Inactive Does anyone know what this virus is and how to remove it?

[jbryan1984]

My kid clicked on something and I got a ton of adware. Using Malwarebytes, I removed most of it, but I still get these strange pop ups and when it happens, the computer just totally slows down. Some say dmDOs and some say emDOs. If you try to exit out, it says "Glare" or Tenated" are not responding. I have never heard of any of the 4 and I have searched and found 0 information about them. Any idea? Photo included.

 

[mailpup]

Moving to Virus and Malware Removal forum.

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[jbryan1984]

Thanks. I am running the scan now.

 

[jbryan1984]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.02.2018
Ran by James (administrator) on JAMES-PC (21-02-2018 21:28:05)
Running from C:\Users\James\Desktop\Downloads
Loaded Profiles: James (Available Profiles: James)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\lsskzctsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\Brnday\Brnday.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
() C:\Users\James\AppData\Local\glare.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
() C:\Program Files (x86)\Mansion\glare.exe
() C:\Users\James\AppData\Local\tenanted.exe
() C:\Program Files (x86)\Mansion\tenanted.exe
() C:\Program Files (x86)\labour\glare.exe
() C:\Program Files (x86)\Glissando\tenanted.exe
() C:\Users\James\AppData\Local\tenanted.exe
() C:\Program Files (x86)\labour\glare.exe
() C:\Program Files (x86)\Mansion\glare.exe
() C:\Program Files (x86)\Glissando\tenanted.exe
() C:\Users\James\AppData\Local\glare.exe
() C:\Program Files (x86)\Mansion\tenanted.exe
(Python Software Foundation) C:\Users\James\AppData\Roaming\MaxiBuy\python\pythonw.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files (x86)\Glissando\tenanted.exe
() C:\Program Files (x86)\labour\glare.exe
() C:\Program Files (x86)\Mansion\tenanted.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BitTorrent Inc.) C:\Users\James\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Glissando\tenanted.exe
() C:\Program Files (x86)\labour\glare.exe
() C:\Program Files (x86)\Mansion\tenanted.exe
() C:\Program Files (x86)\Glissando\tenanted.exe
() C:\Program Files (x86)\labour\glare.exe
() C:\Program Files (x86)\Mansion\tenanted.exe
() C:\Program Files (x86)\solarium\humanness.exe
() C:\Program Files (x86)\Glissando\tenanted.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\Glissando\tenanted.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\Glissando\tenanted.exe
() C:\Program Files (x86)\labour\glare.exe
() C:\Program Files (x86)\Mansion\tenanted.exe
() C:\Program Files (x86)\labour\glare.exe
() C:\Users\James\AppData\Local\cwczebh\cwczebh.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\James\AppData\Local\dsbczxv\vshnzrg.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Glissando\tenanted.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(BitTorrent Inc.) C:\Users\James\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe
(BitTorrent Inc.) C:\Users\James\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Glissando\tenanted.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1654992 2011-10-26] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [213824 2011-10-04] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [416992 2011-08-02] (Trend Micro Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM\...\Run: [marking] => C:\Program Files (x86)\Glissando\tenanted.exe [41984 2018-02-18] ()
HKLM\...\Run: [markingathenians] => C:\Program Files (x86)\labour\glare.exe [41984 2018-02-18] ()
HKLM\...\Run: [markingmarking] => C:\Program Files (x86)\Mansion\tenanted.exe [41984 2018-02-18] ()
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-03-06] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS)
HKLM-x32\...\Run: [skeeters] => C:\Program Files (x86)\Glissando\tenanted.exe [41984 2018-02-18] ()
HKLM-x32\...\Run: [skeetersgreenbaum] => C:\Program Files (x86)\labour\glare.exe [41984 2018-02-18] ()
HKLM-x32\...\Run: [skeetersskeeters] => C:\Program Files (x86)\Mansion\tenanted.exe [41984 2018-02-18] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\...\Run: [uTorrent] => C:\Users\James\AppData\Roaming\uTorrent\uTorrent.exe [1981624 2017-12-27] (BitTorrent Inc.)
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7706728 2018-02-02] (Lavasoft)
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\...\Run: [dkproc] => rundll32.exe "C:\Users\James\AppData\Local\dkproc.dll",dkproc <==== ATTENTION
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\...\Run: [greenbaum] => C:\Program Files (x86)\Glissando\tenanted.exe [41984 2018-02-18] ()
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\...\Run: [greenbaumskeeters] => C:\Program Files (x86)\labour\glare.exe [41984 2018-02-18] ()
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\...\Run: [greenbaumgreenbaum] => C:\Program Files (x86)\Mansion\tenanted.exe [41984 2018-02-18] ()
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\...\Run: [athenians] => C:\Program Files (x86)\Glissando\tenanted.exe [41984 2018-02-18] ()
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\...\Run: [atheniansmarking] => C:\Program Files (x86)\labour\glare.exe [41984 2018-02-18] ()
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\...\Run: [atheniansathenians] => C:\Program Files (x86)\Mansion\tenanted.exe [41984 2018-02-18] ()
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\...\Run: [humanness] => C:\Program Files (x86)\solarium\humanness.exe [66830 2018-02-18] ()
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\...\Run: [eyeblink] => C:\Program Files (x86)\Glissando\tenanted.exe [41984 2018-02-18] ()
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\...\Run: [MaxiBuy] => C:\Users\James\AppData\Roaming\MaxiBuy\python\pythonw.exe [96408 2017-07-07] (Python Software Foundation) <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-03-06]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2017-08-03]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\АsusVibеLаunchеr.lnk [2018-02-18]
ShortcutTarget: АsusVibеLаunchеr.lnk -> C:\Users\James\AppData\Roaming\Browsers\exe.rehcnualebivsusa.bat (No File)
Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecker.lnk [2018-02-18]
ShortcutTarget: ecker.lnk -> C:\Program Files (x86)\Glissando\tenanted.exe ()
Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eckerecker.lnk [2018-02-18]
ShortcutTarget: eckerecker.lnk -> C:\Program Files (x86)\labour\glare.exe ()
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{351380A2-3E6E-45B7-9212-77D01EDBA615}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{D81FC0BE-8AED-4378-AC7D-A442A06BE8B7}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{F463552A-7D14-4F0A-9A03-3B2F88BAF1C5}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{F463552A-7D14-4F0A-9A03-3B2F88BAF1C5}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://page-ups.com/all/
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1555295380-1301480580-2791195162-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1555295380-1301480580-2791195162-1000 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311517&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC3wup8FAVUGi1L%2F%2F9R6DSxlP888VqK6A%2F4Yaj5IiL6FbA0ejv8GjtYktEdZVdcAPTrSq1SyZ9PYpoVFzQ2kYh9E8Rq6w8JMAx19yJ5so2rtN5Zv9Agy5LnI1IgdkHgrBsyQBu%2Bk3ZTSBlIFeT2cFv%2BXazNEE4YEcxkOSbChavYJh7w8rY8yU1tuVM1Gb3loWBffHqI3wNuLMjId8EbW37cHfOG4JFRGK0E7RshFoe1eLg%3D%3D&p={searchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll [2011-09-29] (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll [2011-08-02] (Trend Micro Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll [2011-09-29] (Trend Micro Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll [2011-08-02] (Trend Micro Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll [2011-08-02] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll [2011-08-02] (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll [2011-09-29] (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll [2011-09-29] (Trend Micro Inc.)

