONTCACHEV1.DAT
2018-03-21 05:56 - 2017-01-31 07:01 - 000000000 ____D C:\Program Files\Microsoft Office
2018-03-14 23:07 - 2017-03-14 23:25 - 000000000 ____D C:\Windows\System32\appraiser
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 32%
Total physical RAM: 2011.65 MB
Available physical RAM: 1361.05 MB
Total Virtual: 2011.65 MB
Available Virtual: 1365.38 MB
 
==================== Drives ================================
 
Drive c: (xp) (Fixed) (Total:148.97 GB) (Free:25.1 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (My Book) (Fixed) (Total:2794.49 GB) (Free:1488.34 GB) NTFS
Drive f: (Repair disc Windows 7 32-bit) (CDROM) (Total:0.35 GB) (Free:0 GB) UDF
Drive g: (Lexar) (Removable) (Total:14.9 GB) (Free:14.9 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 14.9 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)
 
LastRegBack: 2018-03-28 20:32
 
==================== End of FRST.txt ============================
 
FIXLOG - recovery

Fix result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by SYSTEM (05-04-2018 13:49:27) Run:2
Running from G:\
Boot Mode: Recovery
 
==============================================
 
fixlist content:
*****************
C:\Users\rschott\AppData\Local\psmlznh
S3 eilorv; system32\drivers\loruyb.sys [X]
S3 MBAMSwissArmy; System32\Drivers\mbamswissarmy.sys [X]
S1 msidntfs; system32\drivers\msidntfs.sys [X]
C:\Windows\system32\Drivers\sbsvybfi.sys
C:\Users\rschott\AppData\Roaming\oyZLydUAmk.exe
*****************
 
C:\Users\rschott\AppData\Local\psmlznh => moved successfully
eilorv => service not found.
"HKLM\System\ControlSet001\Services\MBAMSwissArmy" => removed successfully.
MBAMSwissArmy => service removed successfully.
msidntfs => service not found.
"C:\Windows\system32\Drivers\sbsvybfi.sys" => not found
C:\Users\rschott\AppData\Roaming\oyZLydUAmk.exe => moved successfully
 
==== End of Fixlog 13:49:28 ====

 

 

FRST - Normal

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018
Ran by rschott (administrator) on OPDESK (05-04-2018 14:00:14)
Running from C:\Users\rschott\Desktop
Loaded Profiles: rschott (Available Profiles: rschott & Bob)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Google Inc.) C:\Program Files\Google\Chrome Remote Desktop\65.0.3325.40\remoting_host.exe
(Google Inc.) C:\Program Files\Google\Chrome Remote Desktop\65.0.3325.40\remoting_host.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [1057240 2017-11-17] (DivX, LLC)
HKU\S-1-5-21-3554609007-1474533479-2271469533-1122\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [41100328 2018-01-29] ()
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2017-03-07]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Office-Logic.lnk [2017-10-03]
ShortcutTarget: Office-Logic.lnk -> C:\Program Files\Office-Logic\Office-Logic.exe (LAN-ACES Inc.)
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-3554609007-1474533479-2271469533-1122] => localhost:8080
AutoConfigURL: [S-1-5-21-3554609007-1474533479-2271469533-1122] => localhost:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.1.5
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{ACE68852-B3EB-49FD-BEDD-4E9C1D71AC71}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{ACE68852-B3EB-49FD-BEDD-4E9C1D71AC71}: [DhcpNameServer] 192.168.1.5
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-3554609007-1474533479-2271469533-1122\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131647340331818006&GUID=52066FDC-DC90-457E-9376-39621A81C30F
HKU\S-1-5-21-3554609007-1474533479-2271469533-1122\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll [2017-03-07] (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll [2017-03-07] (LastPass)
 
