Solved Cant seem to shake PC issues

D

David Simoneaux

Posts: 22   +0
Hello all,

My computer has been acting real funny lately... from explorer.exe not running at start up, to a BSOD when I run Microsoft Malicious Software Removal Tool. I have been doing some reading and know that there are some entries in here that need to be fixed, I am just unsure on how to create the fix file. Latest FRST logs below.

Thanks in advance for your help.

FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017
Ran by Administrator (administrator) on HOMESTEAD (19-02-2017 23:02:38)
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available Profiles: Justin & Ryan & David & Administrator & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-18] (AVAST Software)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-13] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\ [0 ] ()
HKLM\...\Winlogon: [Shell] "explorer.exe" [3229696 2016-08-29] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-18] (AVAST Software)
BootExecute: autocheck autochk * bootdeletesdnclean64.exe
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3559958457-2575535085-3770899071-1005\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3559958457-2575535085-3770899071-1004\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4C7E769E-D1AC-4F30-AF91-A0F76F8CA78F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{806CA2A1-B3EA-412D-B535-989F8F61EACA}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AE618A4C-58CC-41E0-9E43-EA4F8004A35B}: [DhcpNameServer] 10.0.22.1 10.0.22.2

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-02-18] (AVAST Software)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-02] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-02-18] (AVAST Software)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-02] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://vpn.berryaviation.com/CACHE/stc/3/binaries/vpnweb.cab
DPF: HKLM-x32 {FFA7A955-5A33-42F7-A77B-8E46AE2FAA64} hxxps://www.playmemoriescameraapps.com/portal/PMCA/PMCADownloader.cab

FireFox:
========
FF HKLM\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2016-12-05]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-12-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Sony Corporation/PMCADownloader -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\npPMCADownloader.dll [2012-10-17] (Sony Network Entertainment International LLC)
FF Plugin-x32: Sony Corporation/PMCADownloaderHelper -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\PMCADownloaderHelper.exe [2012-10-17] (Sony Network Entertainment International LLC)
FF Plugin-x32: Sony Corporation/PMCADownloaderLib -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\PMCADownloaderLib.dll [2012-10-17] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2012-10-19] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2012-10-19] (Coupons, Inc.)

Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2017-02-19]
CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-09]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-09]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-09]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-09]
CHR Extension: (Foxit PDF Creator) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2017-02-09]
CHR Extension: (Avast SafePrice) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-02-19]
CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-09]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-09]
CHR Extension: (Avast Online Security) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-02-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-09]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-09]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2016-11-22]
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2016-11-22]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-18] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-18] (AVAST Software)
S4 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-07-17] (DeviceVM, Inc.) [File not signed]
S4 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
S4 FoxitPhantomService; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1659080 2016-12-30] (Foxit Software Inc.)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
S4 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S4 OpenVPNServiceInteractive; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [92968 2016-06-15] (The OpenVPN Project)
S4 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [487960 2014-12-15] (Sony Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 proXPN VPN; C:\Program Files (x86)\proXPN\bin\proXPNService.exe [127456 2016-09-13] ()
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-20] () [File not signed]
R3 AmdK8; C:\Windows\System32\DRIVERS\amdk8.sys [64512 2009-07-13] () [File not signed]
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2017-02-09] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2017-02-09] ()
S3 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309784 2017-02-18] (AVAST Software s.r.o.)
S3 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-02-18] (AVAST Software s.r.o.)
S3 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-02-18] (AVAST Software s.r.o.)
S3 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-02-18] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-02-18] (AVAST Software)
S3 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-02-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126088 2017-02-18] (AVAST Software)
S3 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-02-18] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [74680 2017-02-18] (AVAST Software)
S3 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [991496 2017-02-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [547904 2017-02-18] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-02-18] (AVAST Software)
R3 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337080 2017-02-18] (AVAST Software)
R0 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-13] () [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2010-11-20] () [File not signed]
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2010-11-20] () [File not signed]
R0 Disk; C:\Windows\System32\drivers\disk.sys [73664 2016-01-20] () [File not signed]
R3 Dot4; C:\Windows\System32\DRIVERS\Dot4.sys [145920 2009-07-13] () [File not signed]
R3 Dot4Print; C:\Windows\System32\DRIVERS\Dot4Prt.sys [19968 2010-11-20] () [File not signed]
R3 dot4usb; C:\Windows\System32\DRIVERS\dot4usb.sys [43008 2009-07-13] () [File not signed]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2015-12-08] () [File not signed]
R3 fdc; C:\Windows\System32\DRIVERS\fdc.sys [29696 2009-07-13] () [File not signed]
R3 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [24576 2009-07-13] () [File not signed]
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2014-07-11] (LeapFrog)
R3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-20] () [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2010-11-20] () [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] () [File not signed]
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-02-18] ()
S3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-13] () [File not signed]
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [274880 2014-02-03] () [File not signed]
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-13] () [File not signed]
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] () [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-13] () [File not signed]
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-13] () [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-13] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-13] () [File not signed]
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-13] () [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R3 Parport; C:\Windows\System32\DRIVERS\parport.sys [97280 2009-07-13] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] () [File not signed]
R0 pciide; C:\Windows\System32\drivers\pciide.sys [12352 2009-07-13] () [File not signed]
S3 Point64; C:\Windows\System32\DRIVERS\point64.sys [50896 2014-03-19] () [File not signed]
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-13] () [File not signed]
S3 SaiK0836; C:\Windows\System32\DRIVERS\SaiK0836.sys [172040 2010-06-17] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [23552 2009-07-13] () [File not signed]
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] () [File not signed]
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-13] () [File not signed]
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [63360 2010-11-20] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2016-08-16] () [File not signed]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [56320 2016-08-16] () [File not signed]
R3 usbhub; C:\Windows\system32\drivers\usbhub.sys [343552 2016-08-16] () [File not signed]
R3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2016-08-16] () [File not signed]
R3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-13] () [File not signed]
R3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2016-02-03] () [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2016-08-16] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-13] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] () [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2016-08-12] (Cisco Systems, Inc.)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] () [File not signed]
U3 aswbdisk; no ImagePath

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\acsock64.sys B598E1D166E92198948BA07888E196F6
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdk8.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\atikmdag.sys 60216B0E704584DE6D5A9F59E9C34C47
C:\Windows\System32\DRIVERS\atikmpag.sys 6B4E9261B613B047A9A145F328889968
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys FCE5C79717A487BDC71F3DEC78A684CA
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\AsIO.sys A82C01606DC27D05D9D3BFB6BB807E32
C:\Windows\SysWow64\drivers\AsUpIO.sys 26D66E32E78D3059715B3A17BC679CD9
C:\Windows\system32\drivers\aswbidsdrivera.sys 6F75DD4F4FD75123D25A0617EECE6FDE
C:\Windows\system32\drivers\aswbidsha.sys 40C2E8C97ECA864335FA3F0078B6B5EF
C:\Windows\system32\drivers\aswbloga.sys 92CF5055E25B608B54B42A88F805ACD4
C:\Windows\system32\drivers\aswbuniva.sys B322161C7CFC1F81B77CC87AD5D85BBA
C:\Windows\system32\drivers\aswHwid.sys 1CB55C233334A3A3DACDD99647753055
C:\Windows\system32\drivers\aswKbd.sys 18ABFE3C4878E2F410A23383DB850CF6
C:\Windows\system32\drivers\aswMonFlt.sys 7534937F601E1CF6D63BCFD3768982F0
C:\Windows\system32\drivers\aswRdr2.sys 29EF51E9D17276AFAA354AE09A543688
C:\Windows\system32\drivers\aswRvrt.sys EF03E68187720D35092E3D6858064170
C:\Windows\system32\drivers\aswSnx.sys 9A95D9A2726393975C3DD50751085B83
C:\Windows\system32\drivers\aswSP.sys 11DF322991B0E54278D5EBB7C7E3BCC8
C:\Windows\system32\drivers\aswStm.sys 69AE094434DCDB5ABE292F4EBD261C9B
C:\Windows\system32\drivers\aswVmm.sys FF7843417D319B14F96AC4D883D5BEEA
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\athrx.sys 195786ED7A26E1913A4F9799FDBC2C71
C:\Windows\System32\DRIVERS\atikmdag.sys 60216B0E704584DE6D5A9F59E9C34C47
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys 09391BA416AA29682298A612FDFDD7B8
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ABA3984C822E4D3F889699912D85D6C5
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 3D67C27DD17B254D7915FA16A5AE3573
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys A98CED39AD91B445E2E442A9BD67E8B4
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CVirtA64.sys 44BDDEB03C84A1C993C992FFB5700357
C:\Windows\System32\DRIVERS\dc3d.sys D06E443457FADC6B1AFAF3AA4B6936F6
C:\Windows\System32\Drivers\dfsc.sys 9B38580063D281A99E68EF5813022A5F
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\System32\DRIVERS\dne64x.sys 05CB5910B3CA6019FC3CCA815EE06FFB
C:\Windows\System32\DRIVERS\Dot4.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\Dot4Prt.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\dot4usb.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\drmkaud.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\dxgkrnl.sys 3A9D7D464BDB3B70D7ECF689ADABBD4D
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\FlyUsb.sys 6CD6BB45BD3E0EEF6CE496BF52854FF1
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\HDAudBus.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\hitmanpro37.sys E7EF785213EB121023E670B4D28BC745
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\kbdclass.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\kbdhid.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\Drivers\ksecdd.sys 6F5F0C6160EF237F0243C1E416EEBA98
C:\Windows\System32\Drivers\ksecpkg.sys 05529E53B286FD60E7EF04EF138CABFD
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LEqdUsb.Sys 015BABFCD2E911C505204257DAB5ADC5
C:\Windows\System32\DRIVERS\LHidEqd.Sys 20A23B8863AAA8A23EEB9E2919F529FD
C:\Windows\System32\DRIVERS\LHidFilt.Sys 77D5786C6A7765503884E38706C9FD5E
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LMouFilt.Sys F84023FB2E3DEA06103501974A2EDB44
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\mouclass.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\mouhid.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\mountmgr.sys 8ADB5445B29941CB41AF2846FD5C93C7
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 98DB1790F0A584E0A2528B92B052417F
C:\Windows\System32\DRIVERS\mrxsmb.sys 632E8A00090E4F85F304E152C92C7F2C
C:\Windows\System32\DRIVERS\mrxsmb10.sys 0D9C05484F2F4BD9D33A615D5DBE67EA
C:\Windows\System32\DRIVERS\mrxsmb20.sys 6123E6FECC1C164022868FB1982271BE
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ASACPI.sys 03B7145C889603537E9FFEABB1AD1089
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 47B2D0B31BDC3EBE6090228E2BA3764D
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda64v.sys D812362E8AF615B521AD4DF19A93BD5A
C:\Windows\System32\DRIVERS\nvlddmkm.sys 668E7BC286D8436FBCF08BF999FEF840
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\System32\drivers\nvvad64v.sys F37FE6B15A987AEEC08EEF531F2FAED7
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\pciide.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys EA4D67448BE493D543F1730D6CD04694
C:\Windows\System32\DRIVERS\point64.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SaiK0836.sys 2B44FF231CAC210A32904C310FB476CD
C:\Windows\System32\DRIVERS\SaiMini.sys B08581EDF3290210D3366CD2D992F6C2
C:\Windows\System32\drivers\SaiBus.sys D086C2F45D328C2F63FC6B4CD79FCB66
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\serial.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\sermouse.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys EC666682FE8344CF7E6ED69E74FA9F4F
C:\Windows\System32\DRIVERS\srv2.sys E450C0318DCE8ED28ED272C8806B8495
C:\Windows\System32\DRIVERS\srvnet.sys 9C12C78AD36C23D925711A4640228225
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tap0901.sys 134B275751051C5D03F9ACCDC4F8CAAB
C:\Windows\System32\drivers\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\DRIVERS\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\System32\DRIVERS\termdd.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\usbhub.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\usbohci.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\usbprint.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\usbuhci.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\vdrvroot.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\vgapnp.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vpnva64-6.sys 0F42C39016F82F345C0F2DB2D5B90EB4
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\usb2ser.sys 9955F303C20C4F58DB6645C6248DE1C8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
FRST continued:

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-19 23:01 - 2017-02-19 23:01 - 00000000 ____D C:\Users\Administrator\Downloads\FRST-OlderVersion
2017-02-19 22:56 - 2017-02-19 22:56 - 627363199 _____ C:\Windows\MEMORY.DMP
2017-02-19 22:51 - 2017-02-19 22:51 - 00097278 _____ C:\Users\Administrator\Desktop\dds.txt
2017-02-19 22:51 - 2017-02-19 22:51 - 00020906 _____ C:\Users\Administrator\Desktop\attach.txt
2017-02-19 22:45 - 2017-02-19 22:46 - 307157340 _____ C:\Users\Administrator\Desktop\backup.reg
2017-02-19 22:39 - 2017-02-19 22:39 - 00000145 _____ C:\Users\Administrator\Desktop\test.reg
2017-02-19 22:23 - 2017-02-19 22:23 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-02-19 22:22 - 2017-02-19 22:26 - 00000000 ____D C:\Users\Administrator\Downloads\shexview-x64
2017-02-19 22:22 - 2017-02-19 22:22 - 00097609 _____ C:\Users\Administrator\Downloads\shexview-x64.zip
2017-02-19 21:46 - 2017-02-19 21:46 - 00000000 ____D C:\Users\Administrator\Documents\ProcAlyzer Dumps
2017-02-19 21:35 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-02-19 21:35 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\ProgramData\Desktop\Post Win10 Spybot-install.exe
2017-02-19 21:23 - 2017-02-19 21:59 - 00000975 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-19 21:23 - 2017-02-19 21:59 - 00000975 _____ C:\ProgramData\Desktop\CCleaner.lnk
2017-02-19 21:23 - 2017-02-19 21:23 - 00002808 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-02-19 21:23 - 2017-02-19 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-19 21:23 - 2017-02-19 21:23 - 00000000 ____D C:\Program Files\CCleaner
2017-02-19 21:22 - 2017-02-19 21:22 - 09261112 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup527pro.exe
2017-02-19 21:20 - 2017-02-19 21:21 - 00000000 ____D C:\Program Files (x86)\Driver Fusion
2017-02-19 21:20 - 2017-02-19 21:20 - 00001062 _____ C:\Users\Public\Desktop\Driver Fusion.lnk
2017-02-19 21:20 - 2017-02-19 21:20 - 00001062 _____ C:\ProgramData\Desktop\Driver Fusion.lnk
2017-02-19 21:20 - 2017-02-19 21:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Fusion
2017-02-19 21:19 - 2017-02-19 21:19 - 04017285 _____ (Treexy) C:\Users\Administrator\Downloads\driverfusionsetup.exe
2017-02-19 21:17 - 2017-02-19 21:18 - 00000000 ____D C:\Users\Administrator\Desktop\driversweep
2017-02-19 21:16 - 2017-02-19 21:16 - 01545207 _____ C:\Users\Administrator\Downloads\DDUv120-Guru3D.com].exe
2017-02-19 21:16 - 2014-02-04 11:30 - 03087360 _____ C:\Users\Administrator\Downloads\Display Driver Uninstaller.exe
2017-02-19 21:16 - 2014-02-04 11:30 - 00165376 _____ C:\Users\Administrator\Downloads\Display Driver Uninstaller.pdb
2017-02-19 21:16 - 2014-02-04 11:30 - 00001071 _____ C:\Users\Administrator\Downloads\Display Driver Uninstaller.exe.config
2017-02-19 21:16 - 2014-01-21 13:27 - 00000000 ____D C:\Users\Administrator\Downloads\settings
2017-02-19 21:07 - 2017-02-19 21:07 - 00010754 _____ C:\Users\Administrator\Downloads\XP_FixLogon.zip
2017-02-19 21:07 - 2017-02-19 21:07 - 00001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-02-19 21:07 - 2017-02-19 21:07 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-02-19 21:07 - 2017-02-19 21:07 - 00001379 _____ C:\ProgramData\Desktop\Spybot-S&D Start Center.lnk
2017-02-19 21:07 - 2017-02-19 21:07 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-02-19 21:07 - 2017-02-19 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-02-19 21:07 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-02-19 21:06 - 2017-02-19 21:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-19 21:06 - 2017-02-19 21:35 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-02-19 21:01 - 2017-02-19 21:03 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Administrator\Downloads\spybot-2.4.exe
2017-02-19 20:42 - 2017-02-19 20:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2017-02-19 11:17 - 2017-02-19 11:32 - 00007636 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2017-02-19 11:02 - 2017-02-19 11:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
2017-02-19 11:02 - 2017-02-19 11:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\CEF
2017-02-18 18:10 - 2017-02-18 18:10 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-02-18 18:02 - 2017-02-18 18:02 - 00776574 _____ C:\Users\David\Downloads\gdiplus (1).zip
2017-02-18 17:53 - 2017-02-18 17:53 - 00885580 _____ C:\Users\David\Downloads\gdiplus.zip
2017-02-18 17:43 - 2017-02-18 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-02-18 17:43 - 2017-02-18 17:43 - 00000000 ____D C:\Program Files\7-Zip
2017-02-18 01:53 - 2017-02-18 01:53 - 00012442 _____ C:\Windows\system32\.crusader
2017-02-18 01:46 - 2017-02-18 18:25 - 00003894 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1487403968
2017-02-18 01:46 - 2017-02-18 01:47 - 18666584 _____ (PC Tools) C:\Users\David\Downloads\rminstall.exe
2017-02-18 01:46 - 2017-02-18 01:46 - 00001043 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-02-18 01:46 - 2017-02-18 01:46 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-02-18 01:46 - 2017-02-18 01:46 - 00001043 _____ C:\ProgramData\Desktop\Avast SafeZone Browser.lnk
2017-02-18 01:45 - 2017-02-18 01:44 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-02-18 01:44 - 2017-02-18 01:53 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-18 01:43 - 2017-02-19 21:35 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-18 01:43 - 2017-02-19 20:49 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-02-18 01:43 - 2017-02-19 11:01 - 00002075 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-02-18 01:43 - 2017-02-19 11:01 - 00002075 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2017-02-18 01:43 - 2017-02-18 01:43 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-02-18 01:43 - 2017-02-18 01:43 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-02-18 01:43 - 2017-02-18 01:43 - 00337080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-02-18 01:43 - 2017-02-18 01:43 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-02-18 01:43 - 2017-02-18 01:43 - 00126088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-02-18 01:43 - 2017-02-18 01:43 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-02-18 01:43 - 2017-02-18 01:43 - 00074680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-02-18 01:43 - 2017-02-18 01:43 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-02-18 01:43 - 2017-02-18 01:43 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-02-18 01:43 - 2017-02-18 01:43 - 00000000 ____D C:\Users\David\AppData\Roaming\AVAST Software
2017-02-18 01:43 - 2017-02-18 01:43 - 00000000 ____D C:\Users\David\AppData\Local\CEF
2017-02-18 01:43 - 2017-02-18 01:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-02-18 01:43 - 2017-02-18 01:42 - 00991496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-02-18 01:43 - 2017-02-18 01:41 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-02-18 01:43 - 2017-02-18 01:41 - 00309784 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-02-18 01:43 - 2017-02-18 01:41 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-02-18 01:43 - 2017-02-18 01:41 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-02-18 01:42 - 2017-02-18 01:43 - 11581544 _____ (SurfRight B.V.) C:\Users\David\Downloads\hitmanpro_x64.exe
2017-02-18 01:42 - 2017-02-18 01:42 - 09096848 _____ (SurfRight B.V.) C:\Users\David\Downloads\HitmanPro.exe
2017-02-18 01:41 - 2017-02-18 01:44 - 00000000 ____D C:\Program Files\AVAST Software
2017-02-18 01:40 - 2017-02-18 02:24 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-18 01:40 - 2017-02-18 01:40 - 06654960 _____ (AVAST Software) C:\Users\David\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2017-02-17 20:31 - 2017-02-17 20:31 - 00149672 _____ C:\Users\Katie\Desktop\BubblesOnBlanco.pdf
2017-02-17 18:34 - 2017-02-17 18:34 - 00000552 __RSH C:\Users\Katie\ntuser.pol
2017-02-16 02:51 - 2017-02-16 03:06 - 00000000 ____D C:\Users\David\AppData\Local\CrashDumps
2017-02-16 02:51 - 2017-02-16 02:51 - 09261616 _____ (Piriform Ltd) C:\Users\David\Downloads\ccsetup527.exe
2017-02-16 02:50 - 2017-02-16 02:50 - 00231390 _____ C:\Users\David\Downloads\RootkitRevealer.zip
2017-02-16 02:50 - 2017-02-16 02:50 - 00000000 ____D C:\Users\David\Downloads\RootkitRevealer
2017-02-16 00:47 - 2017-02-16 00:47 - 00108871 _____ C:\Users\David\Downloads\Shortcut.txt
2017-02-16 00:46 - 2017-02-16 00:47 - 00040068 _____ C:\Users\David\Downloads\Addition.txt
2017-02-16 00:44 - 2017-02-16 00:47 - 00103473 _____ C:\Users\David\Downloads\FRST.txt
2017-02-16 00:38 - 2017-02-16 00:38 - 02422272 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2017-02-16 00:30 - 2017-02-16 00:30 - 00000552 __RSH C:\Users\David\ntuser.pol
2017-02-16 00:02 - 2017-02-16 00:02 - 01764352 _____ (Farbar) C:\Users\David\Downloads\FRST.exe
2017-02-15 23:52 - 2017-02-15 23:53 - 00000000 ____D C:\Users\David\AppData\Roaming\Notepad++
2017-02-15 23:32 - 2017-02-15 23:33 - 147118352 _____ (Microsoft Corporation) C:\Users\David\Downloads\msert.exe
2017-02-14 22:32 - 2017-02-14 22:32 - 01068345 _____ C:\Users\David\Downloads\Windows6.1-KB3078667-x64.msu
2017-02-14 21:51 - 2017-02-18 18:09 - 00007623 _____ C:\Users\David\AppData\Local\resmon.resmoncfg
2017-02-14 21:06 - 2017-02-14 21:06 - 00019913 _____ C:\Users\David\Downloads\RangerSchoolPackingList.pdf
2017-02-14 21:04 - 2017-02-14 21:04 - 00236535 _____ C:\Users\David\Downloads\BLC Packing List.pdf
2017-02-14 19:39 - 2013-04-13 22:23 - 00001272 _____ C:\Users\David\Desktop\Snipping Tool.lnk
2017-02-11 14:16 - 2017-02-11 14:36 - 00000000 ____D C:\Users\David\Desktop\Work Dump
2017-02-11 14:16 - 2017-02-11 14:16 - 00131320 _____ C:\Users\David\Downloads\dsimoneaux_ssl_vpn_config.exe
2017-02-10 18:28 - 2017-02-11 14:37 - 00000000 ____D C:\Users\David\AppData\Roaming\Foxit Software
2017-02-10 11:14 - 2017-02-10 11:14 - 00166885 _____ C:\Users\David\Downloads\RA22620 SN32637230001 Heliq Custom Mobility.hc_hoist_data
2017-02-10 11:04 - 2017-02-10 11:04 - 00000000 ____D C:\Users\David\AppData\Roaming\webex
2017-02-10 11:03 - 2017-02-10 11:46 - 00000000 ____D C:\Users\David\AppData\LocalLow\WebEx
2017-02-10 11:03 - 2017-02-10 11:04 - 00000000 ____D C:\Users\David\AppData\Local\WebEx
2017-02-10 11:03 - 2017-02-10 11:04 - 00000000 ____D C:\ProgramData\WebEx
2017-02-10 11:03 - 2017-02-10 11:03 - 01021208 _____ (Cisco WebEx LLC) C:\Users\David\Downloads\Cisco_WebEx_Add-On.exe
2017-02-10 11:03 - 2017-02-10 11:03 - 00000000 ____D C:\Users\David\AppData\Roaming\Mozilla
2017-02-10 08:39 - 2017-02-15 00:26 - 00010114 _____ C:\Users\David\proxpn.ovpn
2017-02-10 08:39 - 2017-02-10 08:39 - 00000000 ____D C:\Users\David\AppData\Local\proXPN B.V
2017-02-10 08:38 - 2017-02-10 08:38 - 00001073 _____ C:\Users\David\Desktop\proXPN - Shortcut.lnk
2017-02-09 22:45 - 2017-02-10 08:40 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-02-09 22:45 - 2017-02-09 22:45 - 00000000 ____D C:\Users\David\AppData\Local\NVIDIA Corporation
2017-02-09 22:44 - 2017-02-09 22:44 - 00002259 _____ C:\Users\David\Desktop\Google Chrome.lnk
2017-02-09 20:24 - 2017-02-19 21:26 - 00000000 ____D C:\Users\newoldkatie
2017-02-09 20:24 - 2017-02-09 20:24 - 00113920 _____ C:\Users\newoldkatie\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-09 20:24 - 2017-02-09 20:24 - 00002259 _____ C:\Users\newoldkatie\Desktop\Google Chrome.lnk
2017-02-09 20:24 - 2017-02-09 20:24 - 00001417 _____ C:\Users\newoldkatie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-09 20:24 - 2017-02-09 20:24 - 00000020 ___SH C:\Users\newoldkatie\ntuser.ini
2017-02-09 20:24 - 2017-02-09 20:24 - 00000000 _SHDL C:\Users\newoldkatie\My Documents
2017-02-09 20:24 - 2017-02-09 20:24 - 00000000 _SHDL C:\Users\newoldkatie\Documents\My Videos
2017-02-09 20:24 - 2017-02-09 20:24 - 00000000 _SHDL C:\Users\newoldkatie\Documents\My Pictures
2017-02-09 20:24 - 2017-02-09 20:24 - 00000000 _SHDL C:\Users\newoldkatie\Documents\My Music
2017-02-09 20:24 - 2017-02-09 20:24 - 00000000 ____D C:\Users\newoldkatie\AppData\Roaming\Adobe
2017-02-09 20:24 - 2017-02-09 20:24 - 00000000 ____D C:\Users\newoldkatie\AppData\Local\VirtualStore
2017-02-09 20:24 - 2017-02-09 20:24 - 00000000 ____D C:\Users\newoldkatie\AppData\Local\Sophos
2017-02-09 20:24 - 2017-02-09 20:24 - 00000000 ____D C:\Users\newoldkatie\AppData\Local\NVIDIA
2017-02-09 20:24 - 2017-02-09 20:24 - 00000000 ____D C:\Users\newoldkatie\AppData\Local\Google
2017-02-09 20:24 - 2017-02-09 20:24 - 00000000 ____D C:\Users\newoldkatie\.cisco
2017-02-09 20:24 - 2013-06-02 12:13 - 00000000 ____D C:\Users\newoldkatie\AppData\Local\Microsoft Help
2017-02-09 20:24 - 2011-04-12 01:51 - 00000000 ____D C:\Users\newoldkatie\AppData\Roaming\Media Center Programs
2017-02-09 19:59 - 2017-02-19 21:14 - 00000177 ____H C:\dvmexp.idx
2017-02-09 19:58 - 2017-02-09 19:59 - 00000000 ___HD C:\dvmexp
2017-02-09 19:58 - 2017-02-09 19:58 - 00000000 ___HD C:\ASUS.000
2017-02-09 19:58 - 2017-02-09 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Gate
2017-02-09 19:57 - 2017-02-09 19:57 - 00000000 ___HD C:\ASUS.SYS
2017-02-09 19:57 - 2017-02-09 19:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\Downloaded Installations
2017-02-09 19:52 - 2017-02-09 19:52 - 00000000 ____D C:\Windows\System32\Tasks\ASUS
2017-02-09 19:51 - 2017-02-09 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-02-09 19:51 - 2017-02-09 19:52 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-02-09 19:51 - 2017-02-09 19:50 - 00024576 _____ () C:\Windows\SysWOW64\AsIO.dll
2017-02-09 19:51 - 2017-02-09 19:50 - 00013440 _____ C:\Windows\SysWOW64\Drivers\AsIO.sys
2017-02-09 19:51 - 2017-02-09 19:50 - 00013368 _____ C:\Windows\SysWOW64\Drivers\AsUpIO.sys
2017-02-09 19:51 - 2008-01-04 13:34 - 00011832 _____ C:\Windows\SysWOW64\Drivers\AsInsHelp64.sys
2017-02-09 19:51 - 2008-01-04 13:34 - 00010216 _____ C:\Windows\SysWOW64\Drivers\AsInsHelp32.sys
2017-02-09 19:51 - 2004-02-27 00:00 - 00962612 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42d.dll
2017-02-09 19:51 - 2004-02-17 00:00 - 00434252 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCRTD.DLL
2017-02-09 19:50 - 2017-02-09 19:50 - 00000000 ____D C:\Users\Administrator\Downloads\MB_WIN7_ATK
2017-02-09 19:50 - 2017-02-09 19:50 - 00000000 ____D C:\Users\Administrator\Downloads\AsusUpdt_V71706
2017-02-09 19:50 - 2017-02-09 19:50 - 00000000 ____D C:\Users\Administrator\Downloads\AMD_RaidAHCI_XPVistaWin7
2017-02-09 19:50 - 2017-02-09 19:50 - 00000000 ____D C:\Users\Administrator\Downloads\AMD_CnQ_V21803_XpVistaWin7
2017-02-09 19:49 - 2017-02-09 19:50 - 00707039 _____ C:\Users\Administrator\Downloads\M3A78-CM-ASUS-2801 (1).zip
2017-02-09 19:49 - 2017-02-09 19:49 - 10848081 _____ C:\Users\Administrator\Downloads\AsusUpdt_V71706.zip
2017-02-09 19:49 - 2017-02-09 19:49 - 05948983 _____ C:\Users\Administrator\Downloads\AMD_CnQ_V21803_XpVistaWin7.zip
2017-02-09 19:49 - 2017-02-09 19:49 - 01804867 _____ C:\Users\Administrator\Downloads\AMD_RaidAHCI_XPVistaWin7.zip
2017-02-09 19:49 - 2017-02-09 19:49 - 00119877 _____ C:\Users\Administrator\Downloads\MB_WIN7_ATK.zip
2017-02-09 19:48 - 2017-02-09 19:48 - 00001214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
2017-02-09 19:48 - 2017-02-09 19:48 - 00001202 _____ C:\Users\Public\Desktop\HD VDeck.lnk
2017-02-09 19:48 - 2017-02-09 19:48 - 00001202 _____ C:\ProgramData\Desktop\HD VDeck.lnk
2017-02-09 19:47 - 2017-02-09 19:48 - 00000000 ____D C:\Program Files (x86)\VIA
2017-02-09 19:47 - 2007-04-11 15:35 - 00414632 ____N (Microsoft Corporation) C:\Windows\difxapi.dll
2017-02-09 19:45 - 2017-02-09 19:50 - 00001769 _____ C:\Windows\Language_trs.ini
2017-02-09 19:43 - 2017-02-09 19:43 - 00000000 ____D C:\Users\Administrator\Downloads\v7400a
2017-02-09 19:43 - 2017-02-09 19:43 - 00000000 ____D C:\Users\Administrator\Downloads\M3A78-CM-ASUS-2801
2017-02-09 19:43 - 2017-02-09 19:43 - 00000000 ____D C:\Users\Administrator\Downloads\ExpressGate_Installer_V141014_XPVistaWin7
2017-02-09 19:43 - 2017-02-09 19:43 - 00000000 ____D C:\Users\Administrator\Downloads\AMD_VGA_V863200_XPVistaWin7
2017-02-09 19:31 - 2017-02-09 19:31 - 00000000 ____D C:\Users\Administrator\Downloads\rufus_files
2017-02-09 19:30 - 2017-02-09 19:31 - 00000064 _____ C:\Users\Administrator\Downloads\rufus.ini
2017-02-09 19:29 - 2017-02-09 19:30 - 143312896 _____ C:\Users\Administrator\Downloads\pwfree91-x64.iso
2017-02-09 19:29 - 2017-02-09 19:30 - 00949880 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Administrator\Downloads\rufus-2.12p.exe
2017-02-09 13:19 - 2017-02-19 21:47 - 00000000 ___DC C:\Users\Administrator\AppData\Local\MigWiz
2017-02-09 12:58 - 2017-02-10 18:40 - 00002282 ____H C:\Users\David\Documents\Default.rdp
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ___RD C:\Users\David\Documents\Scanned Documents
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Documents\Web Easy
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Documents\Outlook Files
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Documents\My Scans
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Documents\MotorolaMediaLink
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Documents\Lisano Enterprises
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Documents\Flight Simulator X Files
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Documents\Fax
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Documents\Aiseesoft Studio
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Desktop\WSP
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Desktop\vet pics
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Desktop\Turbo Timer install instructions (2000) - AudiWorld Forums_files
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Desktop\Scouts Stuff
2017-02-09 12:58 - 2017-02-08 13:01 - 00079082 _____ C:\Users\David\Downloads\MTB.txt
2017-02-09 12:58 - 2017-02-08 12:59 - 00892416 _____ (Farbar) C:\Users\David\Downloads\MiniToolBox.exe
2017-02-09 12:58 - 2017-02-07 12:49 - 00000000 ____D C:\Users\David\Documents\Custom Office Templates
2017-02-09 12:58 - 2011-01-19 12:21 - 00000000 ____D C:\Users\David\Documents\Podcast
2017-02-09 12:57 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Desktop\Ryans Birthday
2017-02-09 12:57 - 2017-02-09 12:57 - 00000000 ____D C:\Users\David\Desktop\NRA
2017-02-09 12:57 - 2017-02-09 12:57 - 00000000 ____D C:\Users\David\Desktop\Home Inspector
2017-02-09 12:57 - 2017-02-09 12:57 - 00000000 ____D C:\Users\David\Desktop\Dave
2017-02-09 12:57 - 2017-02-09 12:57 - 00000000 ____D C:\Users\David\Desktop\Babysitting stuff
2017-02-09 12:57 - 2017-02-09 12:57 - 00000000 ____D C:\Users\David\.cisco
2017-02-09 12:57 - 2017-02-07 14:39 - 00092659 _____ C:\Users\David\Desktop\FormLLC.pdf
2017-02-09 12:57 - 2015-03-15 09:56 - 07344951 _____ C:\Users\David\Desktop\VW Parts Manual.pdf
2017-02-09 12:57 - 2014-08-11 08:14 - 00011089 _____ C:\Users\David\Desktop\VWrepair.xlsx
2017-02-09 12:56 - 2017-02-16 03:02 - 00000000 ____D C:\Users\David
2017-02-09 12:56 - 2017-02-09 22:51 - 00000000 ____D C:\Users\David\AppData\Local\Google
2017-02-09 12:56 - 2017-02-09 12:56 - 00113920 _____ C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-09 12:56 - 2017-02-09 12:56 - 00001417 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-09 12:56 - 2017-02-09 12:56 - 00000020 ___SH C:\Users\David\ntuser.ini
2017-02-09 12:56 - 2017-02-09 12:56 - 00000000 _SHDL C:\Users\David\My Documents
2017-02-09 12:56 - 2017-02-09 12:56 - 00000000 _SHDL C:\Users\David\Documents\My Videos
2017-02-09 12:56 - 2017-02-09 12:56 - 00000000 _SHDL C:\Users\David\Documents\My Pictures
2017-02-09 12:56 - 2017-02-09 12:56 - 00000000 _SHDL C:\Users\David\Documents\My Music
2017-02-09 12:56 - 2017-02-09 12:56 - 00000000 ____D C:\Users\David\AppData\Roaming\Adobe
2017-02-09 12:56 - 2017-02-09 12:56 - 00000000 ____D C:\Users\David\AppData\Local\VirtualStore
2017-02-09 12:56 - 2017-02-09 12:56 - 00000000 ____D C:\Users\David\AppData\Local\Sophos
2017-02-09 12:56 - 2017-02-09 12:56 - 00000000 ____D C:\Users\David\AppData\Local\NVIDIA
2017-02-09 12:56 - 2013-06-02 12:13 - 00000000 ____D C:\Users\David\AppData\Local\Microsoft Help
2017-02-09 12:56 - 2011-04-12 01:51 - 00000000 ____D C:\Users\David\AppData\Roaming\Media Center Programs
2017-02-09 12:49 - 2017-02-09 12:51 - 00000000 ____D C:\Users\Old2David
2017-02-09 10:56 - 2017-02-09 10:58 - 00246412 _____ C:\TDSSKiller.3.1.0.12_09.02.2017_10.56.17_log.txt
2017-02-09 10:56 - 2017-02-09 10:56 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Administrator\Downloads\tdsskiller.exe
2017-02-09 10:45 - 2017-02-09 10:46 - 00035145 _____ C:\Users\Administrator\Downloads\Addition.txt
2017-02-09 10:44 - 2017-02-19 23:02 - 00043086 _____ C:\Users\Administrator\Downloads\FRST.txt
2017-02-09 10:22 - 2017-02-16 00:21 - 00001622 __RSH C:\ProgramData\ntuser.pol
2017-02-09 10:02 - 2017-02-09 10:03 - 00688992 ____R (Swearware) C:\Users\Administrator\Downloads\dds.com
2017-02-09 09:58 - 2017-02-14 22:54 - 00000000 ____D C:\Windows\System32\Tasks\Event Viewer Tasks
2017-02-09 09:04 - 2017-02-09 09:04 - 00105439 _____ C:\Users\Administrator\Downloads\Shortcut2.txt
2017-02-09 09:03 - 2017-02-09 09:04 - 00034738 _____ C:\Users\Administrator\Downloads\Addition2.txt
2017-02-09 09:01 - 2017-02-09 09:04 - 00099983 _____ C:\Users\Administrator\Downloads\FRST2.txt
2017-02-09 09:00 - 2017-02-09 09:00 - 00000000 ____D C:\Users\Ryan\.cisco
2017-02-09 08:57 - 2017-02-09 08:57 - 00435472 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-09 08:42 - 2017-02-09 08:45 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2017-02-09 08:24 - 2017-02-09 08:26 - 327634385 _____ C:\Users\Administrator\Downloads\ExpressGate_Installer_V141014_XPVistaWin7.zip
2017-02-09 08:24 - 2017-02-09 08:25 - 282886363 _____ C:\Users\Administrator\Downloads\AMD_VGA_V863200_XPVistaWin7.zip
2017-02-09 08:24 - 2017-02-09 08:24 - 33036851 _____ C:\Users\Administrator\Downloads\v7400a.zip
2017-02-09 08:24 - 2017-02-09 08:24 - 00707039 _____ C:\Users\Administrator\Downloads\M3A78-CM-ASUS-2801.zip
2017-02-09 08:01 - 2017-02-09 08:01 - 98077435 _____ (Igor Pavlov) C:\Users\Administrator\Downloads\OTLPEStd.exe
2017-02-09 07:14 - 2017-02-09 07:34 - 00033617 _____ C:\Users\Administrator\Downloads\Addition1.txt
2017-02-09 07:13 - 2017-02-09 07:34 - 00075551 _____ C:\Users\Administrator\Downloads\FRST1.txt
2017-02-09 07:12 - 2017-02-19 23:02 - 00000000 ____D C:\FRST
2017-02-09 07:08 - 2017-02-19 23:01 - 02422784 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2017-02-09 07:04 - 2017-02-09 07:04 - 145845016 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\msert.exe
2017-02-09 06:33 - 2017-02-09 06:33 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Foxit Software
2017-02-09 06:17 - 2017-02-09 06:17 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2017-02-09 06:16 - 2017-02-18 01:30 - 00000552 __RSH C:\Users\Administrator\ntuser.pol
2017-02-09 06:16 - 2017-02-09 06:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2017-02-09 06:16 - 2017-02-09 06:41 - 00002255 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2017-02-09 06:16 - 2017-02-09 06:16 - 00113920 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-09 06:16 - 2017-02-09 06:16 - 00001413 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-09 06:16 - 2017-02-09 06:16 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2017-02-09 06:16 - 2017-02-09 06:16 - 00000000 ____D C:\Users\Administrator\AppData\Local\Sophos
2017-02-09 06:16 - 2017-02-09 06:16 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2017-02-09 06:16 - 2017-02-09 06:16 - 00000000 ____D C:\Users\Administrator\.cisco
2017-02-09 06:15 - 2017-02-18 01:30 - 00000000 ____D C:\Users\Administrator
2017-02-09 06:15 - 2017-02-09 06:15 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2017-02-09 06:15 - 2017-02-09 06:15 - 00000000 _SHDL C:\Users\Administrator\My Documents
2017-02-09 06:15 - 2017-02-09 06:15 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2017-02-09 06:15 - 2017-02-09 06:15 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2017-02-09 06:15 - 2017-02-09 06:15 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2017-02-09 06:15 - 2013-06-02 12:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2017-02-09 06:15 - 2011-04-12 01:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2017-02-08 16:42 - 2011-08-17 11:08 - 00298234 _____ C:\Users\Katie\Desktop\Windows6.1-KB2590550-v2-x64.msu
2017-02-08 16:42 - 2011-08-17 00:17 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2017-02-08 16:42 - 2011-08-17 00:04 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2017-02-08 16:41 - 2017-02-08 16:41 - 00427168 _____ C:\Users\Katie\Downloads\436224_intl_x64_zip.exe
2017-02-06 20:20 - 2017-02-07 03:09 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-02-06 20:20 - 2017-02-06 20:20 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-06 20:19 - 2017-02-06 20:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2017-02-06 20:18 - 2017-02-06 20:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-02-06 20:18 - 2017-02-06 20:18 - 00000000 ____D C:\Program Files\Microsoft Office
2017-02-06 19:29 - 2017-02-19 11:08 - 00000000 ____D C:\Program Files (x86)\WinCDEmu
2017-02-06 19:29 - 2017-02-06 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu
2017-02-06 01:14 - 2017-02-06 01:14 - 00000000 ____D C:\Users\Katie\AppData\Roaming\Sun
2017-02-04 06:20 - 2017-02-04 06:20 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Sun
2017-02-04 06:16 - 2017-02-04 06:16 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Foxit Software
2017-02-04 06:15 - 2017-02-04 06:15 - 00000000 ____D C:\Users\Justin\.cisco
2017-02-01 06:26 - 2017-02-01 06:26 - 00012309 _____ C:\Users\Katie\Desktop\JustinRecentActivity.pdf
2017-01-31 21:39 - 2017-01-31 21:40 - 00000000 ____D C:\Users\Katie\Desktop\KT old phone
2017-01-30 21:00 - 2017-01-30 21:00 - 00000000 ____D C:\ProgramData\Foxit Software
2017-01-30 20:59 - 2017-01-30 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2017-01-29 13:53 - 2017-01-29 13:53 - 08345924 _____ C:\Users\Katie\Desktop\PDF_4436_Audi_B5_S4_Vaico_Front_Control_Arm_Kit_R2.pdf
2017-01-28 04:13 - 2017-01-28 04:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-01-26 20:03 - 2017-01-26 20:03 - 00000141 _____ C:\Users\Katie\Desktop\Outlook Web App.url
2017-01-26 19:57 - 2017-01-26 19:57 - 00001551 _____ C:\Users\Katie\Desktop\Cisco AnyConnect Secure Mobility Client.lnk
2017-01-26 19:55 - 2017-01-26 19:55 - 00002296 _____ C:\Users\Katie\Desktop\Berry Aviation TS4.RDP
2017-01-26 19:55 - 2017-01-26 19:55 - 00000000 ____D C:\Users\Katie\.cisco
2017-01-26 19:54 - 2017-01-26 19:54 - 00000000 ____D C:\Users\Katie\AppData\Local\Cisco
2017-01-26 19:54 - 2017-01-26 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2017-01-26 19:54 - 2017-01-26 19:54 - 00000000 ____D C:\ProgramData\Cisco
2017-01-26 19:54 - 2017-01-26 19:54 - 00000000 ____D C:\Program Files (x86)\Cisco
2017-01-26 19:49 - 2017-01-26 20:05 - 00000000 ____D C:\Program Files (x86)\Citrix
2017-01-26 19:49 - 2017-01-26 19:49 - 00000000 ____D C:\Users\Katie\AppData\Local\Citrix
2017-01-24 19:38 - 2017-01-24 19:38 - 00002133 _____ C:\Users\Justin\Desktop\pink.lnk
2017-01-20 21:55 - 2017-01-20 21:48 - 00555347 _____ C:\Users\Justin\Desktop\ElementsForScouts.pptx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-19 23:01 - 2009-07-13 23:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-19 23:01 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2017-02-19 22:56 - 2017-01-15 12:27 - 00000000 ____D C:\Windows\Minidump
2017-02-19 22:56 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-19 22:46 - 2013-04-20 12:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-19 22:23 - 2009-07-13 22:45 - 00032224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-19 22:23 - 2009-07-13 22:45 - 00032224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-19 21:58 - 2016-03-14 21:13 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-19 21:58 - 2009-07-13 23:08 - 00032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-19 21:47 - 2013-04-13 23:16 - 00000000 ____D C:\Windows\Panther
2017-02-19 20:47 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-19 11:18 - 2013-04-13 21:26 - 00001945 _____ C:\Windows\epplauncher.mif
2017-02-19 11:17 - 2015-11-17 20:52 - 00000000 ____D C:\Windows\pss
2017-02-19 10:52 - 2015-12-28 09:33 - 00001150 __RSH C:\Users\Ryan\ntuser.pol
2017-02-19 10:52 - 2015-12-28 09:33 - 00000000 ____D C:\Users\Ryan
2017-02-18 18:02 - 2016-08-11 02:10 - 01467392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-02-18 17:58 - 2016-08-11 02:10 - 01717248 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-02-18 17:44 - 2016-11-04 17:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-18 17:43 - 2013-04-13 21:09 - 00001139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-18 01:44 - 2014-11-16 23:11 - 00000000 ___HD C:\Temp
2017-02-17 18:34 - 2013-04-13 21:05 - 00000000 ____D C:\Users\Katie
2017-02-15 23:53 - 2013-12-30 11:34 - 00000000 ____D C:\Program Files (x86)\Notepad++
2017-02-14 07:46 - 2013-04-20 12:27 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-14 07:46 - 2013-04-20 12:27 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-14 07:46 - 2013-04-20 12:27 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 07:46 - 2013-04-20 12:27 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-14 07:46 - 2013-04-20 12:27 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-13 17:11 - 2015-10-22 17:03 - 00001315 _____ C:\Users\Justin\Desktop\unicorns.lnk
2017-02-13 17:11 - 2015-10-22 16:59 - 00001173 _____ C:\Users\Justin\Desktop\fluffy.lnk
2017-02-13 17:11 - 2015-10-22 16:59 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-02-13 11:21 - 2013-05-22 17:09 - 00002310 ____H C:\Users\Katie\Documents\Default.rdp
2017-02-13 10:16 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-02-12 10:05 - 2014-06-26 17:10 - 00000000 ____D C:\Users\Katie\Desktop\Peperport payments
2017-02-12 07:34 - 2014-12-25 20:57 - 00113920 _____ C:\Users\Justin\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-12 07:34 - 2014-12-25 20:56 - 00000008 __RSH C:\Users\Justin\ntuser.pol
2017-02-12 07:34 - 2014-12-25 20:56 - 00000000 ____D C:\Users\Justin
2017-02-09 20:24 - 2013-04-13 21:05 - 00000020 ___SH C:\Users\Katie\ntuser.ini
2017-02-09 19:58 - 2009-04-10 18:29 - 00000057 ____H C:\splash.idx
2017-02-09 19:52 - 2013-12-30 10:38 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-09 19:31 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-02-09 10:14 - 2006-11-02 07:34 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-02-09 09:00 - 2015-12-28 09:33 - 00113920 _____ C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-09 06:16 - 2009-07-13 22:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-02-08 16:41 - 2013-04-13 21:05 - 00000000 ____D C:\Users\Katie\AppData\Local\VirtualStore
2017-02-08 16:02 - 2013-04-28 09:24 - 00000000 ____D C:\Users\Katie\AppData\Roaming\Foxit Software
2017-02-08 12:48 - 2009-07-13 20:34 - 00000347 _____ C:\Windows\system32\Drivers\etc\networks
2017-02-07 19:13 - 2013-04-14 15:48 - 00113920 _____ C:\Users\Katie\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-07 03:06 - 2009-07-13 20:34 - 00000536 _____ C:\Windows\win.ini
2017-02-06 20:20 - 2011-04-12 01:51 - 00000000 ____D C:\Windows\ShellNew
2017-02-06 20:18 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-02-06 13:13 - 2013-05-01 11:43 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-04 05:50 - 2015-12-11 21:09 - 00000000 ____D C:\Users\Katie\AppData\Roaming\Spotify
2017-02-03 19:42 - 2015-12-11 21:17 - 00000000 ____D C:\Users\Katie\AppData\Local\Spotify
2017-02-02 22:26 - 2013-11-05 07:00 - 00000000 ____D C:\ProgramData\Oracle
2017-02-02 22:25 - 2014-11-13 20:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-02 22:25 - 2013-06-29 12:09 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-02 22:24 - 2014-11-13 20:04 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-02-01 19:42 - 2016-11-01 21:42 - 00000000 ____D C:\Users\Katie\Desktop\Cochise Mortgage payments
2017-01-30 21:15 - 2016-03-19 08:29 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2017-01-30 21:00 - 2016-02-24 21:28 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-30 20:59 - 2016-03-19 08:29 - 00000000 ____D C:\Users\Public\Foxit Software
2017-01-28 04:13 - 2013-05-01 11:43 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-26 19:54 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2017-01-20 21:48 - 2017-01-19 20:12 - 00555347 _____ C:\Users\Justin\Documents\crudnugets.pptx