FireFox:
========
FF DefaultProfile: 77rsud6q.default
FF ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\77rsud6q.default [2018-02-21]
FF Homepage: Mozilla\Firefox\Profiles\77rsud6q.default -> moz-extension://5ab5ec77-9e5f-49e7-abfa-ac17ed3c5ea2/newtab/newtab.html
FF NewTabOverride: Mozilla\Firefox\Profiles\77rsud6q.default -> Enabled: web@Template
FF NewTabOverride: Mozilla\Firefox\Profiles\77rsud6q.default -> Enabled: web@eBooks
FF Extension: (LottaDeals) - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\77rsud6q.default\Extensions\@lottadeals.xpi [2018-01-31]
FF Extension: (Browser Safety) - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\77rsud6q.default\Extensions\extension@browser-safety.org.xpi [2018-02-18]
FF Extension: (eBooks) - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\77rsud6q.default\Extensions\web@eBooks.xpi [2018-02-08]
FF Extension: (Template) - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\77rsud6q.default\Extensions\web@Template.xpi [2018-02-13]
FF SearchPlugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\77rsud6q.default\searchplugins\bing-lavasoft.xml [2017-12-20]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension
FF Extension: (Trend Micro BEP Firefox Extension) - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension [2012-03-06] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: (Trend Micro NSC Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2012-03-06] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-31] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\firefox.js [2018-02-18]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default [2018-02-02]
CHR Extension: (Slides) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-31]
CHR Extension: (Docs) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-31]
CHR Extension: (Google Drive) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-31]
CHR Extension: (YouTube) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-31]
CHR Extension: (Sheets) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-31]
CHR Extension: (Google Docs Offline) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-31]
CHR Extension: (Gmail) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-31]
CHR Extension: (Chrome Media Router) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-31]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\osbhxzt <==== ATTENTION (Rootkit!)
"Brnday" => service was unlocked. <==== ATTENTION

S3 Amsp; C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [275912 2011-08-02] (Trend Micro Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS)
R2 Brnday; C:\ProgramData\Brnday\Brnday.exe [672096 2017-12-19] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [247072 2011-08-02] (Trend Micro Inc.)
S2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2018-02-02] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [193968 2018-02-18] (Malwarebytes)
R1 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-18] (Malwarebytes)
S3 ssudmdm; C:\windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 tmactmon; C:\windows\System32\DRIVERS\tmactmon.sys [91920 2011-08-11] (Trend Micro Inc.)
R1 tmcomm; C:\windows\System32\DRIVERS\tmcomm.sys [167696 2011-08-11] (Trend Micro Inc.)
R1 tmevtmgr; C:\windows\System32\DRIVERS\tmevtmgr.sys [70928 2011-08-11] (Trend Micro Inc.)
R1 tmtdi; C:\windows\System32\DRIVERS\tmtdi.sys [105744 2011-09-29] (Trend Micro Inc.)
S3 kknnnq; system32\drivers\ddhhhk.sys [X]
R3 xaehkn; system32\drivers\ehknru.sys [X]

========================== Drivers MD5 =======================

C:\windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\windows\system32\drivers\afd.sys 0DC2A9882540DEA4A55B08785E09D8FC
C:\windows\System32\DRIVERS\agrsm64.sys 98022774D9930ECBB292E70DB7601DF6
C:\windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\windows\System32\drivers\AmUStor.SYS 92A848F962DA91C631147D566414BB7E
C:\windows\system32\drivers\appid.sys C16B5B379A2A79702CC5FF923EAAE3FD
C:\windows\system32\drivers\arc.sys ==> MD5 is legit
C:\windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 4C016FD76ED5C05E84CA8CAB77993961
C:\windows\System32\DRIVERS\asmthub3.sys 8569AF4C73747671194EA9EBB2F2D6CF
C:\windows\System32\DRIVERS\asmtxhci.sys 073716FBFFAC7057CD5FF00A1B558331
C:\windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\athrx.sys E857EEE6B92AAA473EBB3465ADD8F7E7
C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 41CEAFFCF3550785E59E3EC9BEE8D97A
C:\windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\bowser.sys ABA3984C822E4D3F889699912D85D6C5
C:\windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\windows\system32\drivers\bthpan.sys 5A8951D195AFEF979C4AB02A129EBC37
C:\windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\windows\System32\CLFS.sys 3963FEC1892368DD500E6ED1F5C286CE
C:\windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\windows\System32\Drivers\cng.sys A98CED39AD91B445E2E442A9BD67E8B4
C:\windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\windows\System32\Drivers\dfsc.sys 9B38580063D281A99E68EF5813022A5F
C:\windows\System32\DRIVERS\ssudbus.sys 5F78930AAB3900102EA8ACDD38F97324
C:\windows\System32\drivers\discache.sys ==> MD5 is legit
C:\windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\windows\System32\drivers\dxgkrnl.sys 5CEF80AE869336376F550ECAE91E424A
C:\windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\windows\system32\drivers\mbae64.sys 680AF1647150CF9B061FF40E71C7396A
C:\windows\System32\DRIVERS\ETD.sys 4C120D2B2EA269EAE7A5744794EB6DB1
C:\Windows\System32\Drivers\exfat.sys 7E45F8B117419ABA3BB26579F6E70324
C:\Windows\System32\Drivers\fastfat.sys 6EDFA237D25433C03F42FBFDB16BDD24
C:\windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\fssfltr.sys DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\windows\System32\drivers\HTTP.sys CF5C9BD985120781200D35FD445D0BD5
C:\windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\iaStor.sys 26CF4275034214ECEDD8EC17B0A18A99
C:\windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\windows\System32\DRIVERS\igdkmd64.sys 0089B53F1BEFD34B7D8CA4AB021335FA
C:\windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\windows\System32\drivers\RTKVHD64.sys 651972B4061F940DC154C6F7B948B76A
C:\windows\System32\DRIVERS\IntcDAud.sys AE594CC17C33AC146739494615E14851
C:\windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\kbfiltr.sys E63EF8C3271D014F14E2469CE75FECB4
C:\windows\System32\Drivers\ksecdd.sys DFE85B031220F8E0271716BBB3C4C8FF
C:\windows\System32\Drivers\ksecpkg.sys 70D7302DD70B979637179BFD8295C924
C:\windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\L1C62x64.sys A4A9CA24E54E81C6C3E469EAEB4B3F42
C:\windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\windows\System32\Drivers\MbamChameleon.sys 5C3083CDE45F25797F6B4310BF916394
C:\windows\System32\Drivers\mbamswissarmy.sys B047B9CE5A0D800E6D713B43D0405221
C:\windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\windows\System32\drivers\modem.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\windows\system32\drivers\mouhid.sys ==> MD5 is legit
C:\windows\System32\drivers\mountmgr.sys 072D8646E23ECF8A3F5F0157017B4DB6
C:\windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\windows\system32\drivers\mrxdav.sys 98DB1790F0A584E0A2528B92B052417F
C:\windows\System32\DRIVERS\mrxsmb.sys 767C6DF04C5758B9F0790D400541B44F
C:\windows\System32\DRIVERS\mrxsmb10.sys BD55F604FFABC911F8E5500186AE70E5
C:\windows\System32\DRIVERS\mrxsmb20.sys 92EECFB046D4706A4B8D699A4069B6EC
C:\windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\nwifi.sys 9FB2A095B1166CB3C9A06651863B3452
C:\windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\netbt.sys 734837208CAFD6E0959A7A0333C95C9D
C:\windows\System32\DRIVERS\netr28x.sys FB21D47BA5606A4EDBBAC353D4BD06F0
C:\windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\windows\System32\drivers\nsiproxy.sys BE313E566EEA2A4B7F9AAC9782A567D4
C:\Windows\System32\Drivers\Ntfs.sys 96FEB18D7FFA4DC10F0C3CC4EF41500E
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\windows\system32\drivers\parport.sys ==> MD5 is legit
C:\windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\windows\System32\drivers\pci.sys ==> MD5 is legit
C:\windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\windows\System32\drivers\peauth.sys EA4D67448BE493D543F1730D6CD04694
C:\windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\windows\system32\drivers\processr.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\windows\system32\drivers\serial.sys ==> MD5 is legit
C:\windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\Sftfslh.sys 21AB491BBCC8C1B26FDC402A374AB196
C:\windows\System32\DRIVERS\Sftplaylh.sys 3B8D43FEEFF7A187534DDDFD675FE123
C:\windows\System32\DRIVERS\Sftredirlh.sys F1D1B1DC7A8765A09D7640FBF8D20970
C:\windows\System32\DRIVERS\Sftvollh.sys B3B9ADE7F8C4AF0C20E712E040588543
C:\windows\System32\DRIVERS\SiSG664.sys 1BC348CF6BAA90EC8E533EF6E6A69933