FireFox:
========
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2017-11-21] (DivX, LLC)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files\LastPass\nplastpass.dll [2017-03-07] (LastPass)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default [2018-04-05]
CHR Extension: (US Weather Radar) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\abdnkhfljcoblghnaabndinjadlmhknj [2017-01-31]
CHR Extension: (No Name) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-31]
CHR Extension: (Photo resize compress and Zip) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blinbhliohhhnddefmgbaelknpjpopjh [2017-10-03]
CHR Extension: (No Name) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-31]
CHR Extension: (Adblock Plus) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-29]
CHR Extension: (No Name) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjanmonomjogheabiocdamfpknlpdehm [2018-03-21]
CHR Extension: (Space Station Finder) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcalalddojoejbjlfjgenljkkmjfmije [2017-01-31]
CHR Extension: (Application Name) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2018-01-22]
CHR Extension: (Google News) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2017-01-31]
CHR Extension: (Chameleon) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpojjilddefgnhiicjcmhbkjgbbclob [2018-02-20]
CHR Extension: (Multiple Account Checker for Gmailâ„¢) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnimhgelcnggigekhdjlifjpndgmnglm [2017-01-31]
CHR Extension: (World News) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\dodpnnoknmnbhnmoonenfmhdpfflbkmn [2017-01-31]
CHR Extension: (No Name) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2018-02-13]
CHR Extension: (Blacklist Whitelist) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpiobebbffkbhnbijjibcnifgnidnmkd [2017-08-09]
CHR Extension: (Black Menu for Googleâ„¢) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\eignhdfgaldabilaaegmdfbajngjmoke [2018-04-05]
CHR Extension: (MailChimp) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\einnfnfpkbbebamphappjlmbedgjbnoe [2017-01-31]
CHR Extension: (Gmail Offline) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2017-01-31]
CHR Extension: (No Name) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhgfjppipknidohpibdcibpnlngepei [2017-01-31]
CHR Extension: (Chrome Remote Desktop) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-11-07]
CHR Extension: (Planetarium) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2017-01-31]
CHR Extension: (Save to Google Drive) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2017-11-27]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2017-08-01]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-04-02]
CHR Extension: (TuneIn Radio) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhkolpgedpldcfmkgbdokgiljfbblpfj [2017-01-31]
CHR Extension: (SpeedAnalysis.com) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\iccflhnofikabhofiecmimkdmdjbkpnn [2017-01-31]
CHR Extension: (Pixlr Editor) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2017-01-31]
CHR Extension: (No Name) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2017-01-31]
CHR Extension: (Open in VLC media player) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihpiinojhnfhpdmmacgmpoonphhimkaj [2017-09-25]
CHR Extension: (No Name) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2018-03-26]
CHR Extension: (Waze - Google Mapsâ„¢ link) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jblojdkgpamepmiammlgkkhknojnlmai [2017-01-31]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-02-01]
CHR Extension: (No Name) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpedbpkelbhcbkdaglillalioeeekbpb [2017-01-31]
CHR Extension: (No Name) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2018-01-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Checker Plus for Gmailâ„¢) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2018-03-28]
CHR Extension: (No Name) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-31]
CHR Extension: (Chrome Media Router) - C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-28]
CHR Profile: C:\Users\rschott\AppData\Local\Google\Chrome\User Data\System Profile [2018-04-03]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3554609007-1474533479-2271469533-1122\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 chromoting; C:\Program Files\Google\Chrome Remote Desktop\65.0.3325.40\remoting_host.exe [71512 2018-02-01] (Google Inc.)
S2 e22f02dadddbee8749c5207c136a7b10; C:\Windows\e22f02dadddbee8749c5207c136a7b10.dll [1306624 2018-03-05] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 --; C:\Users\rschott\AppData\Local\Temp\343262353\ic-0.e2f56beb6e31b8.exe /wl 1 [X] <==== ATTENTION
S2 SDUpdateService; "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" [X]
S2 SDWSCService; "C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [84992 2009-05-11] (Broadcom Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2018-04-05] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
S1 MpKslcbe734d7; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3FDAFC65-0C84-4AA7-9284-0AF7AEFD943B}\MpKslcbe734d7.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-05 14:00 - 2018-04-05 14:02 - 000014850 _____ C:\Users\rschott\Desktop\FRST.txt
2018-04-05 13:58 - 2018-04-05 13:59 - 001764352 _____ (Farbar) C:\Users\rschott\Desktop\FRST.exe
2018-04-05 13:52 - 2018-04-05 13:52 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-05 12:53 - 2018-04-05 12:53 - 000000000 ____D C:\Users\rschott\Documents\DivX Movies
2018-04-05 08:03 - 2018-04-05 08:03 - 000000000 ____D C:\Users\rschott\AppData\Local\pwsekgt
2018-04-05 07:39 - 2018-04-05 13:10 - 000061410 _____ C:\Users\rschott\Downloads\Addition.txt
2018-04-05 07:38 - 2018-04-05 13:10 - 000028718 _____ C:\Users\rschott\Downloads\FRST.txt
2018-04-04 14:51 - 2009-06-10 17:42 - 000001688 _____ C:\Windows\system32\autoexec - Copy.nt
2018-04-04 14:12 - 2018-04-04 14:12 - 000421240 _____ C:\Users\rschott\Desktop\dllhost.dmp
2018-04-04 14:09 - 2018-04-04 14:09 - 000000000 ____D C:\Users\rschott\AppData\Roaming\Google
2018-04-04 14:04 - 2018-04-04 14:04 - 000000000 ____D C:\Users\rschott\AppData\Roaming\Adobe
2018-04-04 12:40 - 2018-04-04 12:40 - 000000000 ____D C:\Users\rschott\AppData\Local\ElevatedDiagnostics
2018-04-04 10:58 - 2018-04-05 07:58 - 001567780 _____ C:\Windows\ntbtlog.txt
2018-04-04 10:58 - 2018-04-04 10:58 - 000147008 _____ C:\Windows\Minidump\040418-26629-01.dmp
2018-04-04 10:58 - 2018-04-04 10:58 - 000047552 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2018-04-03 13:45 - 2018-04-03 13:45 - 000000000 ____D C:\Users\rschott\AppData\Local\CEF
2018-04-03 10:39 - 2018-04-03 10:40 - 000000079 _____ C:\Windows\wininit.ini
2018-04-03 09:48 - 2018-04-03 09:48 - 039722608 _____ (Microsoft Corporation) C:\Users\rschott\Downloads\Windows-KB890830-V5.58.exe
2018-04-03 08:50 - 2018-04-03 08:51 - 000013576 _____ C:\TDSSKiller.3.1.0.16_03.04.2018_08.50.30_log.txt
2018-04-03 08:49 - 2018-04-03 08:33 - 005546648 _____ (COMODO) C:\cav_installer_10309_3f.exe
2018-04-03 08:31 - 2018-04-03 08:32 - 000000000 ____D C:\Users\rschott\Desktop\avs
2018-04-02 13:18 - 2018-04-02 13:18 - 000233244 _____ C:\Users\rschott\Desktop\winlogon.dmp
2018-04-02 12:19 - 2018-04-02 12:19 - 000000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2018-04-02 12:19 - 2018-04-02 12:19 - 000000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2018-04-02 12:19 - 2018-04-02 12:19 - 000000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2018-04-02 12:03 - 2018-04-02 12:03 - 000000233 _____ C:\Users\rschott\Desktop\test.txt
2018-04-02 11:57 - 2018-04-02 11:57 - 000013092 _____ C:\TDSSKiller.3.1.0.16_02.04.2018_11.57.30_log.txt
2018-04-02 09:50 - 2018-04-05 12:56 - 001966080 ____N C:\Windows\system32\upintzrsvc.exe
2018-04-02 07:48 - 2018-04-02 07:49 - 000147008 _____ C:\Windows\Minidump\040218-50981-01.dmp
2018-03-29 22:09 - 2018-03-29 22:09 - 000147000 _____ C:\Windows\Minidump\032918-49015-01.dmp
2018-03-29 04:33 - 2018-03-29 04:33 - 000147000 _____ C:\Windows\Minidump\032918-55754-01.dmp
2018-03-28 10:49 - 2018-04-03 09:27 - 000000344 _____ C:\Windows\system32\.crusader
2018-03-28 10:05 - 2018-03-28 10:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-03-28 10:05 - 2018-03-28 10:05 - 000000000 ____D C:\Program Files\HitmanPro
2018-03-28 10:04 - 2018-03-29 08:24 - 000000000 ____D C:\ProgramData\HitmanPro
2018-03-28 10:04 - 2018-03-28 10:04 - 010993872 _____ (SurfRight B.V.) C:\Users\rschott\Downloads\HitmanPro.exe
2018-03-28 09:43 - 2018-03-28 09:44 - 000023796 _____ C:\TDSSKiller.3.1.0.16_28.03.2018_09.43.01_log.txt