==================== Files in the root of some directories =======

2017-02-19 11:17 - 2017-02-19 11:32 - 0007636 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2013-07-01 17:27 - 2015-01-28 20:59 - 0002177 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
2017-02-15 23:52 - 2017-02-15 23:52 - 2858376 _____ () C:\Users\David\AppData\Local\Temp\npp.7.2.2.Installer.exe
2013-12-27 09:51 - 2012-08-30 17:19 - 4327024 _____ (Foxit Corporation) C:\Users\Guest\AppData\Local\Temp\Foxit Updater.exe
2015-10-26 02:55 - 2015-10-26 02:55 - 0585824 _____ (Oracle Corporation) C:\Users\Justin\AppData\Local\Temp\jre-8u65-windows-au.exe
2013-01-28 16:20 - 2013-01-28 16:20 - 0248008 _____ (Ask.com) C:\Users\Katie\AppData\Local\Temp\AskSLib.dll
2013-07-20 11:55 - 2013-07-20 11:55 - 5254656 _____ () C:\Users\Katie\AppData\Local\Temp\converter.exe
2013-04-28 09:24 - 2012-08-30 17:19 - 4327024 _____ (Foxit Corporation) C:\Users\Katie\AppData\Local\Temp\Foxit Updater.exe
2013-04-20 15:33 - 2013-04-20 15:33 - 17605512 _____ (Adobe Systems Incorporated) C:\Users\Katie\AppData\Local\Temp\fp_pl_pfs_installer.exe
2014-04-15 14:50 - 2014-04-15 14:50 - 0921512 _____ (Oracle Corporation) C:\Users\Katie\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
2014-09-29 11:06 - 2014-09-29 11:06 - 0937896 _____ (Oracle Corporation) C:\Users\Katie\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
2015-04-30 17:37 - 2015-04-30 17:37 - 0562272 _____ (Oracle Corporation) C:\Users\Katie\AppData\Local\Temp\jre-8u45-windows-au.exe
2015-08-31 02:55 - 2015-10-26 02:55 - 0585824 _____ (Oracle Corporation) C:\Users\Katie\AppData\Local\Temp\jre-8u60-windows-au.exe
2013-12-28 16:18 - 2013-06-13 13:34 - 0099096 _____ () C:\Users\Katie\AppData\Local\Temp\LMkRstPt.exe
2013-08-31 09:37 - 2014-08-30 15:02 - 50067152 _____ (Microsoft Corporation) C:\Users\Katie\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
2010-03-23 12:30 - 2010-03-23 12:30 - 0056832 _____ () C:\Users\Katie\AppData\Local\Temp\vpnclient_setup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-us
inherit {globalsettings}
default {current}
resumeobject {724a5a33-6e29-11e4-95e7-00248cbf0980}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-us
inherit {bootloadersettings}
osdevice partition=C:
systemroot \Windows
resumeobject {724a5a33-6e29-11e4-95e7-00248cbf0980}
nx OptIn
bootstatuspolicy IgnoreAllFailures
detecthal Yes
usefirmwarepcisettings No

Resume from Hibernate
---------------------
identifier {724a5a33-6e29-11e4-95e7-00248cbf0980}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-us
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-us
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}


LastRegBack: 2017-02-12 00:13

==================== End of FRST.txt ============================
 
Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-02-2017
Ran by Administrator (19-02-2017 23:03:30)
Running from C:\Users\Administrator\Downloads
Windows 7 Professional Service Pack 1 (X64) (2013-04-14 02:52:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3559958457-2575535085-3770899071-500 - Administrator - Enabled) => C:\Users\Administrator
David (S-1-5-21-3559958457-2575535085-3770899071-1007 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-3559958457-2575535085-3770899071-501 - Limited - Enabled) => C:\Users\Guest
Justin (S-1-5-21-3559958457-2575535085-3770899071-1004 - Limited - Enabled) => C:\Users\Justin
Katie (S-1-5-21-3559958457-2575535085-3770899071-1008 - Administrator - Enabled)
Ryan (S-1-5-21-3559958457-2575535085-3770899071-1005 - Limited - Enabled) => C:\Users\Ryan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: - )
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
C4600 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.3.02039 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.3.02039 - Cisco Systems, Inc.) Hidden
Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version: - )
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Driver Fusion (HKLM-x32\...\Driver Fusion) (Version: 3.3.0.0 - Treexy)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Express Gate (HKLM-x32\...\{99AD9D6D-A456-49EE-8360-F22EE7AA1272}) (Version: 1.4.10.14 - DeviceVM, Inc.)
FastStone Image Viewer 5.3 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
Foxit PhantomPDF (HKLM-x32\...\{1E322888-CE77-11E6-BF13-000C29FC3B44}) (Version: 8.2.0.2192 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
GrandPrix Race Manager v16 (HKLM-x32\...\GrandPrix Race Manager v16_is1) (Version: 16.0.1316 - Lisano Enterprises)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5 (HKLM\...\{1E1746EF-F5BF-4677-8F30-04FE399130DA}) (Version: 14.0 - HP)
HP Product Detection (HKLM-x32\...\{ACAA0152-96A4-4D93-92F5-1B4728C3D984}) (Version: 11.15.0008 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 7.0.6.19846 - LeapFrog)
LeapFrog Connect (x32 Version: 7.0.6.19846 - LeapFrog) Hidden
LeapFrog Tag Plugin (x32 Version: 7.0.6.19846 - LeapFrog) Hidden
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
MergeModule_x64 (Version: 9.1.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.1.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Standard 2013 (HKLM-x32\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.51 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.51 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PlayMemories Camera Apps Downloader (HKLM-x32\...\{E4B95A36-0EF2-44C6-B939-5B3DBBC34502}) (Version: 1.1.1975.475 - Sony Network Entertainment International LLC)
PlayMemories Home (HKLM-x32\...\{93AA5B49-0994-4EF6-80F3-868C9CEA88ED}) (Version: 4.1.00.12152 - Sony Corporation)
PMB_ModeEditor (x32 Version: 9.1.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 9.1.00 - Sony Corporation) Hidden
proXPN 4.3.6.5 (HKLM-x32\...\proXPN) (Version: 4.3.6.5 - proXPN B.V)
PS_AIO_05_C4600_Software_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
SafeZone Stable 3.55.2393.561 (x32 Version: 3.55.2393.561 - Avast Software) Hidden
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}) (Version: 7.0.27.13 - Mad Catz)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Sophos SSL VPN Client 2.1 (HKLM-x32\...\Sophos SSL VPN Client) (Version: 2.1 - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for Skype for Business 2015 (KB3141468) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.STANDARD_{0BA3C700-ABED-4994-BB60-2FD66DFAF674}) (Version: - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 7.0.6.19846 - LeapFrog)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0ED4A974-346E-4686-B971-6B87185421CE} - System32\Tasks\SafeZone scheduled Autoupdate 1487403968 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-15] (Avast Software)
Task: {1FAEDAB9-03AE-48AD-A353-A954DBD739FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {28A81C7B-66D5-4708-A7B9-143665E52468} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3007B336-C0F4-43FF-9723-61FB1591A75F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {3435F724-6B0E-4134-98FF-0E2A390368CF} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {384068BC-C417-44BD-85B6-AD3773C7EE30} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4081E417-D6DC-45F3-9EE8-15829B9B3EDD} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {50D8F91B-F662-487E-BA89-D3F211F15E6B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {66050CD8-7999-42B9-9EC8-A1DEB6E41AA3} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-02-18] (AVAST Software)
Task: {696C0EFC-F42E-4C76-94FA-3DD612E8ECE0} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-18] (AVAST Software)
Task: {6C85F01B-7E50-4CC3-B745-59CC32E569AF} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {70CD5D84-84A5-4A56-BF78-DF92FD3AE312} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {770E081D-AA76-4176-8E4D-AE4476C4C437} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2008-12-11] ()
Task: {8D5E55F2-79A8-40B8-A29E-FE2763D25BA3} - System32\Tasks\{06A60515-D95C-4A85-8707-ED747860BA65} => F:\setup.exe
Task: {A1D1E14A-8FEE-41D4-878B-28A27957A735} - System32\Tasks\{28F3448C-5E9E-4BAB-AD47-29A7D9FE0B78} => F:\setup.exe
Task: {C2CBA387-2B64-43C8-A66A-44CAE10CC509} - System32\Tasks\{E3593912-091D-40F4-AF7C-7A06F27F3A56} => F:\setup.exe
Task: {C3058DC1-0169-4973-86B9-2BE914800B6B} - System32\Tasks\{7A207EA8-3673-4A27-9E4E-0F7B79E84BF9} => F:\setup.exe
Task: {C406A18E-5D7A-4FD6-A7ED-A309F9AA1B1B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-07] (Piriform Ltd)
Task: {D08071E3-CA4C-4246-881D-3917E99FE422} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {FAB86893-3651-44A6-B0D1-B25135E9BE95} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {FCABA01C-67A9-43D0-BD7E-1823CFDBC1B7} - System32\Tasks\{ABE29E06-61AC-4C62-A84E-F3D8FE84D982} => F:\setup.exe
Task: {FEA6148C-5DE2-4D53-BCDC-A1723671C3B2} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2009-07-13 18:22 - 2015-12-08 13:07 - 01393152 _____ () C:\Windows\system32\WMALFXGFXDSP.dll
2013-07-20 11:55 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2009-07-13 18:21 - 2009-07-13 19:41 - 00299520 _____ () C:\Windows\System32\drivers\UMDF\WpdFs.dll
2016-11-15 15:23 - 2016-11-15 15:23 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-11-27 11:55 - 2016-11-27 11:55 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-02-18 01:42 - 2017-02-18 01:42 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-02-19 06:11 - 2017-02-19 06:11 - 05979224 _____ () C:\Program Files\AVAST Software\Avast\defs\17021900\algo.dll
2017-02-18 01:42 - 2017-02-18 01:42 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-02-06 13:13 - 2017-02-01 03:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 13:13 - 2017-02-01 03:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3559958457-2575535085-3770899071-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Fitbit Connect => 2
MSCONFIG\Services: FoxitPhantomService => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: LeapFrog Connect Device Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamNetworkSvc => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: OpenVPNServiceInteractive => 2
MSCONFIG\Services: PMBDeviceInfoProvider => 2
MSCONFIG\Services: proXPN VPN => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SOHDms => 2
MSCONFIG\Services: SOHDs => 3
MSCONFIG\Services: SpfService => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: vpnagent => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\Katie\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\Katie\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: MusicManager => "C:\Users\David\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: openvpn-gui => C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
MSCONFIG\startupreg: ProfilerU => C:\Program Files\SmartTechnology\Software\ProfilerU.exe
MSCONFIG\startupreg: SaiMfd => C:\Program Files\SmartTechnology\Software\SaiMfd.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Spotify => "C:\Users\Katie\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Katie\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{E1D4A664-8469-4B79-A12A-18FC90362765}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{00679DCD-8DA8-4C4A-B4C9-75F7A78B4CC6}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{DDDCDA55-9301-4DB1-82C9-F1AC6C3B5D13}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
FirewallRules: [TCP Query User{4E6117B2-3B9C-4908-98C5-E1B9964A7F93}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{F92482F7-F3C4-48FF-A3C2-74FAC142CD7C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