 

[jbryan1984]

C:\windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\srv.sys 72E6A150A8C8530B201832D1C801CDE6
C:\windows\System32\DRIVERS\srv2.sys C4F67ABCC5033D334613F28F9E782809
C:\windows\System32\DRIVERS\srvnet.sys C53CB62B0E57488AAE41FDA0FF8A0AB9
C:\windows\System32\DRIVERS\ssudmdm.sys F0B59ADCD06BCEB9D47311B7041CA2C9
C:\windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\windows\System32\drivers\tcpip.sys 7FB36A0A036ADDACE0A868E4A43C1C27
C:\windows\System32\DRIVERS\tcpip.sys 7FB36A0A036ADDACE0A868E4A43C1C27
C:\windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
C:\windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\windows\System32\DRIVERS\tdx.sys 4DD986720F7CB7A8A5D1226793097B9A
C:\windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\tmactmon.sys E386DD8EC68C67CA3E2A3ABDC1DF5C56
C:\windows\System32\DRIVERS\tmcomm.sys AB011C569487FD65C8944DDF8CBB2572
C:\windows\System32\DRIVERS\tmevtmgr.sys 8870A3D7305455B47ADCCD226F8E51BC
C:\windows\System32\DRIVERS\tmtdi.sys 48951FBFFFCAE52FADFCDFB76ED19749
C:\windows\system32\drivers\tpm.sys 48DDEF0B921DD331536CC82C1A8FF64F
C:\windows\System32\DRIVERS\tssecsrv.sys 2CF58216424757ED29605B4F18EC443C
C:\windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\windows\system32\drivers\usbccgp.sys 28B81917A195B67617AF7DCF4DFE5736
C:\windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\windows\system32\drivers\usbehci.sys B626F048318DAE65A3317F0592BE592C
C:\windows\system32\drivers\usbhub.sys 390109E8E05BA00375DCB1ED64DC60AF
C:\windows\system32\drivers\usbohci.sys B4DF0F4C1D9D25DFE1DAD1D8670F1D4F
C:\windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\windows\system32\drivers\usbuhci.sys CFEAAF96E666E3DCBD8F6DFF516784AE
C:\windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\windows\System32\drivers\vga.sys ==> MD5 is legit
C:\windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\windows\System32\drivers\volmgrx.sys 85C5468BC395819AE2A0C747334BA14C
C:\windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\windows\system32\drivers\wd.sys ==> MD5 is legit
C:\windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\wimfltr.sys 52DED146E4797E6CCF94799E8E22BB2A
C:\windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-21 21:27 - 2018-02-21 21:28 - 000000000 ____D C:\FRST
2018-02-20 22:42 - 2018-02-20 22:42 - 000143184 ____N C:\windows\system32\Drivers\lsrfjmps.sys
2018-02-20 20:16 - 2018-02-20 20:16 - 000000000 ____D C:\Users\James\AppData\Local\ElevatedDiagnostics
2018-02-19 17:08 - 2018-02-19 17:09 - 000262144 _____ C:\windows\Minidump\021918-43009-01.dmp
2018-02-19 17:08 - 2018-02-19 17:08 - 1148980886 _____ C:\windows\MEMORY.DMP
2018-02-19 17:08 - 2018-02-19 17:08 - 000000000 ____D C:\windows\Minidump
2018-02-19 00:21 - 2018-02-19 00:31 - 000000000 ____D C:\Users\James\Desktop\desktop computer 2
2018-02-18 22:21 - 2018-02-18 22:21 - 000001829 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-18 22:21 - 2018-02-18 22:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-18 22:21 - 2017-11-29 09:11 - 000077432 _____ C:\windows\system32\Drivers\mbae64.sys
2018-02-18 22:09 - 2018-02-18 22:09 - 000000193 _____ C:\windows\WORDPAD.INI
2018-02-18 21:01 - 2018-02-18 23:07 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-18 20:52 - 2018-02-18 20:54 - 000279182 _____ C:\windows\ntbtlog.txt
2018-02-18 19:17 - 2018-02-19 20:50 - 000084256 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2018-02-18 19:17 - 2018-02-18 22:21 - 000253880 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2018-02-18 19:17 - 2018-02-18 22:21 - 000193968 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2018-02-18 19:17 - 2018-02-18 22:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-18 19:17 - 2018-02-18 19:17 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-18 19:11 - 2018-02-18 19:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-02-18 19:11 - 2018-02-18 19:11 - 000000000 ____D C:\Program Files\VS Revo Group
2018-02-18 18:32 - 2018-02-18 18:32 - 000000000 ____D C:\Users\James\AppData\Local\MSBuild
2018-02-18 18:25 - 2018-02-18 18:25 - 000003408 _____ C:\windows\System32\Tasks\MaxiBuy
2018-02-18 18:25 - 2018-02-18 18:25 - 000000000 ____D C:\Users\James\AppData\Local\pcedavw
2018-02-18 18:24 - 2018-02-19 12:56 - 000000000 ____D C:\Users\James\AppData\Roaming\MaxiBuy
2018-02-18 18:24 - 2018-02-18 19:25 - 000000000 ____D C:\Users\James\AppData\Roaming\57e1a54e04b7493a94d2cc760ce6b7e6
2018-02-18 18:24 - 2018-02-18 19:25 - 000000000 ____D C:\Users\James\AppData\Local\a067e972e0f44d2a9e86b0be483ab076
2018-02-18 18:24 - 2018-02-18 18:35 - 000000000 ____D C:\Program Files (x86)\Up Pro
2018-02-18 18:24 - 2018-02-18 18:24 - 000000000 ____D C:\Users\James\AppData\Roaming\SystemHealer
2018-02-18 18:23 - 2018-02-18 19:25 - 000000000 ____D C:\Users\James\AppData\Local\208a649a23794089b031be047a31d560
2018-02-18 18:23 - 2018-02-18 19:25 - 000000000 ____D C:\Program Files (x86)\texttotalk
2018-02-18 18:23 - 2018-02-18 19:24 - 000000000 ____D C:\windows\System32\Tasks\Defender
2018-02-18 18:23 - 2018-02-18 19:24 - 000000000 ____D C:\Users\James\AppData\Roaming\Browsers
2018-02-18 18:23 - 2018-02-18 18:23 - 000140800 _____ C:\Users\James\AppData\Local\installer.dat
2018-02-18 18:23 - 2018-02-18 18:23 - 000002022 ___RS C:\Users\Public\Desktop\АSUS Vibe Fun Сеntеr.lnk
2018-02-18 18:23 - 2018-02-18 18:23 - 000001441 ___RS C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Еxplorеr.lnk
2018-02-18 18:23 - 2018-02-18 18:23 - 000001251 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firеfoх.lnk
2018-02-18 18:23 - 2018-02-18 18:23 - 000001202 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Chromе.lnk
2018-02-18 18:22 - 2018-02-18 19:25 - 000000000 __SHD C:\Users\James\AppData\Roaming\Folder
2018-02-18 18:21 - 2018-02-21 21:25 - 000000000 ____D C:\Users\James\AppData\Local\cwczebh
2018-02-18 18:21 - 2018-02-18 18:24 - 000000000 ____D C:\Users\James\AppData\Local\dsbczxv
2018-02-18 18:20 - 2018-02-21 21:23 - 002888704 _____ (TOSHIBA CORPORATION) C:\windows\system32\lsskzctsvc.exe
2018-02-18 18:20 - 2018-02-18 18:20 - 000000000 ____D C:\windows\SysWOW64\zaihtgb
2018-02-18 18:20 - 2018-02-18 18:20 - 000000000 ____D C:\windows\system32\zaihtgb
2018-02-18 18:19 - 2018-02-18 19:25 - 000000000 ____D C:\Program Files (x86)\overdrafts
2018-02-18 18:19 - 2018-02-18 18:19 - 000003848 _____ C:\windows\System32\Tasks\alternate-triglyceride
2018-02-18 18:19 - 2018-02-18 18:19 - 000003832 _____ C:\windows\System32\Tasks\souk_photocopied
2018-02-18 18:19 - 2018-02-18 18:19 - 000003830 _____ C:\windows\System32\Tasks\tost_coeducational
2018-02-18 18:19 - 2018-02-18 18:19 - 000003824 _____ C:\windows\System32\Tasks\parekh tv hynde
2018-02-18 18:19 - 2018-02-18 18:19 - 000003820 _____ C:\windows\System32\Tasks\accumulators
2018-02-18 18:19 - 2018-02-18 18:19 - 000003802 _____ C:\windows\System32\Tasks\mcg guerin