2018-03-28 09:37 - 2018-03-28 10:51 - 000151699 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-03-28 09:37 - 2018-03-28 10:18 - 000206558 _____ C:\Windows\ZAM.krnl.trace
2018-03-28 09:37 - 2018-03-28 09:37 - 000000000 ____D C:\Users\rschott\AppData\Local\Wolf of Webstreet OPC Private Limited
2018-03-28 09:36 - 2018-03-28 09:36 - 000000000 ____D C:\Users\rschott\AppData\Local\Zemana
2018-03-28 09:32 - 2018-03-28 09:32 - 000000000 ____D C:\Users\rschott\Downloads\tdl-detector
2018-03-28 09:19 - 2018-03-28 09:19 - 000000796 _____ C:\Users\rschott\Downloads\Fixlog.txt
2018-03-28 09:15 - 2018-04-05 14:00 - 000000000 ____D C:\FRST
2018-03-28 09:14 - 2018-03-28 09:14 - 001764352 _____ (Farbar) C:\Users\rschott\Downloads\FRST.exe
2018-03-27 10:07 - 2018-04-03 13:43 - 000000000 ____D C:\AdwCleaner
2018-03-27 10:00 - 2018-04-05 12:49 - 000000000 ____D C:\Windows\pss
2018-03-27 09:39 - 2018-03-27 09:42 - 007872224 _____ C:\Users\rschott\Downloads\spybotsd_includes.exe
2018-03-27 09:22 - 2018-04-04 10:58 - 264844035 _____ C:\Windows\MEMORY.DMP
2018-03-27 09:22 - 2018-04-04 10:58 - 000000000 ____D C:\Windows\Minidump
2018-03-27 09:22 - 2018-03-27 09:22 - 000147008 _____ C:\Windows\Minidump\032718-61823-01.dmp
2018-03-27 08:53 - 2018-04-03 13:43 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-03-27 08:53 - 2018-04-03 10:40 - 000000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2018-03-27 08:50 - 2018-03-27 08:51 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\rschott\Downloads\spybotsd-2.6.46.exe
2018-03-27 08:08 - 2018-03-27 08:09 - 006968952 _____ (ESET spol. s r.o.) C:\Users\rschott\Downloads\esetonlinescanner_enu.exe
2018-03-27 07:50 - 2018-03-27 07:52 - 001790024 _____ (Malwarebytes) C:\Users\rschott\Downloads\JRT.exe
2018-03-27 07:50 - 2018-03-27 07:52 - 001790024 _____ (Malwarebytes) C:\Users\rschott\Downloads\JRT (1).exe
2018-03-27 07:33 - 2018-03-28 10:52 - 000213723 ____N C:\Windows\Minidump\032818-67969-01.dmp
2018-03-26 13:51 - 2018-03-26 13:51 - 000000000 ____D C:\Users\rschott\AppData\Local\ESET
2018-03-26 13:17 - 2018-03-26 13:17 - 008222496 _____ (Malwarebytes) C:\Users\rschott\Downloads\AdwCleaner2.exe
2018-03-26 13:14 - 2018-03-26 13:16 - 000014534 _____ C:\TDSSKiller.3.1.0.16_26.03.2018_13.14.50_log.txt
2018-03-26 13:13 - 2018-03-26 13:14 - 004944584 _____ (AO Kaspersky Lab) C:\Users\rschott\Downloads\tdsskiller.exe
2018-03-22 03:24 - 2018-04-05 17:48 - 000000000 ____D C:\Users\rschott\AppData\Local\wmcagent
2018-03-21 13:24 - 2018-03-23 03:00 - 000000000 ____D C:\Users\rschott\AppData\Local\nvouwct
2018-03-21 11:58 - 2018-03-21 11:58 - 000000162 _____ C:\Users\rschott\Documents\Web-Act-Redo.txt
2018-03-21 10:24 - 2018-03-21 10:37 - 000000000 ____D C:\Users\rschott\Downloads\Alvin Lee The Anthology 2003 disc1-2
2018-03-21 10:12 - 2018-03-21 10:12 - 000017071 _____ C:\Users\rschott\Downloads\(Rok) Alvin Lee The Anthology(CD1) (CD2) - 2002, APE (image + .cue), lossless [rutracker-310270].torrent
2018-03-21 07:31 - 2018-03-21 07:31 - 000001205 _____ C:\Users\rschott\Desktop\MediaHuman Audio Converter.lnk
2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Users\rschott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaHuman
2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Users\rschott\AppData\Local\MediaHuman
2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Program Files\MediaHuman
2018-03-21 07:23 - 2018-03-21 07:24 - 032488744 _____ (MediaHuman ) C:\Users\rschott\Downloads\MHAudioConverter.exe
2018-03-20 14:59 - 2018-03-20 14:59 - 000000000 ____D C:\Users\rschott\Downloads\Phil Keaggy - Premium Jams {1999}{Canis Major 0005-2}
2018-03-20 14:46 - 2018-03-20 14:46 - 036925048 _____ C:\Users\rschott\Downloads\NASA's Eyes.exe
2018-03-15 14:43 - 2018-03-15 14:43 - 000230679 _____ C:\Users\rschott\Downloads\Class-Descriptions.pdf
2018-03-15 11:42 - 2018-03-15 11:42 - 000244202 _____ C:\Users\rschott\Desktop\Class-Descriptions.pdf
2018-03-14 23:17 - 2018-02-13 14:31 - 000117440 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-03-14 23:17 - 2018-02-13 14:24 - 000534016 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-03-14 23:17 - 2018-02-13 10:04 - 001893888 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-03-14 23:17 - 2018-02-13 10:04 - 001319424 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-03-14 23:17 - 2018-02-13 10:04 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-03-14 23:17 - 2018-02-13 10:04 - 000508416 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-03-14 23:17 - 2018-02-13 10:04 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-03-14 23:17 - 2018-02-13 10:04 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-03-14 23:17 - 2018-02-13 10:04 - 000212992 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-03-14 23:17 - 2018-02-13 10:04 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-03-12 11:38 - 2018-03-12 11:38 - 000059837 _____ C:\Users\rschott\Downloads\generatedPDF.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-05 13:59 - 2017-01-31 13:28 - 000785794 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-05 13:59 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2018-04-05 13:54 - 2017-02-01 10:52 - 000000000 ___RD C:\Users\rschott\Google Drive
2018-04-05 13:51 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-05 13:33 - 2009-07-13 22:03 - 013631488 _____ C:\Windows\system32\config\HARDWARE
2018-04-05 13:26 - 2009-07-14 00:34 - 000014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-05 13:26 - 2009-07-14 00:34 - 000014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-05 12:53 - 2017-06-15 13:56 - 000000000 ____D C:\Users\rschott\AppData\Roaming\DivX
2018-04-05 12:52 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\spool
2018-04-03 14:14 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\winevt
2018-04-03 14:10 - 2009-07-14 00:34 - 000000000 ____D C:\Windows\Setup
2018-04-03 14:10 - 2009-07-13 22:37 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-04-03 14:10 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\SMI
2018-04-03 14:10 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\Setup
2018-04-03 14:10 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\MUI
2018-04-03 14:10 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\com
2018-04-03 14:09 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\security
2018-04-03 14:09 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\Registration
2018-04-03 14:09 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\PLA
2018-04-03 14:08 - 2017-01-31 13:05 - 000000000 ____D C:\Windows\Panther
2018-04-03 14:08 - 2017-01-31 11:35 - 000000000 ____D C:\Program Files\Google
2018-04-03 14:08 - 2017-01-31 10:50 - 000000000 ____D C:\Users\rschott
2018-04-03 14:08 - 2013-09-17 11:29 - 000000000 ____D C:\VC
2018-04-03 14:08 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\Help
2018-04-03 13:47 - 2018-03-05 10:11 - 000000000 ____D C:\Users\rschott\AppData\Roaming\AGData
2018-04-03 13:47 - 2017-04-04 07:23 - 000000000 ____D C:\Users\rschott\AppData\Roaming\Audacity
2018-04-03 13:47 - 2017-02-01 09:53 - 000000000 ____D C:\Users\rschott\AppData\Roaming\MediaMonkey
2018-04-03 13:45 - 2017-01-31 11:35 - 000000000 ____D C:\Users\rschott\AppData\Local\Google
2018-04-03 13:44 - 2018-01-31 09:43 - 000000000 ____D C:\Users\edoruszewski
2018-04-03 13:44 - 2017-01-31 13:26 - 000000000 ____D C:\Users\Bob
2018-04-03 13:44 - 2017-01-31 11:34 - 000000000 ____D C:\Users\rschott\AppData\Local\Apps\2.0
2018-04-03 13:44 - 2009-07-14 03:49 - 000000000 ___RD C:\Users\Public\Recorded TV
2018-04-03 13:43 - 2018-01-31 09:16 - 000000000 ____D C:\Program Files\TFP_for_2017
2018-04-03 13:43 - 2009-11-03 18:45 - 000000000 ____D C:\dell
2018-04-03 13:43 - 2009-07-14 00:52 - 000000000 ____D C:\Program Files\Windows Sidebar
2018-04-03 13:43 - 2009-07-13 22:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-04-03 09:52 - 2017-10-11 03:02 - 127391104 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-03 09:52 - 2017-02-09 10:59 - 127391104 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-02 09:43 - 2017-01-31 10:48 - 000000136 _____ C:\Windows\system32\config\netlogon.ftl
2018-04-02 07:10 - 2009-07-13 22:04 - 000000478 _____ C:\Windows\win.ini
2018-03-21 13:19 - 2017-06-28 07:13 - 000416072 _____ C:\Windows\system32\FNTCACHE.DAT
2018-03-21 10:12 - 2017-06-28 07:15 - 000112536 _____ C:\Users\rschott\AppData\Local\GDIPFONTCACHEV1.DAT
2018-03-21 09:56 - 2017-01-31 11:01 - 000000000 ____D C:\Program Files\Microsoft Office
2018-03-21 09:47 - 2017-08-15 12:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2018-03-15 03:07 - 2017-03-15 03:25 - 000000000 ____D C:\Windows\system32\appraiser
 