08-02-2017 16:42:24 Windows Update
09-02-2017 19:47:24 Installed Platform
09-02-2017 19:51:05 Installed Cool & Quiet
09-02-2017 19:51:59 Installed ASUSUpdate
09-02-2017 19:57:40 Installed Express Gate.
10-02-2017 03:00:10 Windows Update
13-02-2017 20:22:49 Windows Update
17-02-2017 18:38:59 Windows Update
18-02-2017 01:52:05 Checkpoint by HitmanPro
18-02-2017 01:52:56 Checkpoint by HitmanPro

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/19/2017 11:01:07 PM) (Source: PerfNet) (EventID: 2006) (User: )
Description: Unable to read Server Queue performance data from the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.

Error: (02/19/2017 10:59:02 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data for the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.

Error: (02/19/2017 10:58:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/19/2017 10:14:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/19/2017 09:58:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/19/2017 09:28:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/19/2017 08:41:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/19/2017 11:30:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/19/2017 11:25:29 AM) (Source: PerfNet) (EventID: 2006) (User: )
Description: Unable to read Server Queue performance data from the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.

Error: (02/19/2017 11:17:29 AM) (Source: PerfNet) (EventID: 2006) (User: )
Description: Unable to read Server Queue performance data from the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.


System errors:
=============
Error: (02/19/2017 10:57:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Listener service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/19/2017 10:57:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Listener service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/19/2017 10:57:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Listener service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/19/2017 10:56:30 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The aswbIDSAgent service terminated with service-specific error %%-536753635.

Error: (02/19/2017 10:56:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/19/2017 10:56:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/19/2017 10:56:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/19/2017 10:56:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/19/2017 10:56:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/19/2017 10:56:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


CodeIntegrity:
===================================
Date: 2017-02-06 19:13:07.333
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-06 19:13:07.161
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-06 19:06:38.854
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\David\Desktop\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-06 19:06:38.689
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\David\Desktop\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5800+
Percentage of memory in use: 54%
Total physical RAM: 4095.11 MB
Available physical RAM: 1871.85 MB
Total Virtual: 8188.41 MB
Available Virtual: 5606.72 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:68.73 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: D31281DA)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Thank you for your reply. Below are the details from what you asked:

RougeKiller Log:
RogueKiller V12.9.7.0 (x64) [Feb 6 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Administrator [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 02/20/2017 20:31:27 (Duration : 00:20:09)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 14 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99AD9D6D-A456-49EE-8360-F22EE7AA1272} -> Deleted
[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : "explorer.exe" -> Replaced (explorer.exe)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{AE618A4C-58CC-41E0-9E43-EA4F8004A35B} | DhcpNameServer : 10.0.22.1 10.0.22.2 ([][]) -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{AE618A4C-58CC-41E0-9E43-EA4F8004A35B} | DhcpNameServer : 10.0.22.1 10.0.22.2 ([][]) -> Replaced ()
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0 -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 3 ¤¤¤
[Hj.Shortcut][File] C:\Users\Justin\Desktop\GoNoodle.lnk [LNK@] C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe --win-jumplist-action=most-visited https://app.gonoodle.com/login?email=topsisdacool&login_failed=username -> Shortcut cleaned
[Hj.Shortcut][File] C:\Users\Justin\Desktop\pink.lnk [LNK@] C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe --win-jumplist-action=most-visited http://www.pokemon.com/tcgo -> Shortcut cleaned
[Hj.Shortcut][File] C:\Users\Justin\Desktop\rainbows.lnk [LNK@] C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe --win-jumplist-action=most-visited http://slither.io/ -> Shortcut cleaned

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 EVO 250GB ATA Device +++++
--- User ---
[MBR] e198a4f1e2025e2e90f6b15e8137c4d5
[BSP] 6225a69f18faba3dd5d00bdd7f878a5e : Legit.Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238471 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: HP Photosmart C4600 USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
Malwarebytes found nothing:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/20/17
Scan Time: 8:59 PM
Logfile: Malwarebytes.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1313
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Homestead\Administrator

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 616980
Time Elapsed: 9 min, 57 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
 
AdwCleaner Scan Log:

# AdwCleaner v6.043 - Logfile created 20/02/2017 at 21:18:07
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-20.3 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Administrator - HOMESTEAD
# Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

File Found: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.solvusoft.com_0.localstorage
File Found: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.solvusoft.com_0.localstorage-journal


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Data Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Data Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found: [C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [2048 Bytes] - [20/02/2017 21:18:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2121 Bytes] ##########


AdwCleaner Clean Log:

# AdwCleaner v6.043 - Logfile created 20/02/2017 at 21:19:10
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-20.3 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Administrator - HOMESTEAD
# Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****

[-] File deleted: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.solvusoft.com_0.localstorage
[-] File deleted: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.solvusoft.com_0.localstorage-journal


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}


***** [ Web browsers ] *****

[-] [C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1937 Bytes] - [20/02/2017 21:19:10]
C:\AdwCleaner\AdwCleaner[S0].txt - [2200 Bytes] - [20/02/2017 21:18:07]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2083 Bytes] ##########
 
After the reboot from AdwClean, I was logged on to a temporary profile and ran JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Professional x64
Ran by Administrator (Limited) on Mon 02/20/2017 at 21:27:18.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 10

Successfully deleted: C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll (File)
Successfully deleted: C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll (File)
Successfully deleted: C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/20/2017 at 21:33:30.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Rebooted again and was logged back into my regular profile, but still to a black screen and having to manually start explorer.exe.
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Ran ComboFix in normal mode and about 1/2 way through I saw some instructions on my phone that said to run it in safe mode... so I did both. Upon rebooting into normal mode, I was able to log in without having to manually run explorer.exe

ComboFix Scan, Normal Mode:

ComboFix 17-01-29.01 - Administrator 02/21/2017 20:12:30.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2520 [GMT -6:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Spybot - Search and Destroy *Disabled/Outdated* {A16C3F68-9280-E053-1818-342707FECF4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Katie\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3895163C-F240-473A-9073-21B842B9771A}.xps
c:\users\Katie\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3D0C21C5-7FB2-4A78-A568-F37BAD0B7A59}.xps
c:\users\Public\Documents\pre_fileassoc.tmp
c:\windows\SysWow64\%SYSTE~1
c:\windows\SysWow64\%SYSTE~1\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db
c:\windows\SysWow64\%SYSTE~1\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db
c:\windows\SysWow64\%SYSTE~1\ProgramData\Microsoft\Windows\Caches\cversions.2.db
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Files Created from 2017-01-22 to 2017-02-22 )))))))))))))))))))))))))))))))
.
.
2017-02-22 02:31 . 2017-02-22 02:31 -------- d-----w- c:\users\Justin\AppData\Local\temp
2017-02-22 01:44 . 2017-01-09 19:45 12229912 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BD73057-CB3F-4D2B-BBDC-E80C8DCD3872}\mpengine.dll
2017-02-22 01:40 . 2017-02-22 01:40 -------- d-----w- c:\programdata\SWCUTemp
2017-02-21 03:11 . 2017-02-21 03:19 -------- d-----w- C:\AdwCleaner
2017-02-21 02:55 . 2017-02-21 02:55 176584 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-02-21 02:55 . 2017-02-22 01:38 110536 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-02-21 02:55 . 2017-02-22 01:38 81696 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-02-21 02:55 . 2017-02-22 01:38 43968 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-02-21 02:55 . 2017-02-22 01:38 251848 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-02-21 02:55 . 2017-01-20 13:47 77416 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-02-21 02:55 . 2017-02-21 02:55 -------- d-----w- c:\program files\Malwarebytes
2017-02-21 02:31 . 2017-02-21 03:51 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-02-21 02:30 . 2017-02-21 02:30 -------- d-----w- c:\program files\RogueKiller
2017-02-21 02:30 . 2017-02-21 02:56 -------- d-----w- c:\programdata\RogueKiller
2017-02-20 03:23 . 2017-02-20 03:23 -------- d-----w- c:\program files\CCleaner
2017-02-20 03:20 . 2017-02-20 03:21 -------- d-----w- c:\program files (x86)\Driver Fusion
2017-02-20 03:07 . 2013-09-20 16:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2017-02-20 03:06 . 2017-02-20 03:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2017-02-20 03:06 . 2017-02-20 03:35 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2017-02-19 00:10 . 2017-02-19 00:10 54736 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2017-02-18 23:44 . 2017-02-18 23:44 10437576 ----a-w- c:\program files (x86)\Mozilla Firefox\icudt56.dll
2017-02-18 23:44 . 2017-02-18 23:44 1399752 ----a-w- c:\program files (x86)\Mozilla Firefox\icuin56.dll
2017-02-18 23:44 . 2017-02-18 23:44 935880 ----a-w- c:\program files (x86)\Mozilla Firefox\icuuc56.dll
2017-02-18 23:44 . 2017-02-18 23:44 170952 ----a-w- c:\program files (x86)\Mozilla Firefox\mozavutil.dll
2017-02-18 23:44 . 2017-02-18 23:44 1546184 ----a-w- c:\program files (x86)\Mozilla Firefox\mozavcodec.dll
2017-02-18 23:43 . 2017-02-18 23:43 -------- d-----w- c:\program files\7-Zip
2017-02-18 07:45 . 2017-02-18 07:44 32088 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-02-18 07:44 . 2017-02-18 07:53 -------- d-----w- c:\programdata\HitmanPro
2017-02-18 07:41 . 2017-02-18 07:44 -------- d-----w- c:\program files\AVAST Software
2017-02-18 07:40 . 2017-02-18 08:24 -------- d-----w- c:\programdata\AVAST Software
2017-02-10 17:03 . 2017-02-10 17:04 -------- d-----w- c:\programdata\WebEx
2017-02-10 02:24 . 2017-02-20 03:26 -------- d-----w- c:\users\newoldkatie
2017-02-10 01:58 . 2017-02-10 01:59 -------- d-----w- C:\dvmexp
2017-02-10 01:58 . 2017-02-10 01:58 -------- d-----w- C:\ASUS.000
2017-02-10 01:57 . 2017-02-10 01:57 -------- d-----w- C:\ASUS.SYS
2017-02-10 01:47 . 2017-02-10 01:48 -------- d-----w- c:\program files (x86)\VIA
2017-02-10 01:47 . 2007-04-11 21:35 414632 ------w- c:\windows\difxapi.dll
2017-02-09 18:56 . 2017-02-16 09:02 -------- d-----w- c:\users\David
2017-02-09 18:49 . 2017-02-09 18:51 -------- d-----w- c:\users\Old2David
2017-02-09 15:00 . 2017-02-09 15:00 -------- d-----w- c:\users\Ryan\.cisco
2017-02-09 13:12 . 2017-02-20 05:04 -------- d-----w- C:\FRST
2017-02-09 12:15 . 2017-02-18 07:30 -------- d-----w- c:\users\Administrator
2017-02-08 22:42 . 2011-08-17 06:04 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2017-02-08 22:42 . 2011-08-17 06:17 236544 ----a-w- c:\windows\system32\srvsvc.dll
2017-02-07 02:20 . 2017-02-07 02:20 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2017-02-07 02:19 . 2017-02-07 02:19 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2017-02-07 02:18 . 2017-02-07 02:18 -------- d-----w- c:\program files\Microsoft Office
2017-02-07 01:29 . 2017-02-19 17:08 -------- d-----w- c:\program files (x86)\WinCDEmu
2017-02-04 12:16 . 2017-02-04 12:16 -------- d-----w- c:\users\Justin\AppData\Roaming\Foxit Software
2017-02-04 12:15 . 2017-02-04 12:15 -------- d-----w- c:\users\Justin\.cisco
2017-02-03 04:25 . 2017-02-03 04:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2017-01-31 03:00 . 2017-01-31 03:00 -------- d-----w- c:\programdata\Foxit Software
2017-01-27 01:55 . 2017-01-27 01:55 -------- d-----w- c:\users\Katie\.cisco
2017-01-27 01:54 . 2017-01-27 01:54 -------- d-----w- c:\users\Katie\AppData\Local\Cisco
2017-01-27 01:54 . 2017-01-27 01:54 -------- d-----w- c:\program files (x86)\Cisco
2017-01-27 01:54 . 2017-01-27 01:54 -------- d-----w- c:\programdata\Cisco
2017-01-27 01:49 . 2017-01-27 02:05 -------- d-----w- c:\program files (x86)\Citrix
2017-01-27 01:49 . 2017-01-27 01:49 -------- d-----w- c:\users\Katie\AppData\Local\Citrix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-02-19 00:02 . 2016-08-11 08:10 1467392 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2017-02-18 23:58 . 2016-08-11 08:10 1717248 ----a-w- c:\windows\system32\GdiPlus.dll
2017-02-14 13:46 . 2013-04-20 18:27 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-02-14 13:46 . 2013-04-20 18:27 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-02-03 04:24 . 2014-11-14 02:04 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2017-01-14 08:56 . 2013-04-14 08:30 135657872 -c--a-w- c:\windows\system32\MRT.exe
2017-01-05 18:55 . 2017-01-11 09:27 154856 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2017-01-05 18:55 . 2017-01-11 09:27 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2017-01-05 18:52 . 2017-01-11 09:27 210432 ----a-w- c:\windows\system32\wdigest.dll
2017-01-05 18:52 . 2017-01-11 09:27 86528 ----a-w- c:\windows\system32\TSpkg.dll
2017-01-05 18:52 . 2017-01-11 09:27 28672 ----a-w- c:\windows\system32\sspisrv.dll
2017-01-05 18:52 . 2017-01-11 09:27 135680 ----a-w- c:\windows\system32\sspicli.dll
2017-01-05 18:52 . 2017-01-11 09:27 1212928 ----a-w- c:\windows\system32\rpcrt4.dll
2017-01-05 18:52 . 2017-01-11 09:27 345600 ----a-w- c:\windows\system32\schannel.dll
2017-01-05 18:52 . 2017-01-11 09:27 190464 ----a-w- c:\windows\system32\rpchttp.dll
2017-01-05 18:52 . 2017-01-11 09:27 28160 ----a-w- c:\windows\system32\secur32.dll
2017-01-05 18:52 . 2017-01-11 09:27 312320 ----a-w- c:\windows\system32\ncrypt.dll
2017-01-05 18:52 . 2017-01-11 09:27 316928 ----a-w- c:\windows\system32\msv1_0.dll
2017-01-05 18:52 . 2017-01-11 09:27 60416 ----a-w- c:\windows\system32\msobjs.dll
2017-01-05 18:52 . 2017-01-11 09:27 146432 ----a-w- c:\windows\system32\msaudite.dll
2017-01-05 18:52 . 2017-01-11 09:27 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2017-01-05 18:52 . 2017-01-11 09:27 730624 ----a-w- c:\windows\system32\kerberos.dll
2017-01-05 18:52 . 2017-01-11 09:27 43520 ----a-w- c:\windows\system32\cryptbase.dll
2017-01-05 18:52 . 2017-01-11 09:27 22016 ----a-w- c:\windows\system32\credssp.dll
2017-01-05 18:52 . 2017-01-11 09:27 690688 ----a-w- c:\windows\system32\adtschema.dll
2017-01-05 18:52 . 2017-01-11 09:27 463872 ----a-w- c:\windows\system32\certcli.dll
2017-01-05 18:52 . 2017-01-11 09:27 123904 ----a-w- c:\windows\system32\bcrypt.dll
2017-01-05 17:43 . 2017-01-11 09:27 666112 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2017-01-05 17:43 . 2017-01-11 09:27 82944 ----a-w- c:\windows\SysWow64\bcrypt.dll
2017-01-05 17:43 . 2017-01-11 09:27 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2017-01-05 17:43 . 2017-01-11 09:27 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2017-01-05 17:43 . 2017-01-11 09:27 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2017-01-05 17:43 . 2017-01-11 09:27 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2017-01-05 17:43 . 2017-01-11 09:27 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2017-01-05 17:43 . 2017-01-11 09:27 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2017-01-05 17:43 . 2017-01-11 09:27 261120 ----a-w- c:\windows\SysWow64\msv1_0.dll
2017-01-05 17:43 . 2017-01-11 09:27 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2017-01-05 17:43 . 2017-01-11 09:27 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2017-01-05 17:43 . 2017-01-11 09:27 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2017-01-05 17:43 . 2017-01-11 09:27 553472 ----a-w- c:\windows\SysWow64\kerberos.dll
2017-01-05 17:43 . 2017-01-11 09:27 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2017-01-05 17:43 . 2017-01-11 09:27 342528 ----a-w- c:\windows\SysWow64\certcli.dll
2017-01-05 17:42 . 2017-01-11 09:27 690688 ----a-w- c:\windows\SysWow64\adtschema.dll
2017-01-05 17:32 . 2017-01-11 09:27 64000 ----a-w- c:\windows\system32\auditpol.exe
2017-01-05 17:25 . 2017-01-11 09:27 159744 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2017-01-05 17:24 . 2017-01-11 09:27 291328 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2017-01-05 17:24 . 2017-01-11 09:27 129536 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2017-01-05 17:24 . 2017-01-11 09:27 30720 ----a-w- c:\windows\system32\lsass.exe
2017-01-05 17:23 . 2017-01-11 09:27 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2017-01-05 17:19 . 2017-01-11 09:27 36352 ----a-w- c:\windows\SysWow64\cryptbase.dll
2016-11-30 04:34 . 2016-11-30 04:34 28352 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2016-11-30 04:34 . 2016-11-30 04:34 19112 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2016-11-30 04:34 . 2016-11-30 04:34 19112 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2016-11-30 04:34 . 2016-11-30 04:34 19112 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2016-11-30 04:27 . 2016-11-30 04:27 30400 ----a-w- c:\windows\system32\aspnet_counters.dll
2016-11-30 04:27 . 2016-11-30 04:27 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2016-11-30 04:27 . 2016-11-30 04:27 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2016-11-30 04:27 . 2016-11-30 04:27 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 01:52 . !HASH: COULD NOT OPEN FILE !!!!! . 24128 . . [------] .. c:\windows\system32\drivers\atapi.sys
.
[-] 2009-07-14 01:48 . !HASH: COULD NOT OPEN FILE !!!!! . 50768 . . [------] .. c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-11-15 21:23 1743664 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-11-15 21:23 1743664 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-11-15 21:23 1743664 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-02-18 205512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
R3 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
R3 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidsha.sys;c:\windows\SYSNATIVE\drivers\aswbidsha.sys [x]
R3 aswblog;aswblog;c:\windows\system32\drivers\aswbloga.sys;c:\windows\SYSNATIVE\drivers\aswbloga.sys [x]
R3 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbuniva.sys;c:\windows\SYSNATIVE\drivers\aswbuniva.sys [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
R3 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys;c:\windows\SYSNATIVE\DRIVERS\FlyUsb.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SaiK0836;SaiK0836;c:\windows\system32\DRIVERS\SaiK0836.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0836.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys;c:\windows\SYSNATIVE\DRIVERS\usb2ser.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe;c:\asus.sys\config\DVMExportService.exe [x]
R4 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
R4 FoxitPhantomService;FoxitPhantomService;c:\program files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe;c:\program files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [x]
R4 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
R4 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R4 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
R4 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
R4 OpenVPNServiceInteractive;OpenVPN Interactive Service;c:\program files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe;c:\program files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [x]
R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
R4 proXPN VPN;proXPN VPN;c:\program files (x86)\proXPN\bin\proXPNService.exe;c:\program files (x86)\proXPN\bin\proXPNService.exe [x]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R4 SOHDms;Sony Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R4 SOHDs;Sony Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R4 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R4 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys;c:\windows\SYSNATIVE\drivers\aswVmm.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - ESProtectionDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-02-06 19:12 1368920 ----a-w- c:\program files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2017-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-20 13:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-11-15 21:26 2351920 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-11-15 21:26 2351920 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-11-15 21:26 2351920 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-02-18 07:43 1479992 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-07-14 415232]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = https://www.yahoo.com/?fr=hp-avast&type=avastbcl
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page =
mSearch Bar = https://www.yahoo.com/?fr=hp-avast&type=avastbcl
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://vpn.berryaviation.com/CACHE/stc/3/binaries/vpnweb.cab
DPF: {FFA7A955-5A33-42F7-A77B-8E46AE2FAA64} - hxxps://www.playmemoriescameraapps.com/portal/PMCA/PMCADownloader.cab
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,3b,1b,44,3b,49,
92,13,f7,d5,0d,b4,23,94,3f,02,cf,cf,1f
.
[HKEY_USERS\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,7b,c1,8d,69,24,cf,45,bc,55,35,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,7b,c1,8d,69,24,cf,45,bc,55,35,\
.
[HKEY_USERS\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_221_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_221_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_221_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_221_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_221.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.24"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_221.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_221.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_221.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-02-21 20:34:26
ComboFix-quarantined-files.txt 2017-02-22 02:34
.
Pre-Run: 80,796,438,528 bytes free
Post-Run: 82,283,909,120 bytes free
.
- - End Of File - - 4BACA43978AB5405E0B4DFE962026D51
F46767AE2998EA7510CA3750ADFC1357
 