2018-02-18 18:19 - 2018-02-18 18:19 - 000003684 _____ C:\windows\System32\Tasks\baalternate-triglyceridealternate-triglyceride
2018-02-18 18:19 - 2018-02-18 18:19 - 000003670 _____ C:\windows\System32\Tasks\basouk_photocopiedsouk_photocopied
2018-02-18 18:19 - 2018-02-18 18:19 - 000003668 _____ C:\windows\System32\Tasks\batost_coeducationaltost_coeducational
2018-02-18 18:19 - 2018-02-18 18:19 - 000003662 _____ C:\windows\System32\Tasks\baparekh tv hyndeparekh tv hynde
2018-02-18 18:19 - 2018-02-18 18:19 - 000003658 _____ C:\windows\System32\Tasks\baaccumulatorsaccumulators
2018-02-18 18:19 - 2018-02-18 18:19 - 000003638 _____ C:\windows\System32\Tasks\bamcg guerinmcg guerin
2018-02-18 18:19 - 2018-02-18 18:19 - 000000012 _____ C:\windows\b86500054
2018-02-18 18:19 - 2018-02-18 18:19 - 000000000 ___HD C:\Program Files (x86)\solarium
2018-02-18 18:19 - 2018-02-18 18:19 - 000000000 ___HD C:\Program Files (x86)\Mansion
2018-02-18 18:19 - 2018-02-18 18:19 - 000000000 ____D C:\Users\James\AppData\Roaming\et
2018-02-18 18:19 - 2018-02-18 18:19 - 000000000 ____D C:\Program Files (x86)\labour
2018-02-18 18:19 - 2018-02-18 18:19 - 000000000 ____D C:\Program Files (x86)\Glissando
2018-02-18 18:18 - 2018-02-18 18:18 - 000000000 ____D C:\Users\James\AppData\Local\AdvinstAnalytics
2018-02-18 18:18 - 2018-02-18 18:18 - 000000000 ____D C:\Program Files (x86)\Microleaves
2018-02-18 18:17 - 2018-02-18 18:17 - 000041984 _____ C:\windows\unkempt.exe
2018-02-18 18:17 - 2018-02-18 18:17 - 000041984 _____ C:\Users\James\AppData\Local\tenanted.exe
2018-02-18 18:17 - 2018-02-18 18:17 - 000041984 _____ C:\Users\James\AppData\Local\glare.exe
2018-02-18 18:17 - 2018-02-18 18:17 - 000021528 _____ C:\windows\System32\Tasks\XYqIypoWb0Vu
2018-02-18 18:14 - 2018-02-18 19:25 - 000000000 ____D C:\Program Files (x86)\XYqIypoWb0Vu
2018-02-18 18:13 - 2018-02-18 18:13 - 000012800 _____ C:\Users\James\AppData\Local\dkproc.dll
2018-02-18 18:13 - 2018-02-18 18:13 - 000003072 _____ C:\Users\James\AppData\Local\uninstallIBR.exe
2018-02-18 18:12 - 2018-02-18 18:23 - 000000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2018-02-18 18:11 - 2018-02-18 18:52 - 000000000 ____D C:\Users\James\AppData\Roaming\AGData
2018-02-18 17:55 - 2018-02-18 17:55 - 000001709 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-02-18 17:55 - 2018-02-18 17:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-02-18 17:55 - 2018-02-18 17:55 - 000000000 ____D C:\Program Files\iPod
2018-02-18 17:54 - 2018-02-18 17:55 - 000000000 ____D C:\Program Files\iTunes
2018-02-18 17:50 - 2018-02-18 17:50 - 000000000 ____D C:\Program Files\Bonjour
2018-02-18 17:50 - 2018-02-18 17:50 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-02-18 17:48 - 2018-02-18 17:48 - 000000000 ____D C:\windows\System32\Tasks\Apple
2018-02-18 17:48 - 2018-02-18 17:48 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-02-18 17:40 - 2018-02-18 17:49 - 000000000 ____D C:\Users\James\Desktop\Amy_Grant_full_discography_[tfile.ru]
2018-02-18 03:12 - 2018-02-18 03:12 - 000037089 _____ C:\windows\uninstaller.dat
2018-02-15 16:20 - 2018-02-15 16:20 - 000000000 ____D C:\Users\James\Desktop\NBA Brackets
2018-02-13 19:26 - 2018-02-13 19:26 - 000000000 ____D C:\Users\James\AppData\Local\{DA869BC1-F77C-471B-B16E-F5E8B2396A80}
2018-02-13 19:25 - 2018-02-13 19:25 - 000000000 ____D C:\Users\James\AppData\Local\{2D85A85A-D930-4E3A-B258-CFACF59A626A}
2018-02-13 19:23 - 2018-02-13 19:23 - 000000000 ____D C:\Users\James\AppData\Local\{90C36955-44B5-4187-8689-4D201E93FBCE}
2018-02-13 19:19 - 2018-02-13 19:19 - 000000000 ____D C:\Users\James\AppData\Local\{3E51BC85-C06F-4C3C-81FA-757CE412051F}
2018-02-13 19:11 - 2018-02-13 19:11 - 000000000 ____D C:\Users\James\AppData\Local\{159C302F-8F67-4C78-9802-C1FAB65B95F8}
2018-02-13 19:07 - 2018-01-21 18:50 - 000136424 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2018-02-13 19:07 - 2018-01-21 18:40 - 000654336 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2018-02-13 19:07 - 2018-01-19 09:05 - 001994752 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2018-02-13 19:07 - 2018-01-19 09:05 - 001569280 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2018-02-13 19:07 - 2018-01-19 09:05 - 000749568 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2018-02-13 19:07 - 2018-01-19 09:05 - 000604672 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2018-02-13 19:07 - 2018-01-19 09:05 - 000450048 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2018-02-13 19:07 - 2018-01-19 09:05 - 000378880 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2018-02-13 19:07 - 2018-01-19 09:05 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2018-02-13 19:07 - 2018-01-19 09:05 - 000236544 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2018-02-11 22:07 - 2018-02-11 22:07 - 000000000 ____D C:\Users\James\AppData\Local\{8E92B7B2-80E1-401D-8C95-79E14950B2B2}
2018-02-11 21:53 - 2018-02-11 21:53 - 000000000 ____D C:\Users\James\AppData\Local\{50E5D96E-4A91-44E1-A5D6-D679BB2AF0C4}
2018-02-11 21:42 - 2018-02-11 21:42 - 000000000 ____D C:\Users\James\AppData\Local\{697025D9-8644-4B4E-BF6A-6D04889D9FA1}
2018-02-11 21:36 - 2018-02-11 21:36 - 000000000 ____D C:\Users\James\AppData\Local\{111D6A7E-0202-4F95-8740-ED006C3A238C}
2018-02-11 21:33 - 2018-02-11 21:33 - 000000000 ____D C:\Users\James\AppData\Local\{5BDB1871-C86F-49E0-8B64-C582165B0BE6}
2018-02-11 21:12 - 2018-02-11 21:12 - 000000000 ____D C:\Users\James\AppData\Local\{427D5938-7F43-4D6B-8A3E-B7391DF88225}
2018-02-11 21:05 - 2018-02-11 21:05 - 000000000 ____D C:\Users\James\AppData\Local\{4C38CED4-EBE9-4868-83C5-4B5247FCB055}
2018-02-10 03:28 - 2018-02-10 03:28 - 000000000 __SHD C:\found.000
2018-02-08 23:57 - 2018-02-10 03:20 - 000000000 ____D C:\Users\James\AppData\Roaming\SoftGrid Client
2018-02-08 23:57 - 2018-02-08 23:57 - 000000000 ____D C:\Users\James\AppData\Local\SoftGrid Client
2018-02-08 23:57 - 2018-02-08 23:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2018-02-08 23:56 - 2018-02-10 03:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2018-02-08 23:56 - 2018-02-08 23:56 - 000000000 ____D C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2018-02-08 23:56 - 2018-02-08 23:56 - 000000000 ____D C:\Program Files\Microsoft Office
2018-02-08 23:55 - 2018-02-08 23:57 - 000000000 ____D C:\Users\James\AppData\Roaming\TP
2018-02-08 00:26 - 2018-02-08 00:26 - 000000000 ____D C:\Users\James\AppData\Local\{C232E26D-B9F7-486E-8358-D8D96BE01D3A}
2018-02-08 00:01 - 2018-02-08 00:01 - 000000000 ____D C:\Users\James\AppData\Local\{F42B1765-2E97-4B51-923B-AAE57618E3E6}
2018-02-07 23:59 - 2018-02-07 23:59 - 000000000 ____D C:\Users\James\AppData\Local\{F1F9DBD5-ACB5-45D1-B697-ADFB4A4BD08C}
2018-02-07 23:30 - 2018-02-07 23:30 - 000000000 ____D C:\Users\James\AppData\Local\{2032D677-8EC9-4426-A5B6-5798A5EC6D66}
2018-02-07 22:52 - 2018-02-07 22:52 - 000000000 ____D C:\Users\James\AppData\Local\{847C660B-C6E7-4AFB-8090-B607517F29FF}