==================== Files in the root of some directories =======
 
1617-11-26 21:04 - 1617-11-26 21:04 - 000073216 ____N (Microsoft Corporation) C:\Program Files\Common Files\iPcPYoh.exe
2017-03-07 08:23 - 2017-03-07 08:23 - 022762520 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2017-07-31 09:49 - 2018-02-20 09:51 - 000007168 _____ () C:\Users\rschott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-06-12 10:45 - 2017-06-12 10:45 - 000000036 _____ () C:\Users\rschott\AppData\Local\housecall.guid.cache
2018-03-05 10:15 - 2018-03-05 10:15 - 000140800 _____ () C:\Users\rschott\AppData\Local\installer.dat
2018-03-05 10:11 - 2018-03-05 10:11 - 000000003 _____ () C:\Users\rschott\AppData\Local\wbem.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-03-29 00:32
 
==================== End of FRST.txt ============================
 
Addition - normal

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by rschott (05-04-2018 14:03:14)
Running from C:\Users\rschott\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2017-01-31 17:26:48)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3619198119-2651186406-1755481072-500 - Administrator - Disabled)
Bob (S-1-5-21-3619198119-2651186406-1755481072-1000 - Administrator - Enabled) => C:\Users\Bob
Guest (S-1-5-21-3619198119-2651186406-1755481072-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Audacity 2.1.3 (HKLM\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Backup and Sync from Google (HKLM\...\{AC62F3F2-61A2-4357-93EC-C308E3FEDF4E}) (Version: 3.39.8370.7843 - Google, Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}) (Version: 12.25.02 - Broadcom Corporation)
Bullzip PDF Printer 11.0.0.2588 (HKLM\...\Bullzip PDF Printer_is1) (Version: 11.0.0.2588 - Bullzip)
Chrome Remote Desktop Host (HKLM\...\{14C6B17A-F825-431E-9A36-8D89E65B24C8}) (Version: 65.0.3325.40 - Google Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.292 - SurfRight B.V.)
IrfanView 4.44 (32-bit) (HKLM\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
LastPass (uninstall only) (HKLM\...\LastPass) (Version:  - LastPass)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MediaHuman Audio Converter version 1.9.6.5 (HKLM\...\MHAudioConverter_is1) (Version: 1.9.6.5 - MediaHuman)
MediaMonkey 4.1 (HKLM\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (English) (HKLM\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{4A1DEB7A-341B-453E-A3AF-7EA9902F9711}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
NYI Massage_RICOH MP C8002 PCL 6_MPC8002 Server 2008 32 Bit [RICOH MP C8002 PCL 6] (HKLM\...\{6851D262-F4EA-4915-BFBF-735B041B981E}) (Version: 1.0.0 - RICOH)
Office-Logic Workstation (HKLM\...\Office-Logic Workstation) (Version: 9.0 - LAN-ACES Inc.)
SAP Crystal Reports runtime engine for .NET Framework (32-bit) (HKLM\...\{BB4E642E-4F07-4C2A-B146-AB4CB1C3CEA2}) (Version: 13.0.20.2399 - SAP)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
TFP for 2017 (HKLM\...\{40486C9F-4FF8-4B22-9193-4AE5B16B0183}) (Version: 1.0.0.0 - ComplyRight) Hidden
TFP for 2017 (HKLM\...\{646ce7c7-6cc8-414d-a8c8-6ea846ce6ce3}) (Version: 1.0.0.0 - ComplyRight, Inc.)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00000010-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> c:\program files\common files\microsoft shared\dao\dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00000011-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> c:\program files\common files\microsoft shared\dao\dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00000013-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> c:\program files\common files\microsoft shared\dao\dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00000014-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> c:\program files\common files\microsoft shared\dao\dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00000015-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> c:\program files\common files\microsoft shared\dao\dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00000016-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> c:\program files\common files\microsoft shared\dao\dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00000017-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> c:\program files\common files\microsoft shared\dao\dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00000018-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> c:\program files\common files\microsoft shared\dao\dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00000019-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> c:\program files\common files\microsoft shared\dao\dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00028C00-0000-0000-0000-000000000046}\InprocServer32 -> C:\Windows\system32\dbgrid32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00028C03-0000-0000-0000-000000000046}\InprocServer32 -> C:\Windows\system32\dbgrid32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00028C04-0000-0000-0000-000000000046}\InprocServer32 -> C:\Windows\system32\dbgrid32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00028C08-0000-0000-0000-000000000046}\InprocServer32 -> C:\Windows\system32\dbgrid32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00028C0D-0000-0000-0000-000000000046}\InprocServer32 -> C:\Windows\system32\dbgrid32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{00028C0E-0000-0000-0000-000000000046}\InprocServer32 -> C:\Windows\system32\dbgrid32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{02A69B00-081B-101B-8933-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\dblist32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{030B4A80-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{030B4A81-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{030B4A82-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{0713E8C4-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\msdatlst.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> M:\PROGRA~1\VIRTUA~1.93\mfc40.dll => No File
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> M:\PROGRA~1\VIRTUA~1.93\mfc40.dll => No File
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> M:\PROGRA~1\VIRTUA~1.93\mfc40.dll => No File
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{0ECD9B64-23AA-11D0-B351-00A0C9055D8E}\InprocServer32 -> C:\Windows\system32\mshflxgd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{198887E6-AC76-11D0-A77C-00A024A55AB0}\InprocServer32 -> C:\Windows\system32\mswcrun.dll (Microsoft)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{1EFD6A40-3999-11CF-9150-00AA0059F70D}\InprocServer32 -> C:\Windows\system32\mci32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{1F6F8D20-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{20C62CA0-15DA-101B-B9A8-444553540000}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{20C62CAB-15DA-101B-B9A8-444553540000}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{21D93911-CB0F-11D0-84AC-00A0C90DC8A9}\InprocServer32 -> C:\Windows\system32\msdbrptr.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{21D93913-CB0F-11D0-84AC-00A0C90DC8A9}\InprocServer32 -> C:\Windows\system32\msdbrptr.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{22D9B560-783E-11CF-8E78-00A0D100038E}\InprocServer32 -> C:\Windows\system32\msrdc20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32 -> C:\Windows\system32\mswinsck.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32 -> C:\Windows\system32\mswinsck.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{27395F85-0C0C-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\picclp32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{275DBBA0-805A-11CF-91F7-C2863C385E30}\InprocServer32 -> C:\Windows\system32\msflxgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{27F8FFB1-7406-11D1-B18C-00A0C922E820}\InprocServer32 -> C:\Windows\system32\msadodc.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{27F8FFB2-7406-11D1-B18C-00A0C922E820}\InprocServer32 -> C:\Windows\system32\msadodc.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{3775D2E0-7C5D-11CF-899E-00AA00688B10}\InprocServer32 -> C:\Windows\system32\mci32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{3A2B370C-BA0A-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\Windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{3D5C6BF2-69A3-11D0-B393-00A0C9055D8E}\InprocServer32 -> C:\Windows\system32\msderun.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{43478D73-78E0-11CF-8E78-00A0D100038E}\InprocServer32 -> C:\Windows\system32\msrdc20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{4CAD92F0-D7C4-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\Windows\system32\msdatgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{59245250-7A2F-11D0-9482-00A0C91110ED}\InprocServer32 -> C:\Windows\system32\msbind.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{5E71F04C-551F-11CF-8152-00AA00A40C25}\InprocServer32 -> C:\Windows\system32\msrdo20.