ComboFix Scan, Safe Mode - Run after normal mode was completed:

ComboFix 17-01-29.01 - Administrator 02/21/2017 20:40:36.2.2 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.3046 [GMT -6:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Spybot - Search and Destroy *Disabled/Outdated* {A16C3F68-9280-E053-1818-342707FECF4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2017-01-22 to 2017-02-22 )))))))))))))))))))))))))))))))
.
.
2017-02-22 02:53 . 2017-02-22 02:53 -------- d-----w- c:\users\Ryan\AppData\Local\temp
2017-02-22 02:53 . 2017-02-22 02:53 -------- d-----w- c:\users\Katie\AppData\Local\temp
2017-02-22 02:53 . 2017-02-22 02:53 -------- d-----w- c:\users\Justin\AppData\Local\temp
2017-02-22 02:53 . 2017-02-22 02:53 -------- d-----w- c:\users\Guest\AppData\Local\temp
2017-02-22 02:53 . 2017-02-22 02:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-02-22 01:44 . 2017-01-09 19:45 12229912 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BD73057-CB3F-4D2B-BBDC-E80C8DCD3872}\mpengine.dll
2017-02-22 01:40 . 2017-02-22 01:40 -------- d-----w- c:\programdata\SWCUTemp
2017-02-21 03:11 . 2017-02-21 03:19 -------- d-----w- C:\AdwCleaner
2017-02-21 02:55 . 2017-02-21 02:55 176584 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-02-21 02:55 . 2017-02-22 01:38 110536 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-02-21 02:55 . 2017-02-22 01:38 81696 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-02-21 02:55 . 2017-02-22 01:38 43968 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-02-21 02:55 . 2017-02-22 01:38 251848 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-02-21 02:55 . 2017-01-20 13:47 77416 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-02-21 02:55 . 2017-02-21 02:55 -------- d-----w- c:\program files\Malwarebytes
2017-02-21 02:31 . 2017-02-21 03:51 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-02-21 02:30 . 2017-02-21 02:30 -------- d-----w- c:\program files\RogueKiller
2017-02-21 02:30 . 2017-02-21 02:56 -------- d-----w- c:\programdata\RogueKiller
2017-02-20 03:23 . 2017-02-20 03:23 -------- d-----w- c:\program files\CCleaner
2017-02-20 03:20 . 2017-02-20 03:21 -------- d-----w- c:\program files (x86)\Driver Fusion
2017-02-20 03:07 . 2013-09-20 16:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2017-02-20 03:06 . 2017-02-20 03:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2017-02-20 03:06 . 2017-02-20 03:35 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2017-02-19 00:10 . 2017-02-19 00:10 54736 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2017-02-18 23:44 . 2017-02-18 23:44 10437576 ----a-w- c:\program files (x86)\Mozilla Firefox\icudt56.dll
2017-02-18 23:44 . 2017-02-18 23:44 1399752 ----a-w- c:\program files (x86)\Mozilla Firefox\icuin56.dll
2017-02-18 23:44 . 2017-02-18 23:44 935880 ----a-w- c:\program files (x86)\Mozilla Firefox\icuuc56.dll
2017-02-18 23:44 . 2017-02-18 23:44 170952 ----a-w- c:\program files (x86)\Mozilla Firefox\mozavutil.dll
2017-02-18 23:44 . 2017-02-18 23:44 1546184 ----a-w- c:\program files (x86)\Mozilla Firefox\mozavcodec.dll
2017-02-18 23:43 . 2017-02-18 23:43 -------- d-----w- c:\program files\7-Zip
2017-02-18 07:45 . 2017-02-18 07:44 32088 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-02-18 07:44 . 2017-02-18 07:53 -------- d-----w- c:\programdata\HitmanPro
2017-02-18 07:41 . 2017-02-18 07:44 -------- d-----w- c:\program files\AVAST Software
2017-02-18 07:40 . 2017-02-18 08:24 -------- d-----w- c:\programdata\AVAST Software
2017-02-10 17:03 . 2017-02-10 17:04 -------- d-----w- c:\programdata\WebEx
2017-02-10 02:24 . 2017-02-20 03:26 -------- d-----w- c:\users\newoldkatie
2017-02-10 01:58 . 2017-02-10 01:59 -------- d-----w- C:\dvmexp
2017-02-10 01:58 . 2017-02-10 01:58 -------- d-----w- C:\ASUS.000
2017-02-10 01:57 . 2017-02-10 01:57 -------- d-----w- C:\ASUS.SYS
2017-02-10 01:47 . 2017-02-10 01:48 -------- d-----w- c:\program files (x86)\VIA
2017-02-10 01:47 . 2007-04-11 21:35 414632 ------w- c:\windows\difxapi.dll
2017-02-09 18:56 . 2017-02-16 09:02 -------- d-----w- c:\users\David
2017-02-09 18:49 . 2017-02-22 02:34 -------- d-----w- c:\users\Old2David
2017-02-09 15:00 . 2017-02-09 15:00 -------- d-----w- c:\users\Ryan\.cisco
2017-02-09 13:12 . 2017-02-20 05:04 -------- d-----w- C:\FRST
2017-02-09 12:15 . 2017-02-18 07:30 -------- d-----w- c:\users\Administrator
2017-02-08 22:42 . 2011-08-17 06:04 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2017-02-08 22:42 . 2011-08-17 06:17 236544 ----a-w- c:\windows\system32\srvsvc.dll
2017-02-07 02:20 . 2017-02-07 02:20 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2017-02-07 02:19 . 2017-02-07 02:19 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2017-02-07 02:18 . 2017-02-07 02:18 -------- d-----w- c:\program files\Microsoft Office
2017-02-07 01:29 . 2017-02-19 17:08 -------- d-----w- c:\program files (x86)\WinCDEmu
2017-02-04 12:16 . 2017-02-04 12:16 -------- d-----w- c:\users\Justin\AppData\Roaming\Foxit Software
2017-02-04 12:15 . 2017-02-04 12:15 -------- d-----w- c:\users\Justin\.cisco
2017-02-03 04:25 . 2017-02-03 04:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2017-01-31 03:00 . 2017-01-31 03:00 -------- d-----w- c:\programdata\Foxit Software
2017-01-27 01:55 . 2017-01-27 01:55 -------- d-----w- c:\users\Katie\.cisco
2017-01-27 01:54 . 2017-01-27 01:54 -------- d-----w- c:\users\Katie\AppData\Local\Cisco
2017-01-27 01:54 . 2017-01-27 01:54 -------- d-----w- c:\program files (x86)\Cisco
2017-01-27 01:54 . 2017-01-27 01:54 -------- d-----w- c:\programdata\Cisco
2017-01-27 01:49 . 2017-01-27 02:05 -------- d-----w- c:\program files (x86)\Citrix
2017-01-27 01:49 . 2017-01-27 01:49 -------- d-----w- c:\users\Katie\AppData\Local\Citrix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-02-19 00:02 . 2016-08-11 08:10 1467392 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2017-02-18 23:58 . 2016-08-11 08:10 1717248 ----a-w- c:\windows\system32\GdiPlus.dll
2017-02-14 13:46 . 2013-04-20 18:27 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-02-14 13:46 . 2013-04-20 18:27 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-02-03 04:24 . 2014-11-14 02:04 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2017-01-14 08:56 . 2013-04-14 08:30 135657872 -c--a-w- c:\windows\system32\MRT.exe
2017-01-05 18:55 . 2017-01-11 09:27 154856 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2017-01-05 18:55 . 2017-01-11 09:27 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2017-01-05 18:52 . 2017-01-11 09:27 210432 ----a-w- c:\windows\system32\wdigest.dll
2017-01-05 18:52 . 2017-01-11 09:27 86528 ----a-w- c:\windows\system32\TSpkg.dll
2017-01-05 18:52 . 2017-01-11 09:27 28672 ----a-w- c:\windows\system32\sspisrv.dll
2017-01-05 18:52 . 2017-01-11 09:27 135680 ----a-w- c:\windows\system32\sspicli.dll
2017-01-05 18:52 . 2017-01-11 09:27 1212928 ----a-w- c:\windows\system32\rpcrt4.dll
2017-01-05 18:52 . 2017-01-11 09:27 345600 ----a-w- c:\windows\system32\schannel.dll
2017-01-05 18:52 . 2017-01-11 09:27 190464 ----a-w- c:\windows\system32\rpchttp.dll
2017-01-05 18:52 . 2017-01-11 09:27 28160 ----a-w- c:\windows\system32\secur32.dll
2017-01-05 18:52 . 2017-01-11 09:27 312320 ----a-w- c:\windows\system32\ncrypt.dll
2017-01-05 18:52 . 2017-01-11 09:27 316928 ----a-w- c:\windows\system32\msv1_0.dll
2017-01-05 18:52 . 2017-01-11 09:27 60416 ----a-w- c:\windows\system32\msobjs.dll
2017-01-05 18:52 . 2017-01-11 09:27 146432 ----a-w- c:\windows\system32\msaudite.dll
2017-01-05 18:52 . 2017-01-11 09:27 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2017-01-05 18:52 . 2017-01-11 09:27 730624 ----a-w- c:\windows\system32\kerberos.dll
2017-01-05 18:52 . 2017-01-11 09:27 43520 ----a-w- c:\windows\system32\cryptbase.dll
2017-01-05 18:52 . 2017-01-11 09:27 22016 ----a-w- c:\windows\system32\credssp.dll
2017-01-05 18:52 . 2017-01-11 09:27 690688 ----a-w- c:\windows\system32\adtschema.dll
2017-01-05 18:52 . 2017-01-11 09:27 463872 ----a-w- c:\windows\system32\certcli.dll
2017-01-05 18:52 . 2017-01-11 09:27 123904 ----a-w- c:\windows\system32\bcrypt.dll
2017-01-05 17:43 . 2017-01-11 09:27 666112 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2017-01-05 17:43 . 2017-01-11 09:27 82944 ----a-w- c:\windows\SysWow64\bcrypt.dll
2017-01-05 17:43 . 2017-01-11 09:27 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2017-01-05 17:43 . 2017-01-11 09:27 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2017-01-05 17:43 . 2017-01-11 09:27 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2017-01-05 17:43 . 2017-01-11 09:27 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2017-01-05 17:43 . 2017-01-11 09:27 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2017-01-05 17:43 . 2017-01-11 09:27 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2017-01-05 17:43 . 2017-01-11 09:27 261120 ----a-w- c:\windows\SysWow64\msv1_0.dll
2017-01-05 17:43 . 2017-01-11 09:27 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2017-01-05 17:43 . 2017-01-11 09:27 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2017-01-05 17:43 . 2017-01-11 09:27 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2017-01-05 17:43 . 2017-01-11 09:27 553472 ----a-w- c:\windows\SysWow64\kerberos.dll
2017-01-05 17:43 . 2017-01-11 09:27 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2017-01-05 17:43 . 2017-01-11 09:27 342528 ----a-w- c:\windows\SysWow64\certcli.dll
2017-01-05 17:42 . 2017-01-11 09:27 690688 ----a-w- c:\windows\SysWow64\adtschema.dll
2017-01-05 17:32 . 2017-01-11 09:27 64000 ----a-w- c:\windows\system32\auditpol.exe
2017-01-05 17:25 . 2017-01-11 09:27 159744 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2017-01-05 17:24 . 2017-01-11 09:27 291328 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2017-01-05 17:24 . 2017-01-11 09:27 129536 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2017-01-05 17:24 . 2017-01-11 09:27 30720 ----a-w- c:\windows\system32\lsass.exe
2017-01-05 17:23 . 2017-01-11 09:27 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2017-01-05 17:19 . 2017-01-11 09:27 36352 ----a-w- c:\windows\SysWow64\cryptbase.dll
2016-11-30 04:34 . 2016-11-30 04:34 28352 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2016-11-30 04:34 . 2016-11-30 04:34 19112 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2016-11-30 04:34 . 2016-11-30 04:34 19112 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2016-11-30 04:34 . 2016-11-30 04:34 19112 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2016-11-30 04:27 . 2016-11-30 04:27 30400 ----a-w- c:\windows\system32\aspnet_counters.dll
2016-11-30 04:27 . 2016-11-30 04:27 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2016-11-30 04:27 . 2016-11-30 04:27 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2016-11-30 04:27 . 2016-11-30 04:27 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 01:52 . !HASH: COULD NOT OPEN FILE !!!!! . 24128 . . [------] .. c:\windows\system32\drivers\atapi.sys
.
[-] 2009-07-14 01:48 . !HASH: COULD NOT OPEN FILE !!!!! . 50768 . . [------] .. c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-11-15 21:23 1743664 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-11-15 21:23 1743664 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-11-15 21:23 1743664 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-02-18 205512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
R1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
R3 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
R3 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidsha.sys;c:\windows\SYSNATIVE\drivers\aswbidsha.sys [x]
R3 aswblog;aswblog;c:\windows\system32\drivers\aswbloga.sys;c:\windows\SYSNATIVE\drivers\aswbloga.sys [x]
R3 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbuniva.sys;c:\windows\SYSNATIVE\drivers\aswbuniva.sys [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
R3 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys;c:\windows\SYSNATIVE\drivers\aswVmm.sys [x]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys;c:\windows\SYSNATIVE\DRIVERS\FlyUsb.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SaiK0836;SaiK0836;c:\windows\system32\DRIVERS\SaiK0836.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0836.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys;c:\windows\SYSNATIVE\DRIVERS\usb2ser.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe;c:\asus.sys\config\DVMExportService.exe [x]
R4 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
R4 FoxitPhantomService;FoxitPhantomService;c:\program files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe;c:\program files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [x]
R4 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
R4 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R4 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
R4 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
R4 OpenVPNServiceInteractive;OpenVPN Interactive Service;c:\program files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe;c:\program files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [x]
R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
R4 proXPN VPN;proXPN VPN;c:\program files (x86)\proXPN\bin\proXPNService.exe;c:\program files (x86)\proXPN\bin\proXPNService.exe [x]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R4 SOHDms;Sony Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R4 SOHDs;Sony Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R4 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R4 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-02-06 19:12 1368920 ----a-w- c:\program files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2017-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-20 13:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-11-15 21:26 2351920 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-11-15 21:26 2351920 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-11-15 21:26 2351920 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-02-18 07:43 1479992 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = https://www.yahoo.com/?fr=hp-avast&type=avastbcl
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page =
mSearch Bar = https://www.yahoo.com/?fr=hp-avast&type=avastbcl
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://vpn.berryaviation.com/CACHE/stc/3/binaries/vpnweb.cab
DPF: {FFA7A955-5A33-42F7-A77B-8E46AE2FAA64} - hxxps://www.playmemoriescameraapps.com/portal/PMCA/PMCADownloader.cab
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,3b,1b,44,3b,49,
92,13,f7,d5,0d,b4,23,94,3f,02,cf,cf,1f
.
[HKEY_USERS\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,7b,c1,8d,69,24,cf,45,bc,55,35,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,7b,c1,8d,69,24,cf,45,bc,55,35,\
.
[HKEY_USERS\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_221_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_221_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_221_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_221_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_221.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.24"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_221.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_221.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_221.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-02-21 20:55:14
ComboFix-quarantined-files.txt 2017-02-22 02:55
.
Pre-Run: 82,426,855,424 bytes free
Post-Run: 81,968,623,616 bytes free
.
- - End Of File - - DD55F6DA9DA82085B7E732B09DF97DC4
F46767AE2998EA7510CA3750ADFC1357
 