2018-02-07 22:49 - 2018-02-07 22:49 - 000000000 ____D C:\Users\James\AppData\Local\{F7996ABE-3DEA-4B49-8214-3B7349EE4CD7}
2018-02-07 22:45 - 2018-02-07 22:45 - 000000000 ____D C:\Users\James\AppData\Local\{B2E6D380-4D0F-4771-A855-38A2A1BAEA01}
2018-02-07 22:35 - 2018-02-07 22:35 - 000000000 ____D C:\Users\James\AppData\Local\{E0768ED3-2604-493D-9127-04D633798F39}
2018-02-07 22:03 - 2018-02-07 22:03 - 000000000 ____D C:\Users\James\AppData\Local\{BB959C7E-5409-4B1B-962D-0087A6A4970C}
2018-02-07 21:58 - 2018-02-07 21:58 - 000000000 ____D C:\Users\James\AppData\Local\{3FD32257-8720-48AA-99BF-3B8ECB716D9D}
2018-02-07 21:40 - 2018-02-07 21:40 - 000000000 ____D C:\Users\James\AppData\Local\{4B00CA28-81E1-45F5-B774-CF61679CEFC8}
2018-02-07 21:36 - 2018-02-07 21:36 - 000000000 ____D C:\Users\James\AppData\Local\{D9AAF839-7565-4ED0-B9DF-284B6C8D6A6D}
2018-02-07 21:32 - 2018-02-07 21:32 - 000000000 ____D C:\Users\James\AppData\Local\{DA55C53A-3BAE-4B0A-8E80-C35C7BFCC92D}
2018-02-07 21:26 - 2018-02-07 21:26 - 000000000 ____D C:\Users\James\AppData\Local\{11895077-9060-44A7-8649-B0462A4F47EF}
2018-02-07 21:11 - 2018-02-07 21:11 - 000000000 ____D C:\Users\James\AppData\Local\{729E33F6-0ABD-43F2-8473-0B5794778778}
2018-02-07 21:02 - 2018-02-07 21:02 - 000000000 ____D C:\Users\James\AppData\Local\{005B7D1B-C39F-467A-9F1F-0E35E8074DEF}
2018-02-07 20:53 - 2018-02-07 20:53 - 000000000 ____D C:\Users\James\AppData\Local\{498D0BBA-DF8F-4512-9BCB-829DA0545615}
2018-02-07 20:49 - 2018-02-07 20:49 - 000000000 ____D C:\Users\James\AppData\Local\{D05CFFF6-286F-4785-8D46-6FF126D598A1}
2018-02-07 20:30 - 2018-02-07 20:30 - 000000000 ____D C:\Users\James\AppData\Local\{54D15076-8370-4D28-AD07-9C8F66FC654E}
2018-02-07 20:11 - 2018-02-07 20:11 - 000000000 ____D C:\Users\James\AppData\Local\{CD2EDF56-9085-40CF-A5B9-D074D1FE9A10}
2018-02-07 20:07 - 2018-02-07 20:07 - 000000000 ____D C:\Users\James\AppData\Local\{E250E684-3A56-47A8-A29B-77E986F12674}
2018-02-07 19:29 - 2018-02-07 19:29 - 000000000 ____D C:\Users\James\AppData\Local\{9EC1C6D8-8D05-49BA-A3D0-A1B8330AF7AB}
2018-02-07 19:24 - 2018-02-07 19:24 - 000000000 ____D C:\Users\James\AppData\Local\{C2B27434-478C-4056-8F4F-E5389B850483}
2018-02-07 19:19 - 2018-02-07 19:19 - 000000000 ____D C:\Users\James\AppData\Local\{523DF5DC-7D86-4312-AC65-1F57B04C9DF2}
2018-02-07 19:19 - 2018-02-07 19:19 - 000000000 ____D C:\Users\James\AppData\Local\{0E7A39B9-1FCC-473E-9C8C-5EEDC1D21894}
2018-02-07 19:15 - 2018-02-07 19:15 - 000000000 ____D C:\Users\James\AppData\Local\{0F5E6A32-93BD-4642-9365-1FCF6BFBEA6B}
2018-02-07 19:09 - 2018-02-07 19:09 - 000000000 ____D C:\Users\James\AppData\Local\{47AB6992-85A7-44A3-811A-BF85A82B65B5}
2018-02-07 01:20 - 2018-02-07 01:20 - 000000000 ____D C:\Users\James\AppData\Local\{8D945411-69AA-47B0-B834-02ABABDD5F0B}
2018-02-07 01:16 - 2018-02-07 01:16 - 000000000 ____D C:\Users\James\AppData\Local\{60F304B8-8EDF-4E64-B307-2DD57073E6BD}
2018-02-07 01:14 - 2018-02-07 01:14 - 000000000 ____D C:\Users\James\AppData\Local\{EAF2017F-867A-4F8D-8314-FC92E5701F47}
2018-02-07 01:08 - 2018-02-07 01:08 - 000000000 ____D C:\Users\James\AppData\Local\{F153925D-67E8-4755-9622-C21B1AB9E5D5}
2018-02-07 01:06 - 2018-02-07 01:06 - 000000000 ____D C:\Users\James\AppData\Local\{76410E57-0DDC-4ED8-A84D-58BF009415C1}
2018-02-07 01:04 - 2018-02-07 01:04 - 000000000 ____D C:\Users\James\AppData\Local\{29DEB0EF-447A-41C6-B1D2-823B8505E2FE}
2018-02-07 01:01 - 2018-02-07 01:01 - 000000000 ____D C:\Users\James\AppData\Local\{C1A7E567-916F-49D8-A4D3-2D92453CDB45}
2018-02-07 00:57 - 2018-02-07 00:57 - 000000000 ____D C:\Users\James\AppData\Local\{67E1B180-9B74-4FC9-950C-C12E737EB75B}
2018-02-07 00:54 - 2018-02-07 00:54 - 000000000 ____D C:\Users\James\AppData\Local\{695A0022-92B4-4B7C-9B6F-56FC39301CC3}
2018-02-07 00:48 - 2018-02-07 00:48 - 000000000 ____D C:\Users\James\AppData\Local\{4F15DB88-B39F-4935-A29E-9C2DF547D641}
2018-02-07 00:46 - 2018-02-07 00:46 - 000000000 ____D C:\Users\James\AppData\Local\{27AF9A09-5197-43B2-9E67-FE52550C0073}
2018-02-07 00:11 - 2018-02-20 19:30 - 000000000 ____D C:\Users\James\AppData\Roaming\Apple Computer
2018-02-07 00:11 - 2018-02-07 00:11 - 000000000 ____D C:\Users\James\AppData\Local\Apple Computer
2018-02-07 00:09 - 2018-02-18 17:54 - 000000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2018-02-07 00:09 - 2018-02-07 00:09 - 000000000 ____D C:\ProgramData\Apple Computer
2018-02-07 00:08 - 2018-02-18 17:56 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-02-07 00:08 - 2018-02-07 00:08 - 000000000 ____D C:\Users\James\AppData\Local\Apple
2018-02-07 00:07 - 2018-02-18 17:53 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-02-07 00:07 - 2018-02-07 00:08 - 000000000 ____D C:\ProgramData\Apple
2018-02-06 23:36 - 2018-02-20 22:26 - 000000000 ____D C:\Users\James\Desktop\art work
2018-02-06 22:26 - 2018-02-06 22:44 - 000000000 ____D C:\Users\James\Desktop\Illusions
2018-02-04 12:57 - 2018-02-04 13:08 - 819052351 ____R C:\Users\James\Desktop\Let.There.Be.Light.2017.WEBRip.x264-ION10.mp4
2018-01-31 17:53 - 2018-01-31 17:53 - 000000000 ____D C:\Users\James\AppData\Roaming\Google
2018-01-31 17:51 - 2018-02-02 00:03 - 000002261 ____H C:\Users\James\Desktop\Google Chrome.lnk
2018-01-31 17:48 - 2018-01-31 17:59 - 000000000 ____D C:\Users\James\AppData\Local\Google
2018-01-23 19:04 - 2018-01-23 19:04 - 000000000 ____D C:\Users\James\Desktop\games
2018-01-22 19:58 - 2018-02-21 21:26 - 000000000 ____D C:\Users\James\AppData\LocalLow\uTorrent
2018-01-21 14:05 - 2018-01-21 14:05 - 000002651 _____ C:\Users\Public\Desktop\SD Card Formatter.lnk
2018-01-21 14:05 - 2018-01-21 14:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SD Association
2018-01-21 14:05 - 2018-01-21 14:05 - 000000000 ____D C:\Program Files (x86)\SDA
2018-01-21 11:15 - 2018-02-19 00:12 - 000000000 ____D C:\Users\James\Desktop\7-Zip
2018-01-21 11:10 - 2018-01-21 11:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-01-21 11:10 - 2018-01-21 11:10 - 000000000 ____D C:\Program Files (x86)\7-Zip
2018-01-18 22:57 - 2018-01-18 22:57 - 000000000 ____D C:\Users\James\Desktop\Teams
2018-01-10 20:00 - 2018-01-21 10:57 - 000000000 ____D C:\Users\James\AppData\Local\jZip
2018-01-09 23:40 - 2018-01-09 23:40 - 000000000 ____D C:\Users\James\AppData\LocalLow\Adobe
2018-01-09 23:40 - 2018-01-09 23:40 - 000000000 ____D C:\Users\James\AppData\Local\Adobe
2018-01-04 21:30 - 2018-01-04 21:30 - 000000000 ____D C:\Users\James\Documents\ASUS
2018-01-04 21:30 - 2018-01-04 21:30 - 000000000 ____D C:\ProgramData\ASUS
2018-01-04 20:18 - 2018-01-04 20:18 - 000000000 ____D C:\Users\James\AppData\Local\FreemakeVideoConverter
2018-01-04 20:00 - 2018-01-13 21:58 - 000000000 ____D C:\ProgramData\Freemake
2018-01-04 20:00 - 2018-01-04 20:18 - 000000000 ____D C:\Users\James\Documents\Freemake
2018-01-04 19:57 - 2018-01-13 21:58 - 000000000 ____D C:\Program Files (x86)\Freemake
2018-01-04 19:46 - 2018-01-09 23:01 - 000000000 ____D C:\ProgramData\DVD Shrink