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{5EBB68F5-3BF1-11CF-814C-00AA00A40C25}\InprocServer32 -> C:\Windows\system32\msrdo20.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{601EB760-8909-11D0-9483-00A0C91110ED}\InprocServer32 -> C:\Windows\system32\msdatrep.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{615054E0-8909-11D0-9483-00A0C91110ED}\InprocServer32 -> C:\Windows\system32\msdatrep.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\InprocServer32 -> C:\Windows\system32\msflxgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{6319EEA0-531B-11CF-91F6-C2863C385E30}\InprocServer32 -> C:\Windows\system32\msflxgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{642AC766-AAB4-11D0-8494-00A0C90DC8A9}\InprocServer32 -> C:\Windows\system32\msdbrptr.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{648A5600-2C6E-101B-82B6-000000000014}\InprocServer32 -> C:\Windows\system32\mscomm32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{648A5604-2C6E-101B-82B6-000000000014}\InprocServer32 -> C:\Windows\system32\mscomm32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{67397AA3-7FB1-11D0-B148-00A0C922E820}\InprocServer32 -> C:\Windows\system32\msadodc.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{699DDBCC-DC7E-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{6B7F1602-D44C-11D0-A7D9-AE3D17000000}\InprocServer32 -> C:\Windows\system32\mswcrun.dll (Microsoft)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{6FBA474B-43AC-11CE-9A0E-00AA0062BB4C}\InprocServer32 -> C:\Windows\system32\sysinfo.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{78E93847-85FD-11D0-8487-00A0C90DC8A9}\InprocServer32 -> C:\Windows\system32\msdbrptr.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{7C3194FC-D942-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\Windows\system32\msdatgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{7EBDAAE0-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{7EBDAAE1-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{7EBDAAE2-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{83730EE4-6C46-11CF-A524-0080C77A7786}\InprocServer32 -> C:\Windows\system32\msmask32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{8D0A8460-D87E-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\Windows\system32\msdatgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{951738D1-D2B7-11D0-B292-00A0C908FB55}\InprocServer32 -> C:\Windows\system32\mshflxgd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{9A8831F0-A263-11D1-8DCF-00A0C90FFFC2}\InprocServer32 -> C:\Windows\system32\msrdo20.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{9A8831F1-A263-11D1-8DCF-00A0C90FFFC2}\InprocServer32 -> C:\Windows\system32\msrdo20.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{9A8831F2-A263-11D1-8DCF-00A0C90FFFC2}\InprocServer32 -> C:\Windows\system32\msrdo20.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{AA2073E6-7B9C-11D0-B143-00A0C922E820}\InprocServer32 -> C:\Windows\system32\msadodc.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{AB36A920-23A5-11D0-B351-00A0C9055D8E}\InprocServer32 -> C:\Windows\system32\mshflxgd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{AB36A921-805A-11CF-91F7-C2863C385E30}\InprocServer32 -> C:\Windows\system32\mshflxgd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{AB39D9A0-557A-11CF-AEBE-00AA00A8F7F3}\InprocServer32 -> C:\Windows\system32\dblist32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{AC5D0DDE-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\Windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{AC5D0DDF-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\Windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{AC5D0DE0-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\Windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{AC5D0DE1-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\Windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{AC5D0DE2-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\Windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{AC5D0DE3-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\Windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{AC5D0DE4-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\Windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{AC5D0DE5-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\Windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{BB1AE0D0-634E-11CF-8996-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{BB1AE0D1-634E-11CF-8996-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}\InprocServer32 -> C:\Windows\system32\mci32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{C932BA85-4374-101B-A56C-00AA003668DC}\InprocServer32 -> C:\Windows\system32\msmask32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{CDE57A43-8B86-11D0-B3C6-00A0C90AEA82}\InprocServer32 -> C:\Windows\system32\msdatgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{CDE57A44-8B86-11D0-B3C6-00A0C90AEA82}\InprocServer32 -> C:\Windows\system32\msdatgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{D0E0AA20-3082-11CF-AEBE-00AA00A8F7F3}\InprocServer32 -> C:\Windows\system32\dblist32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{D0FC8A81-2CB2-101B-82B6-000000000014}\InprocServer32 -> C:\Windows\system32\mscomm32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{E0DC8C80-3486-101B-82B6-000000000014}\InprocServer32 -> C:\Windows\system32\mscomm32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{E4599241-FE37-11D0-A320-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msdatrep.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{E791964C-208A-11CF-8146-00AA00A40C25}\InprocServer32 -> C:\Windows\system32\msrdo20.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{E9D00F06-D948-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\Windows\system32\msdatgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{F0D2F219-CCB0-11D0-A316-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msdatlst.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{F0D2F21C-CCB0-11D0-A316-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msdatlst.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{F0D2F21D-CCB0-11D0-A316-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msdatlst.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{F0D2F21E-CCB0-11D0-A316-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msdatlst.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{F1F6A820-2355-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\picclp32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{FAEEE760-117E-101B-8933-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\dblist32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2018-01-29] (Google)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [DivXShellExtensionItem] -> {48A8A3B0-57E8-4F2B-A49D-19E02B92377B} => C:\Program Files\Common Files\DivX Shared\DivXShellExtension.dll [2017-10-05] (DivX, LLC)
ContextMenuHandlers1: [DivXShellExtensionItem64] -> {6B49A276-0DBA-43F4-BC96-A841AD11B40B} => C:\Program Files\Common Files\DivX Shared\DivXShellExtension.dll [2017-10-05] (DivX, LLC)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2018-01-29] (Google)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2018-01-29] (Google)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {13D84110-EC31-49DC-A649-5C9DDB75804E} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {2F419EF6-7967-4869-B27E-73AA1D4180F3} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {46FFCBFA-980B-4C9B-97B6-1EA293DCE72D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-01-31] (Google Inc.)
Task: {4F97C3E3-A572-4AFB-AA74-F30766170BF4} - System32\Tasks\{1390DC35-FC33-4698-8619-04A5F3C8A269} => C:\Users\rschott\AppData\Roaming\oyZLydUAmk.exe <==== ATTENTION
Task: {B763F374-16AA-469C-A5CF-9E0C662242ED} - System32\Tasks\DivXUpdate => C:\Program Files\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [2017-06-14] (DivX, LLC)
Task: {F61515BD-7332-4C39-BF0F-D0CF2829E4DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-01-31] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\ÐP Print fоr Сhrоme.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Сhrоmе Rеmotе Desktop.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Сhrоmе Rеmоte Desktор (1).lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnet Ехрlorеr (No Ðdd-ons).lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Сhrоme.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\LаunÑh Internet ExÑ€lоrеr Ð’rоwser.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Сhrоme Remоte Desktоp.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооgle Chrоmе.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Сhrome Rеmоte Dеsktор.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a41ce5b91aa3166e\МightyТext - SМS from РC & Тeхt frоm Cоmрuter.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhromе.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
 