Good news :)

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017
Ran by Administrator (administrator) on HOMESTEAD (21-02-2017 21:58:06)
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available Profiles: Justin & Ryan & David & Administrator & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-18] (AVAST Software)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-18] (AVAST Software)
BootExecute: autocheck autochk * bootdeletesdnclean64.exe
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3559958457-2575535085-3770899071-1005\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3559958457-2575535085-3770899071-1004\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4C7E769E-D1AC-4F30-AF91-A0F76F8CA78F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{806CA2A1-B3EA-412D-B535-989F8F61EACA}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3559958457-2575535085-3770899071-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3559958457-2575535085-3770899071-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-02-18] (AVAST Software)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-02-18] (AVAST Software)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://vpn.berryaviation.com/CACHE/stc/3/binaries/vpnweb.cab
DPF: HKLM-x32 {FFA7A955-5A33-42F7-A77B-8E46AE2FAA64} hxxps://www.playmemoriescameraapps.com/portal/PMCA/PMCADownloader.cab

FireFox:
========
FF HKLM\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2016-12-05]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-12-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Sony Corporation/PMCADownloader -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\npPMCADownloader.dll [2012-10-17] (Sony Network Entertainment International LLC)
FF Plugin-x32: Sony Corporation/PMCADownloaderHelper -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\PMCADownloaderHelper.exe [2012-10-17] (Sony Network Entertainment International LLC)
FF Plugin-x32: Sony Corporation/PMCADownloaderLib -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\PMCADownloaderLib.dll [2012-10-17] (Sony Network Entertainment International LLC)

Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2017-02-21]
CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-09]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-09]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-09]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-09]
CHR Extension: (Foxit PDF Creator) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2017-02-09]
CHR Extension: (Avast SafePrice) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-02-19]
CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-09]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-09]
CHR Extension: (Avast Online Security) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-02-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-09]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-09]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2016-11-22]
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2016-11-22]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-18] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-18] (AVAST Software)
S4 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-07-17] (DeviceVM, Inc.) [File not signed]
S4 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
S4 FoxitPhantomService; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1659080 2016-12-30] (Foxit Software Inc.)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
S4 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S4 OpenVPNServiceInteractive; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [92968 2016-06-15] (The OpenVPN Project)
S4 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [487960 2014-12-15] (Sony Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 proXPN VPN; C:\Program Files (x86)\proXPN\bin\proXPNService.exe [127456 2016-09-13] ()
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-20] () [File not signed]
R3 AmdK8; C:\Windows\System32\DRIVERS\amdk8.sys [64512 2009-07-13] () [File not signed]
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2017-02-09] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2017-02-09] ()
S3 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309784 2017-02-18] (AVAST Software s.r.o.)
S3 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-02-18] (AVAST Software s.r.o.)
S3 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-02-18] (AVAST Software s.r.o.)
S3 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-02-18] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-02-18] (AVAST Software)
S3 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-02-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126088 2017-02-18] (AVAST Software)
S3 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-02-18] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [74680 2017-02-18] (AVAST Software)
S3 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [991496 2017-02-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [547904 2017-02-18] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-02-18] (AVAST Software)
R3 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337080 2017-02-18] (AVAST Software)
R0 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-13] () [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2010-11-20] () [File not signed]
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2010-11-20] () [File not signed]
R0 Disk; C:\Windows\System32\drivers\disk.sys [73664 2016-01-20] () [File not signed]
R3 Dot4; C:\Windows\System32\DRIVERS\Dot4.sys [145920 2009-07-13] () [File not signed]
R3 Dot4Print; C:\Windows\System32\DRIVERS\Dot4Prt.sys [19968 2010-11-20] () [File not signed]
R3 dot4usb; C:\Windows\System32\DRIVERS\dot4usb.sys [43008 2009-07-13] () [File not signed]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2015-12-08] () [File not signed]
R3 fdc; C:\Windows\System32\DRIVERS\fdc.sys [29696 2009-07-13] () [File not signed]
R3 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [24576 2009-07-13] () [File not signed]
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2014-07-11] (LeapFrog)
R3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-20] () [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2010-11-20] () [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] () [File not signed]
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-02-18] ()
S3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-13] () [File not signed]
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [274880 2014-02-03] () [File not signed]
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-13] () [File not signed]
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] () [File not signed]
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-21] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-21] (Malwarebytes)
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-13] () [File not signed]
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-13] () [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-13] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-13] () [File not signed]
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-13] () [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R3 Parport; C:\Windows\System32\DRIVERS\parport.sys [97280 2009-07-13] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] () [File not signed]
R0 pciide; C:\Windows\System32\drivers\pciide.sys [12352 2009-07-13] () [File not signed]
S3 Point64; C:\Windows\System32\DRIVERS\point64.sys [50896 2014-03-19] () [File not signed]
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-13] () [File not signed]
S3 SaiK0836; C:\Windows\System32\DRIVERS\SaiK0836.sys [172040 2010-06-17] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [23552 2009-07-13] () [File not signed]
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] () [File not signed]
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-13] () [File not signed]
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [63360 2010-11-20] () [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-02-20] ()
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2016-08-16] () [File not signed]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [56320 2016-08-16] () [File not signed]
R3 usbhub; C:\Windows\system32\drivers\usbhub.sys [343552 2016-08-16] () [File not signed]
R3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2016-08-16] () [File not signed]
R3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-13] () [File not signed]
R3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2016-02-03] () [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2016-08-16] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-13] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] () [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2016-08-12] (Cisco Systems, Inc.)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] () [File not signed]
U3 aswbdisk; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FRST.txt continued:

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-21 21:58 - 2017-02-21 21:58 - 00023748 _____ C:\Users\Administrator\Downloads\FRST.txt
2017-02-21 21:40 - 2017-02-21 21:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Oracle
2017-02-21 21:39 - 2017-02-21 21:39 - 00000000 ____D C:\Windows\Sun
2017-02-21 21:39 - 2017-02-21 21:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Sun
2017-02-21 21:39 - 2017-02-21 21:39 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Sun
2017-02-21 21:33 - 2017-02-21 21:33 - 00852798 _____ C:\Users\Administrator\Desktop\SecurityCheck.exe
2017-02-21 21:04 - 2017-02-21 21:04 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill.exe
2017-02-21 20:55 - 2017-02-21 20:55 - 00032523 _____ C:\ComboFixSafe1.txt
2017-02-21 20:34 - 2017-02-21 20:34 - 00033235 _____ C:\ComboFixNormal1.txt
2017-02-21 20:06 - 2017-02-21 20:55 - 00000000 ____D C:\Qoobox
2017-02-21 20:06 - 2017-02-21 20:32 - 00000000 ____D C:\Windows\erdnt
2017-02-21 20:06 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2017-02-21 20:06 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2017-02-21 20:06 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-02-21 20:06 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-02-21 20:06 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-02-21 20:06 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2017-02-21 20:06 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2017-02-21 20:06 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2017-02-21 19:42 - 2017-02-21 19:42 - 05659775 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2017-02-21 19:40 - 2017-02-21 19:40 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-02-20 21:11 - 2017-02-20 21:19 - 00000000 ____D C:\AdwCleaner
2017-02-20 20:55 - 2017-02-21 19:38 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-20 20:55 - 2017-02-21 19:38 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-02-20 20:55 - 2017-02-21 19:38 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-02-20 20:55 - 2017-02-21 19:38 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-20 20:55 - 2017-02-20 20:55 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-02-20 20:55 - 2017-02-20 20:55 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-20 20:55 - 2017-02-20 20:55 - 00001867 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2017-02-20 20:55 - 2017-02-20 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-20 20:55 - 2017-02-20 20:55 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-20 20:55 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-20 20:52 - 2017-02-21 19:39 - 00000000 ____D C:\Users\Administrator\Desktop\techspot logs
2017-02-20 20:52 - 2017-02-20 20:52 - 04015056 _____ C:\Users\Administrator\Desktop\AdwCleaner.exe
2017-02-20 20:50 - 2017-02-20 20:50 - 55566792 _____ (Malwarebytes ) C:\Users\Administrator\Desktop\mb3-setup-consumer-3.0.6.1469.exe
2017-02-20 20:31 - 2017-02-20 21:51 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-02-20 20:30 - 2017-02-20 21:51 - 00001011 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-02-20 20:30 - 2017-02-20 21:51 - 00001011 _____ C:\ProgramData\Desktop\RogueKiller.lnk
2017-02-20 20:30 - 2017-02-20 20:56 - 00000000 ____D C:\ProgramData\RogueKiller
2017-02-20 20:30 - 2017-02-20 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-02-20 20:30 - 2017-02-20 20:30 - 00000000 ____D C:\Program Files\RogueKiller
2017-02-19 22:56 - 2017-02-19 22:56 - 627363199 _____ C:\Windows\MEMORY.DMP
2017-02-19 22:51 - 2017-02-19 22:51 - 00097278 _____ C:\Users\Administrator\Desktop\dds.txt
2017-02-19 22:51 - 2017-02-19 22:51 - 00020906 _____ C:\Users\Administrator\Desktop\attach.txt
2017-02-19 22:45 - 2017-02-19 22:46 - 307157340 _____ C:\Users\Administrator\Desktop\backup.reg
2017-02-19 22:39 - 2017-02-19 22:39 - 00000145 _____ C:\Users\Administrator\Desktop\test.reg
2017-02-19 21:46 - 2017-02-19 21:46 - 00000000 ____D C:\Users\Administrator\Documents\ProcAlyzer Dumps
2017-02-19 21:35 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-02-19 21:35 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\ProgramData\Desktop\Post Win10 Spybot-install.exe
2017-02-19 21:23 - 2017-02-19 21:59 - 00000975 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-19 21:23 - 2017-02-19 21:59 - 00000975 _____ C:\ProgramData\Desktop\CCleaner.lnk
2017-02-19 21:23 - 2017-02-19 21:23 - 00002808 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-02-19 21:23 - 2017-02-19 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-19 21:23 - 2017-02-19 21:23 - 00000000 ____D C:\Program Files\CCleaner
2017-02-19 21:20 - 2017-02-19 21:21 - 00000000 ____D C:\Program Files (x86)\Driver Fusion
2017-02-19 21:20 - 2017-02-19 21:20 - 00001062 _____ C:\Users\Public\Desktop\Driver Fusion.lnk
2017-02-19 21:20 - 2017-02-19 21:20 - 00001062 _____ C:\ProgramData\Desktop\Driver Fusion.lnk
2017-02-19 21:20 - 2017-02-19 21:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Fusion
2017-02-19 21:17 - 2017-02-19 21:18 - 00000000 ____D C:\Users\Administrator\Desktop\driversweep
2017-02-19 21:07 - 2017-02-19 21:07 - 00001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-02-19 21:07 - 2017-02-19 21:07 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-02-19 21:07 - 2017-02-19 21:07 - 00001379 _____ C:\ProgramData\Desktop\Spybot-S&D Start Center.lnk
2017-02-19 21:07 - 2017-02-19 21:07 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-02-19 21:07 - 2017-02-19 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-02-19 21:07 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-02-19 21:06 - 2017-02-19 21:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-19 21:06 - 2017-02-19 21:35 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-02-19 20:42 - 2017-02-19 20:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2017-02-19 11:17 - 2017-02-19 11:32 - 00007636 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2017-02-19 11:02 - 2017-02-19 11:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
2017-02-19 11:02 - 2017-02-19 11:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\CEF
2017-02-18 18:10 - 2017-02-18 18:10 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-02-18 18:02 - 2017-02-18 18:02 - 00776574 _____ C:\Users\David\Downloads\gdiplus (1).zip
2017-02-18 17:53 - 2017-02-18 17:53 - 00885580 _____ C:\Users\David\Downloads\gdiplus.zip
2017-02-18 17:43 - 2017-02-18 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-02-18 17:43 - 2017-02-18 17:43 - 00000000 ____D C:\Program Files\7-Zip
2017-02-18 01:53 - 2017-02-18 01:53 - 00012442 _____ C:\Windows\system32\.crusader
2017-02-18 01:46 - 2017-02-18 18:25 - 00003894 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1487403968
2017-02-18 01:46 - 2017-02-18 01:47 - 18666584 _____ (PC Tools) C:\Users\David\Downloads\rminstall.exe
2017-02-18 01:46 - 2017-02-18 01:46 - 00001043 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-02-18 01:46 - 2017-02-18 01:46 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-02-18 01:46 - 2017-02-18 01:46 - 00001043 _____ C:\ProgramData\Desktop\Avast SafeZone Browser.lnk
2017-02-18 01:45 - 2017-02-18 01:44 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-02-18 01:44 - 2017-02-18 01:53 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-18 01:43 - 2017-02-19 21:35 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-18 01:43 - 2017-02-19 20:49 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-02-18 01:43 - 2017-02-19 11:01 - 00002075 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-02-18 01:43 - 2017-02-19 11:01 - 00002075 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2017-02-18 01:43 - 2017-02-18 01:43 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-02-18 01:43 - 2017-02-18 01:43 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-02-18 01:43 - 2017-02-18 01:43 - 00337080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-02-18 01:43 - 2017-02-18 01:43 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-02-18 01:43 - 2017-02-18 01:43 - 00126088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-02-18 01:43 - 2017-02-18 01:43 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-02-18 01:43 - 2017-02-18 01:43 - 00074680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-02-18 01:43 - 2017-02-18 01:43 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-02-18 01:43 - 2017-02-18 01:43 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-02-18 01:43 - 2017-02-18 01:43 - 00000000 ____D C:\Users\David\AppData\Roaming\AVAST Software
2017-02-18 01:43 - 2017-02-18 01:43 - 00000000 ____D C:\Users\David\AppData\Local\CEF
2017-02-18 01:43 - 2017-02-18 01:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-02-18 01:43 - 2017-02-18 01:42 - 00991496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-02-18 01:43 - 2017-02-18 01:41 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-02-18 01:43 - 2017-02-18 01:41 - 00309784 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-02-18 01:43 - 2017-02-18 01:41 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-02-18 01:43 - 2017-02-18 01:41 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-02-18 01:42 - 2017-02-18 01:43 - 11581544 _____ (SurfRight B.V.) C:\Users\David\Downloads\hitmanpro_x64.exe
2017-02-18 01:42 - 2017-02-18 01:42 - 09096848 _____ (SurfRight B.V.) C:\Users\David\Downloads\HitmanPro.exe
2017-02-18 01:41 - 2017-02-18 01:44 - 00000000 ____D C:\Program Files\AVAST Software
2017-02-18 01:40 - 2017-02-18 02:24 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-18 01:40 - 2017-02-18 01:40 - 06654960 _____ (AVAST Software) C:\Users\David\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2017-02-17 20:31 - 2017-02-17 20:31 - 00149672 _____ C:\Users\Katie\Desktop\BubblesOnBlanco.pdf
2017-02-17 18:34 - 2017-02-17 18:34 - 00000552 __RSH C:\Users\Katie\ntuser.pol
2017-02-16 02:51 - 2017-02-16 03:06 - 00000000 ____D C:\Users\David\AppData\Local\CrashDumps
2017-02-16 02:51 - 2017-02-16 02:51 - 09261616 _____ (Piriform Ltd) C:\Users\David\Downloads\ccsetup527.exe
2017-02-16 02:50 - 2017-02-16 02:50 - 00231390 _____ C:\Users\David\Downloads\RootkitRevealer.zip
2017-02-16 02:50 - 2017-02-16 02:50 - 00000000 ____D C:\Users\David\Downloads\RootkitRevealer
2017-02-16 00:47 - 2017-02-16 00:47 - 00108871 _____ C:\Users\David\Downloads\Shortcut.txt
2017-02-16 00:46 - 2017-02-16 00:47 - 00040068 _____ C:\Users\David\Downloads\Addition.txt
2017-02-16 00:44 - 2017-02-16 00:47 - 00103473 _____ C:\Users\David\Downloads\FRST.txt
2017-02-16 00:38 - 2017-02-16 00:38 - 02422272 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2017-02-16 00:30 - 2017-02-16 00:30 - 00000552 __RSH C:\Users\David\ntuser.pol
2017-02-16 00:02 - 2017-02-16 00:02 - 01764352 _____ (Farbar) C:\Users\David\Downloads\FRST.exe
2017-02-15 23:52 - 2017-02-15 23:53 - 00000000 ____D C:\Users\David\AppData\Roaming\Notepad++
2017-02-15 23:32 - 2017-02-15 23:33 - 147118352 _____ (Microsoft Corporation) C:\Users\David\Downloads\msert.exe
2017-02-14 22:32 - 2017-02-14 22:32 - 01068345 _____ C:\Users\David\Downloads\Windows6.1-KB3078667-x64.msu
2017-02-14 21:51 - 2017-02-18 18:09 - 00007623 _____ C:\Users\David\AppData\Local\resmon.resmoncfg
2017-02-14 21:06 - 2017-02-14 21:06 - 00019913 _____ C:\Users\David\Downloads\RangerSchoolPackingList.pdf
2017-02-14 21:04 - 2017-02-14 21:04 - 00236535 _____ C:\Users\David\Downloads\BLC Packing List.pdf
2017-02-14 19:39 - 2013-04-13 22:23 - 00001272 _____ C:\Users\David\Desktop\Snipping Tool.lnk
2017-02-11 14:16 - 2017-02-11 14:36 - 00000000 ____D C:\Users\David\Desktop\Work Dump
2017-02-11 14:16 - 2017-02-11 14:16 - 00131320 _____ C:\Users\David\Downloads\dsimoneaux_ssl_vpn_config.exe
2017-02-10 18:28 - 2017-02-11 14:37 - 00000000 ____D C:\Users\David\AppData\Roaming\Foxit Software
2017-02-10 11:14 - 2017-02-10 11:14 - 00166885 _____ C:\Users\David\Downloads\RA22620 SN32637230001 Heliq Custom Mobility.hc_hoist_data
2017-02-10 11:04 - 2017-02-10 11:04 - 00000000 ____D C:\Users\David\AppData\Roaming\webex
2017-02-10 11:03 - 2017-02-10 11:46 - 00000000 ____D C:\Users\David\AppData\LocalLow\WebEx
2017-02-10 11:03 - 2017-02-10 11:04 - 00000000 ____D C:\Users\David\AppData\Local\WebEx
2017-02-10 11:03 - 2017-02-10 11:04 - 00000000 ____D C:\ProgramData\WebEx
2017-02-10 11:03 - 2017-02-10 11:03 - 01021208 _____ (Cisco WebEx LLC) C:\Users\David\Downloads\Cisco_WebEx_Add-On.exe
2017-02-10 11:03 - 2017-02-10 11:03 - 00000000 ____D C:\Users\David\AppData\Roaming\Mozilla
2017-02-10 08:39 - 2017-02-15 00:26 - 00010114 _____ C:\Users\David\proxpn.ovpn
2017-02-10 08:39 - 2017-02-10 08:39 - 00000000 ____D C:\Users\David\AppData\Local\proXPN B.V
2017-02-10 08:38 - 2017-02-10 08:38 - 00001073 _____ C:\Users\David\Desktop\proXPN - Shortcut.lnk
2017-02-09 22:45 - 2017-02-10 08:40 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-02-09 22:45 - 2017-02-09 22:45 - 00000000 ____D C:\Users\David\AppData\Local\NVIDIA Corporation
2017-02-09 22:44 - 2017-02-09 22:44 - 00002259 _____ C:\Users\David\Desktop\Google Chrome.lnk
2017-02-09 20:24 - 2017-02-19 21:26 - 00000000 ____D C:\Users\newoldkatie
2017-02-09 20:24 - 2017-02-09 20:24 - 00113920 _____ C:\Users\newoldkatie\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-09 20:24 - 2017-02-09 20:24 - 00002259 _____ C:\Users\newoldkatie\Desktop\Google Chrome.lnk
2017-02-09 20:24 - 2017-02-09 20:24 - 00001417 _____ C:\Users\newoldkatie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-09 20:24 - 2017-02-09 20:24 - 00000020 ___SH C:\Users\newoldkatie\ntuser.ini
2017-02-09 20:24 - 2017-02-09 20:24 - 00000000 _SHDL C:\Users\newoldkatie\My Documents
2017-02-09 20:24 - 2017-02-09 20:24 - 00000000 _SHDL C:\Users\newoldkatie\Documents\My Videos
2017-02-09 20:24 - 2017-02-09 20:24 - 00000000 _SHDL C:\Users\newoldkatie\Documents\My Pictures
2017-02-09 20:24 - 2017-02-09 20:24 - 00000000 _SHDL C:\Users\newoldkatie\Documents\My Music
2017-02-09 20:24 - 2017-02-09 20:24 - 00000000 ____D C:\Users\newoldkatie\AppData\Roaming\Adobe
2017-02-09 20:24 - 2017-02-09 20:24 - 00000000 ____D C:\Users\newoldkatie\AppData\Local\VirtualStore
2017-02-09 20:24 - 2017-02-09 20:24 - 00000000 ____D C:\Users\newoldkatie\AppData\Local\Sophos
2017-02-09 20:24 - 2017-02-09 20:24 - 00000000 ____D C:\Users\newoldkatie\AppData\Local\NVIDIA
2017-02-09 20:24 - 2017-02-09 20:24 - 00000000 ____D C:\Users\newoldkatie\AppData\Local\Google
2017-02-09 20:24 - 2017-02-09 20:24 - 00000000 ____D C:\Users\newoldkatie\.cisco
2017-02-09 20:24 - 2013-06-02 12:13 - 00000000 ____D C:\Users\newoldkatie\AppData\Local\Microsoft Help
2017-02-09 20:24 - 2011-04-12 01:51 - 00000000 ____D C:\Users\newoldkatie\AppData\Roaming\Media Center Programs
2017-02-09 19:59 - 2017-02-19 21:14 - 00000177 ____H C:\dvmexp.idx
2017-02-09 19:58 - 2017-02-09 19:59 - 00000000 ____D C:\dvmexp
2017-02-09 19:58 - 2017-02-09 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Gate
2017-02-09 19:58 - 2017-02-09 19:58 - 00000000 ____D C:\ASUS.000
2017-02-09 19:57 - 2017-02-09 19:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\Downloaded Installations
2017-02-09 19:57 - 2017-02-09 19:57 - 00000000 ____D C:\ASUS.SYS
2017-02-09 19:52 - 2017-02-09 19:52 - 00000000 ____D C:\Windows\System32\Tasks\ASUS
2017-02-09 19:51 - 2017-02-09 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-02-09 19:51 - 2017-02-09 19:52 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-02-09 19:51 - 2017-02-09 19:50 - 00024576 _____ () C:\Windows\SysWOW64\AsIO.dll
2017-02-09 19:51 - 2017-02-09 19:50 - 00013440 _____ C:\Windows\SysWOW64\Drivers\AsIO.sys
2017-02-09 19:51 - 2017-02-09 19:50 - 00013368 _____ C:\Windows\SysWOW64\Drivers\AsUpIO.sys
2017-02-09 19:51 - 2008-01-04 13:34 - 00011832 _____ C:\Windows\SysWOW64\Drivers\AsInsHelp64.sys
2017-02-09 19:51 - 2008-01-04 13:34 - 00010216 _____ C:\Windows\SysWOW64\Drivers\AsInsHelp32.sys
2017-02-09 19:51 - 2004-02-27 00:00 - 00962612 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42d.dll
2017-02-09 19:51 - 2004-02-17 00:00 - 00434252 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCRTD.DLL
2017-02-09 19:48 - 2017-02-09 19:48 - 00001214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
2017-02-09 19:48 - 2017-02-09 19:48 - 00001202 _____ C:\Users\Public\Desktop\HD VDeck.lnk
2017-02-09 19:48 - 2017-02-09 19:48 - 00001202 _____ C:\ProgramData\Desktop\HD VDeck.lnk
2017-02-09 19:47 - 2017-02-09 19:48 - 00000000 ____D C:\Program Files (x86)\VIA
2017-02-09 19:47 - 2007-04-11 15:35 - 00414632 ____N (Microsoft Corporation) C:\Windows\difxapi.dll
2017-02-09 19:45 - 2017-02-09 19:50 - 00001769 _____ C:\Windows\Language_trs.ini
2017-02-09 13:19 - 2017-02-19 21:47 - 00000000 ___DC C:\Users\Administrator\AppData\Local\MigWiz
2017-02-09 12:58 - 2017-02-10 18:40 - 00002282 ____H C:\Users\David\Documents\Default.rdp
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ___RD C:\Users\David\Documents\Scanned Documents
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Documents\Web Easy
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Documents\Outlook Files
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Documents\My Scans
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Documents\MotorolaMediaLink
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Documents\Lisano Enterprises
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Documents\Flight Simulator X Files
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Documents\Fax
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Documents\Aiseesoft Studio
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Desktop\WSP
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Desktop\vet pics
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Desktop\Turbo Timer install instructions (2000) - AudiWorld Forums_files
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Desktop\Scouts Stuff
2017-02-09 12:58 - 2017-02-08 13:01 - 00079082 _____ C:\Users\David\Downloads\MTB.txt
2017-02-09 12:58 - 2017-02-08 12:59 - 00892416 _____ (Farbar) C:\Users\David\Downloads\MiniToolBox.exe
2017-02-09 12:58 - 2017-02-07 12:49 - 00000000 ____D C:\Users\David\Documents\Custom Office Templates
2017-02-09 12:58 - 2011-01-19 12:21 - 00000000 ____D C:\Users\David\Documents\Podcast
2017-02-09 12:57 - 2017-02-09 12:58 - 00000000 ____D C:\Users\David\Desktop\Ryans Birthday
2017-02-09 12:57 - 2017-02-09 12:57 - 00000000 ____D C:\Users\David\Desktop\NRA
2017-02-09 12:57 - 2017-02-09 12:57 - 00000000 ____D C:\Users\David\Desktop\Home Inspector
2017-02-09 12:57 - 2017-02-09 12:57 - 00000000 ____D C:\Users\David\Desktop\Dave
2017-02-09 12:57 - 2017-02-09 12:57 - 00000000 ____D C:\Users\David\Desktop\Babysitting stuff
2017-02-09 12:57 - 2017-02-09 12:57 - 00000000 ____D C:\Users\David\.cisco
2017-02-09 12:57 - 2017-02-07 14:39 - 00092659 _____ C:\Users\David\Desktop\FormLLC.pdf
2017-02-09 12:57 - 2015-03-15 09:56 - 07344951 _____ C:\Users\David\Desktop\VW Parts Manual.pdf
2017-02-09 12:57 - 2014-08-11 08:14 - 00011089 _____ C:\Users\David\Desktop\VWrepair.xlsx
2017-02-09 12:56 - 2017-02-16 03:02 - 00000000 ____D C:\Users\David
2017-02-09 12:56 - 2017-02-09 22:51 - 00000000 ____D C:\Users\David\AppData\Local\Google
2017-02-09 12:56 - 2017-02-09 12:56 - 00113920 _____ C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-09 12:56 - 2017-02-09 12:56 - 00001417 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-09 12:56 - 2017-02-09 12:56 - 00000020 ___SH C:\Users\David\ntuser.ini
2017-02-09 12:56 - 2017-02-09 12:56 - 00000000 _SHDL C:\Users\David\My Documents
2017-02-09 12:56 - 2017-02-09 12:56 - 00000000 _SHDL C:\Users\David\Documents\My Videos
2017-02-09 12:56 - 2017-02-09 12:56 - 00000000 _SHDL C:\Users\David\Documents\My Pictures
2017-02-09 12:56 - 2017-02-09 12:56 - 00000000 _SHDL C:\Users\David\Documents\My Music
2017-02-09 12:56 - 2017-02-09 12:56 - 00000000 ____D C:\Users\David\AppData\Roaming\Adobe
2017-02-09 12:56 - 2017-02-09 12:56 - 00000000 ____D C:\Users\David\AppData\Local\VirtualStore
2017-02-09 12:56 - 2017-02-09 12:56 - 00000000 ____D C:\Users\David\AppData\Local\Sophos
2017-02-09 12:56 - 2017-02-09 12:56 - 00000000 ____D C:\Users\David\AppData\Local\NVIDIA
2017-02-09 12:56 - 2013-06-02 12:13 - 00000000 ____D C:\Users\David\AppData\Local\Microsoft Help
2017-02-09 12:56 - 2011-04-12 01:51 - 00000000 ____D C:\Users\David\AppData\Roaming\Media Center Programs
2017-02-09 12:49 - 2017-02-21 20:34 - 00000000 ____D C:\Users\Old2David
2017-02-09 10:56 - 2017-02-09 10:58 - 00246412 _____ C:\TDSSKiller.3.1.0.12_09.02.2017_10.56.17_log.txt
2017-02-09 09:58 - 2017-02-14 22:54 - 00000000 ____D C:\Windows\System32\Tasks\Event Viewer Tasks
2017-02-09 09:00 - 2017-02-09 09:00 - 00000000 ____D C:\Users\Ryan\.cisco
2017-02-09 08:57 - 2017-02-09 08:57 - 00435472 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-09 08:42 - 2017-02-21 21:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2017-02-09 07:12 - 2017-02-21 21:58 - 00000000 ____D C:\FRST
2017-02-09 07:08 - 2017-02-19 23:01 - 02422784 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2017-02-09 06:33 - 2017-02-09 06:33 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Foxit Software
2017-02-09 06:17 - 2017-02-09 06:17 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2017-02-09 06:16 - 2017-02-18 01:30 - 00000552 __RSH C:\Users\Administrator\ntuser.pol
2017-02-09 06:16 - 2017-02-09 06:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2017-02-09 06:16 - 2017-02-09 06:41 - 00002255 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2017-02-09 06:16 - 2017-02-09 06:16 - 00113920 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-09 06:16 - 2017-02-09 06:16 - 00001413 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-09 06:16 - 2017-02-09 06:16 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2017-02-09 06:16 - 2017-02-09 06:16 - 00000000 ____D C:\Users\Administrator\AppData\Local\Sophos
2017-02-09 06:16 - 2017-02-09 06:16 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2017-02-09 06:16 - 2017-02-09 06:16 - 00000000 ____D C:\Users\Administrator\.cisco
2017-02-09 06:15 - 2017-02-18 01:30 - 00000000 ____D C:\Users\Administrator
2017-02-09 06:15 - 2017-02-09 06:15 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2017-02-09 06:15 - 2017-02-09 06:15 - 00000000 _SHDL C:\Users\Administrator\My Documents
2017-02-09 06:15 - 2017-02-09 06:15 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2017-02-09 06:15 - 2017-02-09 06:15 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2017-02-09 06:15 - 2017-02-09 06:15 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2017-02-09 06:15 - 2013-06-02 12:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2017-02-09 06:15 - 2011-04-12 01:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2017-02-08 16:42 - 2011-08-17 11:08 - 00298234 _____ C:\Users\Katie\Desktop\Windows6.1-KB2590550-v2-x64.msu
2017-02-08 16:42 - 2011-08-17 00:17 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2017-02-08 16:42 - 2011-08-17 00:04 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2017-02-08 16:41 - 2017-02-08 16:41 - 00427168 _____ C:\Users\Katie\Downloads\436224_intl_x64_zip.exe
2017-02-06 20:20 - 2017-02-19 23:18 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-02-06 20:20 - 2017-02-06 20:20 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-06 20:19 - 2017-02-06 20:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2017-02-06 20:18 - 2017-02-06 20:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-02-06 20:18 - 2017-02-06 20:18 - 00000000 ____D C:\Program Files\Microsoft Office
2017-02-06 19:29 - 2017-02-19 11:08 - 00000000 ____D C:\Program Files (x86)\WinCDEmu
2017-02-06 19:29 - 2017-02-06 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu
2017-02-06 01:14 - 2017-02-06 01:14 - 00000000 ____D C:\Users\Katie\AppData\Roaming\Sun
2017-02-04 06:20 - 2017-02-04 06:20 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Sun
2017-02-04 06:16 - 2017-02-04 06:16 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Foxit Software
2017-02-04 06:15 - 2017-02-04 06:15 - 00000000 ____D C:\Users\Justin\.cisco
2017-02-01 06:26 - 2017-02-01 06:26 - 00012309 _____ C:\Users\Katie\Desktop\JustinRecentActivity.pdf
2017-01-31 21:39 - 2017-01-31 21:40 - 00000000 ____D C:\Users\Katie\Desktop\KT old phone
2017-01-30 21:00 - 2017-01-30 21:00 - 00000000 ____D C:\ProgramData\Foxit Software
2017-01-30 20:59 - 2017-01-30 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2017-01-29 13:53 - 2017-01-29 13:53 - 08345924 _____ C:\Users\Katie\Desktop\PDF_4436_Audi_B5_S4_Vaico_Front_Control_Arm_Kit_R2.pdf
2017-01-28 04:13 - 2017-01-28 04:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-01-26 20:03 - 2017-01-26 20:03 - 00000141 _____ C:\Users\Katie\Desktop\Outlook Web App.url
2017-01-26 19:57 - 2017-01-26 19:57 - 00001551 _____ C:\Users\Katie\Desktop\Cisco AnyConnect Secure Mobility Client.lnk
2017-01-26 19:55 - 2017-01-26 19:55 - 00002296 _____ C:\Users\Katie\Desktop\Berry Aviation TS4.RDP
2017-01-26 19:55 - 2017-01-26 19:55 - 00000000 ____D C:\Users\Katie\.cisco
2017-01-26 19:54 - 2017-01-26 19:54 - 00000000 ____D C:\Users\Katie\AppData\Local\Cisco
2017-01-26 19:54 - 2017-01-26 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2017-01-26 19:54 - 2017-01-26 19:54 - 00000000 ____D C:\ProgramData\Cisco
2017-01-26 19:54 - 2017-01-26 19:54 - 00000000 ____D C:\Program Files (x86)\Cisco
2017-01-26 19:49 - 2017-01-26 20:05 - 00000000 ____D C:\Program Files (x86)\Citrix
2017-01-26 19:49 - 2017-01-26 19:49 - 00000000 ____D C:\Users\Katie\AppData\Local\Citrix
2017-01-24 19:38 - 2017-02-20 20:53 - 00002139 _____ C:\Users\Justin\Desktop\pink.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-21 21:46 - 2013-04-20 12:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-21 21:38 - 2009-07-13 22:45 - 00032224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-21 21:38 - 2009-07-13 22:45 - 00032224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-21 21:04 - 2009-07-13 23:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-21 21:04 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2017-02-21 21:00 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-21 20:53 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
2017-02-21 20:36 - 2015-11-17 20:52 - 00000000 ____D C:\Windows\pss
2017-02-20 21:23 - 2009-07-13 22:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-02-20 20:55 - 2016-08-30 21:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-20 20:53 - 2016-08-02 18:25 - 00002067 _____ C:\Users\Justin\Desktop\rainbows.lnk
2017-02-20 20:53 - 2016-08-02 18:25 - 00002063 _____ C:\Users\Justin\Desktop\GoNoodle.lnk
2017-02-19 23:18 - 2009-07-13 20:34 - 00000536 _____ C:\Windows\win.ini
2017-02-19 22:56 - 2017-01-15 12:27 - 00000000 ____D C:\Windows\Minidump
2017-02-19 21:58 - 2016-03-14 21:13 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-19 21:58 - 2009-07-13 23:08 - 00032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-19 21:47 - 2013-04-13 23:16 - 00000000 ____D C:\Windows\Panther
2017-02-19 20:47 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-19 11:18 - 2013-04-13 21:26 - 00001945 _____ C:\Windows\epplauncher.mif
2017-02-19 10:52 - 2015-12-28 09:33 - 00001150 __RSH C:\Users\Ryan\ntuser.pol
2017-02-19 10:52 - 2015-12-28 09:33 - 00000000 ____D C:\Users\Ryan
2017-02-18 18:02 - 2016-08-11 02:10 - 01467392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-02-18 17:58 - 2016-08-11 02:10 - 01717248 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-02-18 17:44 - 2016-11-04 17:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-18 17:43 - 2013-04-13 21:09 - 00001139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-18 01:44 - 2014-11-16 23:11 - 00000000 ____D C:\Temp
2017-02-17 18:34 - 2013-04-13 21:05 - 00000000 ____D C:\Users\Katie
2017-02-15 23:53 - 2013-12-30 11:34 - 00000000 ____D C:\Program Files (x86)\Notepad++
2017-02-14 07:46 - 2013-04-20 12:27 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-14 07:46 - 2013-04-20 12:27 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-14 07:46 - 2013-04-20 12:27 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 07:46 - 2013-04-20 12:27 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-14 07:46 - 2013-04-20 12:27 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-13 17:11 - 2015-10-22 17:03 - 00001315 _____ C:\Users\Justin\Desktop\unicorns.lnk
2017-02-13 17:11 - 2015-10-22 16:59 - 00001173 _____ C:\Users\Justin\Desktop\fluffy.lnk
2017-02-13 17:11 - 2015-10-22 16:59 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-02-13 11:21 - 2013-05-22 17:09 - 00002310 ____H C:\Users\Katie\Documents\Default.rdp
2017-02-13 10:16 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-02-12 10:05 - 2014-06-26 17:10 - 00000000 ____D C:\Users\Katie\Desktop\Peperport payments
2017-02-12 07:34 - 2014-12-25 20:57 - 00113920 _____ C:\Users\Justin\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-12 07:34 - 2014-12-25 20:56 - 00000008 __RSH C:\Users\Justin\ntuser.pol
2017-02-12 07:34 - 2014-12-25 20:56 - 00000000 ____D C:\Users\Justin
2017-02-09 20:24 - 2013-04-13 21:05 - 00000020 ___SH C:\Users\Katie\ntuser.ini
2017-02-09 19:58 - 2009-04-10 18:29 - 00000057 ____H C:\splash.idx
2017-02-09 19:52 - 2013-12-30 10:38 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-09 19:31 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-02-09 10:14 - 2006-11-02 07:34 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-02-09 09:00 - 2015-12-28 09:33 - 00113920 _____ C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-08 16:41 - 2013-04-13 21:05 - 00000000 ____D C:\Users\Katie\AppData\Local\VirtualStore
2017-02-08 16:02 - 2013-04-28 09:24 - 00000000 ____D C:\Users\Katie\AppData\Roaming\Foxit Software
2017-02-08 12:48 - 2009-07-13 20:34 - 00000347 _____ C:\Windows\system32\Drivers\etc\networks
2017-02-07 19:13 - 2013-04-14 15:48 - 00113920 _____ C:\Users\Katie\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-06 20:20 - 2011-04-12 01:51 - 00000000 ____D C:\Windows\ShellNew
2017-02-06 20:18 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-02-06 13:13 - 2013-05-01 11:43 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-04 05:50 - 2015-12-11 21:09 - 00000000 ____D C:\Users\Katie\AppData\Roaming\Spotify
2017-02-03 19:42 - 2015-12-11 21:17 - 00000000 ____D C:\Users\Katie\AppData\Local\Spotify
2017-02-02 22:26 - 2013-11-05 07:00 - 00000000 ____D C:\ProgramData\Oracle
2017-02-02 22:25 - 2013-06-29 12:09 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-01 19:42 - 2016-11-01 21:42 - 00000000 ____D C:\Users\Katie\Desktop\Cochise Mortgage payments
2017-01-30 21:15 - 2016-03-19 08:29 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2017-01-30 21:00 - 2016-02-24 21:28 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-30 20:59 - 2016-03-19 08:29 - 00000000 ____D C:\Users\Public\Foxit Software
2017-01-28 04:13 - 2013-05-01 11:43 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-26 19:54 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\Downloaded Program Files