2018-01-04 19:46 - 2018-01-04 19:46 - 000000989 _____ C:\Users\James\Desktop\DVD Shrink 3.2.lnk
2018-01-04 19:46 - 2018-01-04 19:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink
2018-01-04 19:46 - 2018-01-04 19:46 - 000000000 ____D C:\Program Files (x86)\DVD Shrink
2018-01-01 15:06 - 2018-01-01 15:11 - 000000000 ____D C:\Users\James\AppData\Roaming\Stella
2018-01-01 03:10 - 2018-02-15 16:29 - 000000000 ____D C:\windows\system32\MRT
2018-01-01 03:10 - 2018-02-15 16:23 - 130067560 ____C (Microsoft Corporation) C:\windows\system32\MRT-KB890830.exe
2018-01-01 03:09 - 2018-02-15 16:23 - 130067560 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-12-29 02:53 - 2017-12-29 02:53 - 000000000 ____D C:\Users\James\AppData\Local\{E96EDF0E-A2F2-4FEB-99FC-1A15F5525533}
2017-12-29 01:17 - 2017-12-29 01:17 - 000000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2017-12-20 21:24 - 2017-12-20 21:24 - 000000000 ____D C:\Users\James\AppData\Roaming\KnctrDownloader
2017-12-19 22:52 - 2018-02-18 18:52 - 000000000 ____D C:\Program Files (x86)\AnonymizerGadget
2017-12-19 22:52 - 2017-12-21 22:02 - 000000000 ____D C:\Users\James\AppData\Roaming\PU_Setup
2017-12-19 22:52 - 2017-12-19 22:52 - 000000247 _____ C:\SILENT
2017-12-19 22:52 - 2017-12-19 22:52 - 000000000 ____D C:\Users\James\AppData\Roaming\IQSXSC
2017-12-19 22:52 - 2017-12-19 22:52 - 000000000 ____D C:\ProgramData\Brnday
2017-12-19 22:49 - 2017-12-19 22:50 - 000000000 ____D C:\Program Files (x86)\MTheorySetup
2017-12-17 13:48 - 2017-12-17 13:48 - 000000000 ____D C:\Users\James\AppData\Local\Downloaded Installations
2017-12-17 13:28 - 2018-01-10 19:54 - 000000000 ____D C:\ProgramData\WinZip
2017-12-17 13:28 - 2017-12-17 13:28 - 000000000 ____D C:\ProgramData\UniqueId
2017-12-17 13:22 - 2017-12-17 13:22 - 000001069 _____ C:\Users\Public\Desktop\Win32DiskImager.lnk
2017-12-17 13:22 - 2017-12-17 13:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2017-12-17 13:22 - 2017-12-17 13:22 - 000000000 ____D C:\Program Files (x86)\ImageWriter
2017-12-16 23:05 - 2017-12-16 23:05 - 000000000 ____D C:\Users\James\AppData\Local\{5533D33A-A098-414C-8A3E-934118B517B3}
2017-12-16 23:03 - 2017-12-16 23:04 - 000000000 ____D C:\Users\James\AppData\Local\{88D0A74B-D203-44DF-ACD7-F709DE090C79}
2017-12-16 23:03 - 2017-12-16 23:03 - 000000000 ____D C:\Users\James\AppData\Local\{0F7AC00D-0B6D-4404-ACB7-0EE18DFD73E1}
2017-12-10 19:24 - 2018-02-18 18:10 - 000000000 ____D C:\Users\James\AppData\Roaming\vlc
2017-12-10 19:24 - 2017-12-10 19:24 - 000001072 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-12-10 19:24 - 2017-12-10 19:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-12-10 19:24 - 2017-12-10 19:24 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2017-12-09 03:02 - 2017-12-09 03:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-12-09 03:01 - 2017-12-09 03:01 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2017-12-09 03:01 - 2017-12-09 03:01 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-12-07 19:13 - 2017-12-07 19:13 - 000000000 ____D C:\Users\James\AppData\Roaming\Lavasoft
2017-12-07 19:13 - 2017-12-07 19:13 - 000000000 ____D C:\Users\James\AppData\Local\Lavasoft
2017-12-07 19:13 - 2017-12-07 19:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2017-12-07 19:12 - 2017-12-07 19:12 - 000000000 ____D C:\ProgramData\Lavasoft
2017-12-07 19:12 - 2017-12-07 19:12 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2017-12-07 19:11 - 2018-02-21 21:26 - 000000000 ____D C:\Users\James\AppData\Roaming\uTorrent
2017-12-07 19:11 - 2017-12-07 19:11 - 000000855 _____ C:\Users\James\Desktop\µTorrent.lnk
2017-12-07 19:11 - 2017-12-07 19:11 - 000000835 _____ C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-21 21:27 - 2017-08-03 17:21 - 000000000 ____D C:\Users\James\AppData\LocalLow\Mozilla
2018-02-21 21:27 - 2009-07-13 21:34 - 016777216 _____ C:\windows\system32\config\HARDWARE
2018-02-21 21:26 - 2017-08-03 20:47 - 000003250 _____ C:\windows\system32\AutoRunFilter.ini
2018-02-21 21:26 - 2017-08-03 18:17 - 000000387 _____ C:\Users\James\AppData\Roaming\sp_data.sys
2018-02-21 21:25 - 2017-08-03 18:16 - 000000000 ___HD C:\ASUS.DAT
2018-02-21 21:23 - 2009-07-14 00:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-02-21 20:42 - 2009-07-13 23:45 - 000009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-21 20:42 - 2009-07-13 23:45 - 000009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-20 20:27 - 2009-07-14 00:13 - 000799008 _____ C:\windows\system32\PerfStringBackup.INI
2018-02-20 20:27 - 2009-07-13 22:20 - 000000000 ____D C:\windows\inf
2018-02-19 22:25 - 2017-08-03 20:48 - 000045056 _____ C:\windows\SysWOW64\acovcnt.exe
2018-02-19 20:20 - 2012-03-06 05:48 - 000791622 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2018-02-18 22:35 - 2017-08-03 20:47 - 000001295 _____ C:\windows\system32\ServiceFilter.ini
2018-02-18 19:41 - 2017-09-17 20:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-18 19:41 - 2017-08-03 17:21 - 000001165 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-02-18 19:41 - 2017-08-03 17:21 - 000001153 ____H C:\Users\Public\Desktop\Firefox.lnk
2018-02-18 19:40 - 2017-08-03 17:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-18 19:25 - 2017-08-03 18:16 - 000000000 ____D C:\Users\James
2018-02-18 19:25 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\GooCMAM Drivers
2018-02-18 18:29 - 2012-03-06 05:59 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-02-18 18:24 - 2009-07-13 22:20 - 000000000 ___HD C:\windows\system32\GroupPolicy
2018-02-18 18:23 - 2012-03-06 05:52 - 000000000 ____D C:\Program Files\Windows Live
2018-02-18 18:23 - 2009-07-14 00:32 - 000000000 ____D C:\Program Files\MSBuild
2018-02-14 19:22 - 2017-09-17 19:36 - 000000000 ____D C:\windows\system32\appraiser
2018-02-13 18:54 - 2012-03-06 05:49 - 000002226 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-08 23:56 - 2012-03-06 05:42 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-02-08 23:56 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-01-31 17:50 - 2012-03-06 05:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2018-01-31 17:49 - 2012-03-06 05:49 - 000003330 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-01-31 17:49 - 2012-03-06 05:49 - 000003202 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2017-08-03 18:17 - 2018-02-21 21:26 - 000000387 _____ () C:\Users\James\AppData\Roaming\sp_data.sys
2018-02-18 18:13 - 2018-02-18 18:13 - 000012800 _____ () C:\Users\James\AppData\Local\dkproc.dll
2018-02-18 18:17 - 2018-02-18 18:17 - 000041984 _____ () C:\Users\James\AppData\Local\glare.exe
2018-02-18 18:23 - 2018-02-18 18:23 - 000140800 _____ () C:\Users\James\AppData\Local\installer.dat
2018-02-18 18:17 - 2018-02-18 18:17 - 000041984 _____ () C:\Users\James\AppData\Local\tenanted.exe
2018-02-18 18:13 - 2018-02-18 18:13 - 000003072 _____ () C:\Users\James\AppData\Local\uninstallIBR.exe