ShortcutWithArgument: C:\Users\rschott\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_gbchcmhmhahfdphkhkmpfmihenigjmpp\Chrome Remote Desktop.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\rschott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\HP Print for Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-02 12:19 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2018-04-02 12:19 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2018-04-02 12:19 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2018-04-02 12:19 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2017-06-27 07:55 - 2017-11-29 10:11 - 001934792 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
1997-07-11 04:00 - 1997-07-11 04:00 - 000022016 _____ () C:\Windows\system32\docobj.dll
2018-01-29 13:42 - 2018-01-29 13:42 - 041100328 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2018-04-05 13:53 - 2018-04-05 13:53 - 000088064 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\_ctypes.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000069120 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\bz2.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000920064 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\_hashlib.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000098816 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\win32api.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000110080 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\pywintypes27.dll
2018-04-05 13:53 - 2018-04-05 13:53 - 000364544 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\pythoncom27.dll
2018-04-05 13:53 - 2018-04-05 13:53 - 000686080 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\unicodedata.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000320512 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\win32com.shell.shell.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 001177088 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\wx._core_.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000806912 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\wx._gdi_.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000816640 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\wx._windows_.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 001067520 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\wx._controls_.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000733696 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\wx._misc_.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000736256 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\pysqlite2._sqlite.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000119808 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\win32file.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000108544 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\win32security.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000007168 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\hashobjs_ext.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000017920 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\thumbnails_ext.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000082432 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\usb_ext.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000013824 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\common.time34.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000018432 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\win32event.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000027648 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\windows.conditional.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000017408 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\windows.winwrap.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000089088 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\windows.volumes.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000167936 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\win32gui.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000046080 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\_socket.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 001311232 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\_ssl.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000135680 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\_elementtree.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000133632 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\pyexpat.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000038912 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\win32inet.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000077824 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\wx._html2.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000036864 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\_psutil_windows.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000524248 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\windows._lib_cacheinvalidation.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000010240 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\select.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000011264 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\win32crypt.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000218624 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\PIL._imaging.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000027648 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\_multiprocessing.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000020480 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\_yappi.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000035840 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\win32process.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000024064 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\win32pipe.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000025600 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\win32pdh.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000059392 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\windows.device_monitor.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000017408 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\win32profile.pyd
2018-04-05 13:53 - 2018-04-05 13:53 - 000022528 _____ () C:\Users\rschott\AppData\Local\Temp\_MEI36242\win32ts.pyd
2018-02-26 23:08 - 2018-02-22 00:12 - 002407256 _____ () C:\Program Files\Google\Chrome\Application\64.0.3282.186\swiftshader\libglesv2.dll
2018-02-26 23:08 - 2018-02-22 00:12 - 000115032 _____ () C:\Program Files\Google\Chrome\Application\64.0.3282.186\swiftshader\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:04 - 2009-06-10 17:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3554609007-1474533479-2271469533-1122\Control Panel\Desktop\\Wallpaper -> C:\Users\rschott\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E1727532-FFB7-461D-8E4F-AD7246CF7074}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{D5C8CE76-D2E8-42DB-AFA2-CB2C6F1BBE7E}] => (Allow) C:\Users\rschott\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C8F47A18-9CF7-44BD-91B5-03E349B6B1F8}] => (Allow) C:\Users\rschott\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D0E529BF-D9BB-41C4-8FAA-C365D5845321}] => (Allow) C:\Users\rschott\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E526FE09-3CE9-4014-8EF0-E6EBB9EC41BB}] => (Allow) C:\Users\rschott\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A16288AA-AE04-483D-8E53-9B9672C4BF9E}] => (Allow) C:\Users\rschott\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E29F9846-1230-49FB-8DF1-BD90A0CF56C7}] => (Allow) C:\Users\rschott\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{B8AB1744-266A-459F-92E4-4A728CA3A330}C:\users\rschott\downloads\utorrent.exe] => (Allow) C:\users\rschott\downloads\utorrent.exe
FirewallRules: [UDP Query User{7789FC40-FC92-4731-81C5-877A1F0F9316}C:\users\rschott\downloads\utorrent.exe] => (Allow) C:\users\rschott\downloads\utorrent.exe
FirewallRules: [TCP Query User{85249A3A-B3BE-476F-8783-C8BC3E41C881}C:\program files\mediamonkey\mediamonkey.exe] => (Block) C:\program files\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{4A4B4BDD-D216-45CA-8AC3-6AA2E89BCA8B}C:\program files\mediamonkey\mediamonkey.exe] => (Block) C:\program files\mediamonkey\mediamonkey.exe
FirewallRules: [TCP Query User{9E2FB8E6-144C-4796-86E5-BC541F28A7B5}C:\users\rschott\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\rschott\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{B44DC4C0-DD91-4CBC-B8C3-2DE6BDC42629}C:\users\rschott\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\rschott\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{60B56631-416F-4D57-A413-764A9A19C7E0}] => (Allow) C:\Program Files\Google\Chrome Remote Desktop\65.0.3325.40\remoting_host.exe
FirewallRules: [{EEAD435E-58C0-461A-AF0D-B9F8598DE8C9}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: MpKslcbe734d7
Description: MpKslcbe734d7
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKslcbe734d7
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/05/2018 07:42:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HitmanPro.exe, version: 3.8.0.292, time stamp: 0x5a5c5f1c
Faulting module name: HitmanPro.exe, version: 3.8.0.292, time stamp: 0x5a5c5f1c
Exception code: 0xc0000005
Fault offset: 0x002cd0c7
Faulting process id: 0x14a0
Faulting application start time: 0x01d3cccf67350259
Faulting application path: C:\Program Files\HitmanPro\HitmanPro.exe
Faulting module path: C:\Program Files\HitmanPro\HitmanPro.exe
Report Id: 5f291ad6-38c6-11e8-8ad9-bb9eb24af908
 