==================== Files in the root of some directories =======

2017-02-19 11:17 - 2017-02-19 11:32 - 0007636 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2013-07-01 17:27 - 2015-01-28 20:59 - 0002177 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-12 00:13

==================== End of FRST.txt ============================
 
Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-02-2017
Ran by Administrator (21-02-2017 21:58:37)
Running from C:\Users\Administrator\Downloads
Windows 7 Professional Service Pack 1 (X64) (2013-04-14 02:52:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3559958457-2575535085-3770899071-500 - Administrator - Enabled) => C:\Users\Administrator
David (S-1-5-21-3559958457-2575535085-3770899071-1007 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-3559958457-2575535085-3770899071-501 - Limited - Enabled) => C:\Users\Guest
Justin (S-1-5-21-3559958457-2575535085-3770899071-1004 - Limited - Enabled) => C:\Users\Justin
Katie (S-1-5-21-3559958457-2575535085-3770899071-1008 - Administrator - Enabled)
Ryan (S-1-5-21-3559958457-2575535085-3770899071-1005 - Limited - Enabled) => C:\Users\Ryan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: - )
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
C4600 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.3.02039 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.3.02039 - Cisco Systems, Inc.) Hidden
Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version: - )
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Driver Fusion (HKLM-x32\...\Driver Fusion) (Version: 3.3.0.0 - Treexy)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FastStone Image Viewer 5.3 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
Foxit PhantomPDF (HKLM-x32\...\{1E322888-CE77-11E6-BF13-000C29FC3B44}) (Version: 8.2.0.2192 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
GrandPrix Race Manager v16 (HKLM-x32\...\GrandPrix Race Manager v16_is1) (Version: 16.0.1316 - Lisano Enterprises)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5 (HKLM\...\{1E1746EF-F5BF-4677-8F30-04FE399130DA}) (Version: 14.0 - HP)
HP Product Detection (HKLM-x32\...\{ACAA0152-96A4-4D93-92F5-1B4728C3D984}) (Version: 11.15.0008 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 7.0.6.19846 - LeapFrog)
LeapFrog Connect (x32 Version: 7.0.6.19846 - LeapFrog) Hidden
LeapFrog Tag Plugin (x32 Version: 7.0.6.19846 - LeapFrog) Hidden
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
MergeModule_x64 (Version: 9.1.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.1.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Standard 2013 (HKLM-x32\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.51 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.51 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PlayMemories Camera Apps Downloader (HKLM-x32\...\{E4B95A36-0EF2-44C6-B939-5B3DBBC34502}) (Version: 1.1.1975.475 - Sony Network Entertainment International LLC)
PlayMemories Home (HKLM-x32\...\{93AA5B49-0994-4EF6-80F3-868C9CEA88ED}) (Version: 4.1.00.12152 - Sony Corporation)
PMB_ModeEditor (x32 Version: 9.1.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 9.1.00 - Sony Corporation) Hidden
proXPN 4.3.6.5 (HKLM-x32\...\proXPN) (Version: 4.3.6.5 - proXPN B.V)
PS_AIO_05_C4600_Software_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
RogueKiller version 12.9.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.7.0 - Adlice Software)
SafeZone Stable 3.55.2393.561 (x32 Version: 3.55.2393.561 - Avast Software) Hidden
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}) (Version: 7.0.27.13 - Mad Catz)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Sophos SSL VPN Client 2.1 (HKLM-x32\...\Sophos SSL VPN Client) (Version: 2.1 - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for Skype for Business 2015 (KB3161988) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.STANDARD_{245EB15F-A90C-422B-9D3F-3AEEDF028CCC}) (Version: - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 7.0.6.19846 - LeapFrog)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0ED4A974-346E-4686-B971-6B87185421CE} - System32\Tasks\SafeZone scheduled Autoupdate 1487403968 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-15] (Avast Software)
Task: {1FAEDAB9-03AE-48AD-A353-A954DBD739FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {28A81C7B-66D5-4708-A7B9-143665E52468} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3007B336-C0F4-43FF-9723-61FB1591A75F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {3435F724-6B0E-4134-98FF-0E2A390368CF} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {384068BC-C417-44BD-85B6-AD3773C7EE30} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4081E417-D6DC-45F3-9EE8-15829B9B3EDD} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {50D8F91B-F662-487E-BA89-D3F211F15E6B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {66050CD8-7999-42B9-9EC8-A1DEB6E41AA3} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-02-18] (AVAST Software)
Task: {696C0EFC-F42E-4C76-94FA-3DD612E8ECE0} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-18] (AVAST Software)
Task: {6C85F01B-7E50-4CC3-B745-59CC32E569AF} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {70CD5D84-84A5-4A56-BF78-DF92FD3AE312} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {770E081D-AA76-4176-8E4D-AE4476C4C437} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2008-12-11] ()
Task: {8D5E55F2-79A8-40B8-A29E-FE2763D25BA3} - System32\Tasks\{06A60515-D95C-4A85-8707-ED747860BA65} => F:\setup.exe
Task: {A1D1E14A-8FEE-41D4-878B-28A27957A735} - System32\Tasks\{28F3448C-5E9E-4BAB-AD47-29A7D9FE0B78} => F:\setup.exe
Task: {C2CBA387-2B64-43C8-A66A-44CAE10CC509} - System32\Tasks\{E3593912-091D-40F4-AF7C-7A06F27F3A56} => F:\setup.exe
Task: {C3058DC1-0169-4973-86B9-2BE914800B6B} - System32\Tasks\{7A207EA8-3673-4A27-9E4E-0F7B79E84BF9} => F:\setup.exe
Task: {C406A18E-5D7A-4FD6-A7ED-A309F9AA1B1B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-07] (Piriform Ltd)
Task: {D08071E3-CA4C-4246-881D-3917E99FE422} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {FAB86893-3651-44A6-B0D1-B25135E9BE95} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {FCABA01C-67A9-43D0-BD7E-1823CFDBC1B7} - System32\Tasks\{ABE29E06-61AC-4C62-A84E-F3D8FE84D982} => F:\setup.exe
Task: {FEA6148C-5DE2-4D53-BCDC-A1723671C3B2} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2009-07-13 18:22 - 2015-12-08 13:07 - 01393152 _____ () C:\Windows\system32\WMALFXGFXDSP.dll
2013-07-20 11:55 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2009-07-13 18:21 - 2009-07-13 19:41 - 00299520 _____ () C:\Windows\System32\drivers\UMDF\WpdFs.dll
2016-11-15 15:23 - 2016-11-15 15:23 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-11-27 11:55 - 2016-11-27 11:55 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-02-18 01:42 - 2017-02-18 01:42 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-02-21 19:38 - 2017-02-21 19:38 - 05989072 _____ () C:\Program Files\AVAST Software\Avast\defs\17022101\algo.dll
2017-02-18 01:42 - 2017-02-18 01:42 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-02-18 01:43 - 2017-02-18 01:43 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-02-18 01:41 - 2017-02-18 01:41 - 00289328 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-02-06 13:13 - 2017-02-01 03:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 13:13 - 2017-02-01 03:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2017-02-21 20:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3559958457-2575535085-3770899071-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Fitbit Connect => 2
MSCONFIG\Services: FoxitPhantomService => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: LeapFrog Connect Device Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamNetworkSvc => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: OpenVPNServiceInteractive => 2
MSCONFIG\Services: PMBDeviceInfoProvider => 2
MSCONFIG\Services: proXPN VPN => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SOHDms => 2
MSCONFIG\Services: SOHDs => 3
MSCONFIG\Services: SpfService => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: vpnagent => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\Katie\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\Katie\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: MusicManager => "C:\Users\David\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: openvpn-gui => C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
MSCONFIG\startupreg: ProfilerU => C:\Program Files\SmartTechnology\Software\ProfilerU.exe
MSCONFIG\startupreg: SaiMfd => C:\Program Files\SmartTechnology\Software\SaiMfd.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Spotify => "C:\Users\Katie\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Katie\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{E1D4A664-8469-4B79-A12A-18FC90362765}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{00679DCD-8DA8-4C4A-B4C9-75F7A78B4CC6}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{DDDCDA55-9301-4DB1-82C9-F1AC6C3B5D13}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
FirewallRules: [TCP Query User{4E6117B2-3B9C-4908-98C5-E1B9964A7F93}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{F92482F7-F3C4-48FF-A3C2-74FAC142CD7C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

08-02-2017 16:42:24 Windows Update
09-02-2017 19:47:24 Installed Platform
09-02-2017 19:51:05 Installed Cool & Quiet
09-02-2017 19:51:59 Installed ASUSUpdate
09-02-2017 19:57:40 Installed Express Gate.
10-02-2017 03:00:10 Windows Update
13-02-2017 20:22:49 Windows Update
17-02-2017 18:38:59 Windows Update
18-02-2017 01:52:05 Checkpoint by HitmanPro
18-02-2017 01:52:56 Checkpoint by HitmanPro
19-02-2017 23:17:12 Windows Update
20-02-2017 21:27:22 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2017 09:02:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/21/2017 08:57:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (02/21/2017 08:39:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/21/2017 08:38:27 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (02/21/2017 08:38:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
Instantiating VSS server

Error: (02/21/2017 08:38:27 PM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
Instantiating VSS server

Error: (02/21/2017 07:38:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/20/2017 09:45:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/20/2017 09:27:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3559958457-2575535085-3770899071-1008.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {357647fd-2385-4e60-85b6-81c5e4656895}

Error: (02/20/2017 09:22:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (02/21/2017 09:02:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Listener service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/21/2017 09:02:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Listener service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/21/2017 09:02:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Listener service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/21/2017 09:00:23 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The aswbIDSAgent service terminated with service-specific error %%-536753635.

Error: (02/21/2017 09:00:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/21/2017 09:00:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/21/2017 09:00:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/21/2017 09:00:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/21/2017 09:00:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/21/2017 09:00:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


CodeIntegrity:
===================================
Date: 2017-02-21 20:30:53.732
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-21 20:30:53.561
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-06 19:13:07.333
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-06 19:13:07.161
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-06 19:06:38.854
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\David\Desktop\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-06 19:06:38.689
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\David\Desktop\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5800+
Percentage of memory in use: 47%
Total physical RAM: 4095.11 MB
Available physical RAM: 2153.93 MB
Total Virtual: 8188.41 MB
Available Virtual: 5963.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:76.56 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: D31281DA)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1.8 KB · Views: 3
Ran Fix in normal mode and inspected logs. It showed a couple registry keys that couldnt be removed because they were locked, so I booted into safe mode and re-ran the fix, no reboot was necessary this time and the registry keys now show as removed. Logs below:

FixLog - Normal boot:
Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017
Ran by Administrator (22-02-2017 20:43:29) Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Justin & Ryan & David & Administrator & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3559958457-2575535085-3770899071-1005\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3559958457-2575535085-3770899071-1004\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3559958457-2575535085-3770899071-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF => not found
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
U3 aswbdisk; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2017-02-19 11:17 - 2017-02-19 11:32 - 0007636 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2013-07-01 17:27 - 2015-01-28 20:59 - 0002177 _____ () C:\ProgramData\hpzinstall.log

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3559958457-2575535085-3770899071-1005\User => moved successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3559958457-2575535085-3770899071-1004\User => moved successfully
"C:\Windows\system32\GroupPolicy\Machine" => not found.
"C:\Windows\system32\GroupPolicy\User" => not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-3559958457-2575535085-3770899071-500\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\Software\Mozilla\Firefox\Extensions\\wrc@avast.com => value removed successfully
HKLM\Software\Mozilla\Firefox\Extensions\\sp@avast.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\wrc@avast.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\sp@avast.com => value removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf => key removed successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
catchme => service removed successfully
C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\ProgramData\hpzinstall.log => moved successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 22-02-2017 20:44:50)


Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\aswbdisk => key could not remove, key could be protected

==== End of Fixlog 20:44:50 ====

FixLog - Safe Boot:

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017
Ran by Administrator (22-02-2017 20:49:55) Run:2
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Justin & Ryan & David & Administrator & Guest)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3559958457-2575535085-3770899071-1005\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3559958457-2575535085-3770899071-1004\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3559958457-2575535085-3770899071-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF => not found
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
U3 aswbdisk; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2017-02-19 11:17 - 2017-02-19 11:32 - 0007636 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2013-07-01 17:27 - 2015-01-28 20:59 - 0002177 _____ () C:\ProgramData\hpzinstall.log

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found.
"C:\Windows\system32\GroupPolicy\Machine" => not found.
"C:\Windows\system32\GroupPolicy\User" => not found.
"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3559958457-2575535085-3770899071-1005\User" => not found.
"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3559958457-2575535085-3770899071-1004\User" => not found.
"C:\Windows\system32\GroupPolicy\Machine" => not found.
"C:\Windows\system32\GroupPolicy\User" => not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-3559958457-2575535085-3770899071-500\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\wrc@avast.com => value not found.
HKLM\Software\Mozilla\Firefox\Extensions\\sp@avast.com => value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\wrc@avast.com => value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\sp@avast.com => value not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf => key not found.
HKLM\System\CurrentControlSet\Services\aswbdisk => key removed successfully
aswbdisk => service removed successfully
catchme => service not found.
"C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg" => not found.
"C:\ProgramData\hpzinstall.log" => not found.

==== End of Fixlog 20:49:55 ====
 
Good :)

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Security Check:
Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avast Antivirus
Malwarebytes
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Adobe Flash Player 24.0.0.221
Mozilla Firefox (47.0.2)
Google Chrome (56.0.2924.87)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
AVAST Software Avast x64 aswidsagenta.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 
FSS:
Farbar Service Scanner Version: 27-01-2016
Ran by Administrator (administrator) on 22-02-2017 at 22:20:59
Running from "C:\Users\Administrator\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
TFC:
Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: Administrator
->Temp folder emptied: 2685477 bytes
->Temporary Internet Files folder emptied: 5821521 bytes
->Java cache emptied: 510675 bytes
->Google Chrome cache emptied: 212113186 bytes
->Flash cache emptied: 492 bytes

User: All Users

User: David
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 43645603 bytes
->Google Chrome cache emptied: 37887253 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4541099 bytes
->Java cache emptied: 2616888 bytes
->FireFox cache emptied: 951914 bytes
->Google Chrome cache emptied: 365961230 bytes
->Flash cache emptied: 97451 bytes

User: Justin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 7664879 bytes
->Java cache emptied: 1190 bytes
->Google Chrome cache emptied: 26241203 bytes
->Flash cache emptied: 492 bytes

User: Katie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 131904510 bytes
->Java cache emptied: 1114306 bytes
->FireFox cache emptied: 193606892 bytes
->Google Chrome cache emptied: 470189006 bytes
->Flash cache emptied: 16334 bytes

User: newoldkatie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 128 bytes

User: Old2David
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Ryan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2732067 bytes
->Google Chrome cache emptied: 56195081 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10156 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33030 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 1154 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42270283 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 419997 bytes
Process complete!

Total Files Cleaned = 1,535.00 mb
 
Something still isnt right. Sophos wouldnt finish scanning, my PC BSOD'd. Im in safe mode with networking at the moment re-running all scans to make sure everything runs right.
 
FSS

Farbar Service Scanner Version: 27-01-2016
Ran by Administrator (administrator) on 22-02-2017 at 23:11:55
Running from "C:\Users\Administrator\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Security Check:
Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Avast Antivirus
Malwarebytes
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Adobe Flash Player 24.0.0.221
Mozilla Firefox (47.0.2)
Google Chrome (56.0.2924.87)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
786
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back