Files to move or delete:
====================
C:\Users\James\AppData\Roaming\MaxiBuy\python\pythonw.exe


Some files in TEMP:
====================
2018-02-18 18:22 - 2018-02-18 18:22 - 000729088 _____ () C:\Users\James\AppData\Local\Temp\4Folder.exe
2018-02-18 18:22 - 2018-02-18 18:22 - 001007616 _____ (Kuolperstafon Software) C:\Users\James\AppData\Local\Temp\ADVTool.exe
2018-02-18 18:11 - 2018-02-18 18:11 - 000024576 _____ (1010 Vine Street) C:\Users\James\AppData\Local\Temp\capi.exe
2018-02-18 18:21 - 2018-02-18 18:21 - 000020480 _____ (329 Haul Road) C:\Users\James\AppData\Local\Temp\cubesta.exe
2018-01-04 19:57 - 2018-01-04 19:57 - 036675608 _____ (Ellora Assets Corporation ) C:\Users\James\AppData\Local\Temp\FreemakeVideoConverterFull.exe
2018-02-18 18:11 - 2018-02-18 18:13 - 001797855 _____ () C:\Users\James\AppData\Local\Temp\gimi.exe
2018-02-18 18:11 - 2018-02-18 18:11 - 004423550 _____ (Indigo Rose Corporation) C:\Users\James\AppData\Local\Temp\ing.exe
2018-02-18 18:21 - 2018-02-18 18:21 - 002996648 _____ () C:\Users\James\AppData\Local\Temp\instalelerxvid.exe
2018-02-18 18:22 - 2018-02-18 18:22 - 002004480 _____ (Calculator) C:\Users\James\AppData\Local\Temp\Setup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\windows\system32\drivers\lsrfjmps.sys -> Access Denied <======= ATTENTION