Error: (04/04/2018 08:08:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.1.7601.23537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 11b4
 
Start Time: 01d3cb60de8b31af
 
Termination Time: 8299
 
Application Path: C:\Windows\explorer.exe
 
Report Id: 40ad7852-3800-11e8-85e0-b8ac6f41a62a
 
Error: (04/04/2018 07:29:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program perfmon.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 22a4
 
Start Time: 01d3cb7579c41310
 
Termination Time: 188
 
Application Path: C:\Windows\System32\perfmon.exe
 
Report Id: 335279a7-37fa-11e8-85e0-b8ac6f41a62a
 
Error: (04/04/2018 01:37:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f74253
Faulting module name: ntdll.dll, version: 6.1.7601.23572, time stamp: 0x57fd0335
Exception code: 0xc0000005
Fault offset: 0x00031dca
Faulting process id: 0x3ec
Faulting application start time: 0x01d3cb501fc0a669
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 43c537c6-37ca-11e8-85e0-b8ac6f41a62a
 
Error: (04/03/2018 10:42:37 AM) (Source: MsiInstaller) (EventID: 11704) (User: NYMASSAGE)
Description: Продукт: IC__iPackage -- Ошибка 1704. УÑтановка "IC__iPackage" приоÑтановлена. Ð”Ð»Ñ Ð¿Ñ€Ð¾Ð´Ð¾Ð»Ð¶ÐµÐ½Ð¸Ñ Ð½ÐµÐ¾Ð±Ñ…Ð¾Ð´Ð¸Ð¼Ð¾ отменить изменениÑ, Ñделанные приоÑтановленной уÑтановкой. ПроизвеÑти отмену изменений?
 
Error: (04/03/2018 08:57:46 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (04/02/2018 12:22:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDFiles.exe, version: 2.6.46.135, time stamp: 0x535a5153
Faulting module name: SDFiles.exe, version: 2.6.46.135, time stamp: 0x535a5153
Exception code: 0xc0000005
Fault offset: 0x00223b13
Faulting process id: 0xe58
Faulting application start time: 0x01d3ca9eb706fb5d
Faulting application path: C:\Program Files\Spybot - Search & Destroy 2\SDFiles.exe
Faulting module path: C:\Program Files\Spybot - Search & Destroy 2\SDFiles.exe
Report Id: 10964513-3692-11e8-a392-8e21ff520982
 
Error: (04/02/2018 11:55:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HitmanPro.exe, version: 3.8.0.292, time stamp: 0x5a5c5f1c
Faulting module name: HitmanPro.exe, version: 3.8.0.292, time stamp: 0x5a5c5f1c
Exception code: 0xc0000005
Fault offset: 0x002cd0c7
Faulting process id: 0x9b8
Faulting application start time: 0x01d3ca996ec931ee
Faulting application path: C:\Program Files\HitmanPro\HitmanPro.exe
Faulting module path: C:\Program Files\HitmanPro\HitmanPro.exe
Report Id: 46e4f6a5-368e-11e8-a392-8e21ff520982
 
 
System errors:
=============
Error: (04/05/2018 01:58:03 PM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.
 
Error: (04/05/2018 01:56:55 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (04/05/2018 01:52:41 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NYMASSAGE)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (04/05/2018 01:52:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (04/05/2018 01:52:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (04/05/2018 01:51:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The e22f02dadddbee8749c5207c136a7b10 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (04/05/2018 01:51:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the e22f02dadddbee8749c5207c136a7b10 service to connect.
 
Error: (04/05/2018 01:51:24 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
 
CodeIntegrity:
===================================
 
Date: 2018-01-31 08:34:28.179
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz
Percentage of memory in use: 72%
Total physical RAM: 2011.65 MB
Available physical RAM: 552.98 MB
Total Virtual: 4023.3 MB
Available Virtual: 2368.25 MB
 
==================== Drives ================================
 
Drive c: (xp) (Fixed) (Total:148.97 GB) (Free:25.03 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Repair disc Windows 7 32-bit) (CDROM) (Total:0.35 GB) (Free:0 GB) UDF
Drive i: (My Book) (Fixed) (Total:2794.49 GB) (Free:1488.34 GB) NTFS
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
 
==================== End of Addition.txt ============================
 
 

 



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:45 AM

Posted 05 April 2018 - 07:40 PM

Nice job.

  • Highlight the entire content of the quote box below.

Start::
S3 --; C:\Users\rschott\AppData\Local\Temp\343262353\ic-0.e2f56beb6e31b8.exe /wl 1 [X] <==== ATTENTION
Folder: C:\Users\rschott\AppData\Local\pwsekgt
Folder: C:\Users\rschott\AppData\Local\nvouwct
Task: {4F97C3E3-A572-4AFB-AA74-F30766170BF4} - System32\Tasks\{1390DC35-FC33-4698-8619-04A5F3C8A269} => C:\Users\rschott\AppData\Roaming\oyZLydUAmk.exe <==== ATTENTION
C:\Users\rschott\AppData\Roaming\oyZLydUAmk.exe
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> M:\PROGRA~1\VIRTUA~1.93\mfc40.dll => No File
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> M:\PROGRA~1\VIRTUA~1.93\mfc40.dll => No File
CustomCLSID: HKU\S-1-5-21-3554609007-1474533479-2271469533-1122_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> M:\PROGRA~1\VIRTUA~1.93\mfc40.dll => No File
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\DP Print fD_r D­hrD_me.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\D­hrD_mDæ RDæmotDæ Desktop.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\D­hrD_mDæ RDæmD_te DesktD_¥? (1).lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\IntDærnet D¥.¥?lorDær (No Ddd-ons).lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GD_ogle D­hrD_me.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\LDøun¥h Internet Ex¥?lD_rDær D'rD_wser.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\D­hrD_me RemD_te DesktD_p.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\GD_D_gle ChrD_mDæ.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\D­hrome RDæmD_te DDæsktD_¥?.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\Users\rschott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a41ce5b91aa3166e\DoightyD›ext - SDoS from D C & D›e¥.t frD_m CD_m¥?uter.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GD_D_glDæ D­hromDæ.lnk -> C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

RQKuhw1.pngRogueKiller

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Your next reply(ies) should therefore contain:

  • RogueKiller clean log
  • AdwCleaner clean log
  • Fixlog.txt

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 shotsky

shotsky
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 06 April 2018 - 08:14 AM

RogueKiller V12.12.11.0 [Apr  3 2018] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : rschott [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 04/06/2018 00:21:32 (Duration : 00:54:03)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 3 ¤¤¤
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{4E120188-0CAC-468C-B2D9-9D1F079EBC25} (C:\Users\rschott\AppData\Local\Temp\HYD3166.tmp.1491227201\HTA\3rdparty\FS.ocx) -> Deleted
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF} -> Deleted
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3554609007-1474533479-2271469533-1122\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Replaced (1)
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 19 ¤¤¤
[PUP.Gen0][File] C:\Users\rschott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rnet ???lor?r (No ?dd-ons).lnk [LNK@] C:\Users\rschott\AppData\Roaming\Browsers\exe.erolpxei.bat -> Deleted
[PUP.Gen0][File] C:\Users\rschott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\?P Print f?r ?hr?me.lnk [LNK@] C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat -> Deleted
[PUP.Gen0][File] C:\Users\rschott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\?hr?m? R?mot? Desktop.lnk [LNK@] C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat -> Deleted
[PUP.Gen0][File] C:\Users\rschott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\?hr?m? R?m?te Deskt?? (1).lnk [LNK@] C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat -> Deleted
[PUP.Gen0][File] C:\Users\rschott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G?ogle ?hr?me.lnk [LNK@] C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat -> Deleted
[PUP.Gen0][File] C:\Users\rschott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Internet Ex?l?r?r ?r?wser.lnk [LNK@] C:\Users\rschott\AppData\Roaming\Browsers\exe.erolpxei.bat -> Deleted
[PUP.Gen0][File] C:\Users\rschott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a41ce5b91aa3166e\?ighty?ext - S?S from ?C & ?e?t fr?m C?m?uter.lnk [LNK@] C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat -> Deleted
[PUP.Gen0][File] C:\Users\rschott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gle Chr?m?.lnk [LNK@] C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat -> Deleted
[PUP.Gen0][File] C:\Users\rschott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\?hrome R?m?te D?skt??.lnk [LNK@] C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat -> Deleted
[PUP.Gen0][File] C:\Users\rschott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\?hr?me Rem?te Deskt?p.lnk [LNK@] C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat -> Deleted
[PUP.OnlineIO|PUP.Gen1][Folder] C:\Users\rschott\AppData\Roaming\AGData -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\rschott\AppData\Roaming\AGData\add.json -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\rschott\AppData\Roaming\AGData\config.json -> Deleted
[PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\R?gist?r.lnk [LNK@] C:\Users\rschott\AppData\Roaming\Browsers\exe.rehcnuallenaplortnocxvid.bat -> Deleted
[PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\?heck f?r Updat?s.lnk [LNK@] C:\Users\rschott\AppData\Roaming\Browsers\exe.rehcnuallenaplortnocxvid.bat -> Deleted
[PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? ?hrom?.lnk [LNK@] C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat -> Deleted
[Hj.Shortcut][File] C:\RECYCLER\S-1-5-21-3554609007-1474533479-2271469533-1122\Dc1.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://www.peachtree.com/prd.cfm?parm=25PsdYIho%2BCtgBkALgOW96RnT7NYcq7BgRYC2cK01sqgqA9bEPixLhqLFvYjfRowqrLPJt4LrJY0eHvB6U%2Bf1oMw2culByl9sG4k%2ByA8ktIBqa4iOEYv7dJm -> Deleted
[Hj.Shortcut][File] C:\RECYCLER\S-1-5-21-3554609007-1474533479-2271469533-1122\Dc2.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://www.peachtree.com/prd.cfm?parm=25PsdYAhoeCtgBkALgOW96RnT7NYcq7BgRYC2cK01sqgqA9bEPixLhqLFvYjfRowqrLPJt4LrJY0eHvB6U%2Bf1oMw2culByl9sG4k%2ByA8ktIBqa4iOEYv7dJm -> Deleted
[PUP.Gen0][File] C:\Users\rschott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\?P Print f?r ?hr?me.lnk [LNK@] C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat -> Removed at reboot [2]
[PUP.Gen0][File] C:\Users\rschott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\?hr?m? R?mot? Desktop.lnk [LNK@] C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat -> Removed at reboot [2]
[PUP.Gen0][File] C:\Users\rschott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\?hr?m? R?m?te Deskt?? (1).lnk [LNK@] C:\Users\rschott\AppData\Roaming\Browsers\exe.emorhc.bat -> Removed at reboot [2]
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Chameleon [dmpojjilddefgnhiicjcmhbkjgbbclob] -> Not selected
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1600AAJS-75M0A0 ATA Device +++++
--- User ---
[MBR] 30da55b94bb77fcdc79fa6e2dc6d3905
[BSP] e7a4d88e39462edee4d9ce59ade9badd : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 80325 | Size: 152546 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: WD My Book 1230 USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Lexar USB Flash Drive USB Device +++++
--- User ---
[MBR] 360811f065e70999b9268cccbf780435
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 15262 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
# AdwCleaner 7.0.8.0 - Logfile created on Fri Apr 06 12:25:42 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 7 Professional (X86)
# Mode: clean
 
***** [ Services ] *****
 
Deleted: e22f02dadddbee8749c5207c136a7b10
 
 
***** [ Folders ] *****
 
No malicious folders deleted.
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
Plugin deleted: Chameleon - 
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [1503 B] - [2018/3/27 14:10:10]
C:/AdwCleaner/AdwCleaner[S1].txt - [1267 B] - [2018/4/6 12:22:40]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 



#6 shotsky

shotsky
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 06 April 2018 - 08:22 AM

I had to attach the Fixlog, it would not allow me to copy and paste

Attached Files



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:45 AM

Posted 06 April 2018 - 12:15 PM

Run Msconfig and enable all Windows Services.

 

How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 shotsky

shotsky
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 06 April 2018 - 12:24 PM

Looking good, back to running at full speed. I can't thank you enough and all the folks at Bleeping Computer.



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:45 AM

Posted 06 April 2018 - 12:32 PM

Congratulations.

 

Use this application to remove quarantined items.

 

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)

Make sure you enable System Restore.

 

Since there are no signs of infection anymore in your logs I guess we're done here.
 
Windows Updates
 
Keeping Windows up to date is one of the first steps in having a safe and secure system.

Keeping your programs up-to-date
 
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:


As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.
 
Other recommendations
 
It's your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.
Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :

Best regards. :)

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:45 AM

Posted 06 April 2018 - 11:17 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users