ATTENTION: ==> Could not access BCD.

==================== BCD ================================
'bcdedit' is not recognized as an internal or external command,
operable program or batch file.


LastRegBack: 2018-02-17 10:56

==================== End of FRST.txt ============================

 

[jbryan1984]

Users shortcut scan result (x64) Version: 21.02.2018
Ran by James (21-02-2018 21:33:28)
Running from C:\Users\James\Desktop\Downloads
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1964.lnk -> C:\Program Files (x86)\1964\099\1964.exe ( )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{56EC47AA-5813-4FF6-8E75-544026FBEA83}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firеfoх.lnk -> C:\Users\James\AppData\Roaming\Browsers\exe.xoferif.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Chromе.lnk -> C:\Users\James\AppData\Roaming\Browsers\exe.emorhc.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk -> C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Family Safety.lnk -> C:\Windows\Installer\{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}\fssicon.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mesh.lnk -> C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virage Logic, Corp\Sonic Focus\ASUS Sonic Focus.lnk -> C:\Windows\Installer\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}\SonicFocus.exe_C2239DDEF465468B9601EC46626FA4D3.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\АsusVibеLаunchеr.lnk -> C:\Users\James\AppData\Roaming\Browsers\exe.rehcnualebivsusa.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SD Association\SD Card Formatter\SD Card Formatter.lnk -> C:\Windows\Installer\{10C16E01-F739-4093-89A7-E570589FA0F6}\NewShortcut1_69C2B9A012C943F8B6BC658D1AC73474.exe (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller Help.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\Revo Uninstaller Help.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe (VS Revo Group)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall Revo Uninstaller.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project64 2.3\Project64.lnk -> C:\Program Files (x86)\Project64 2.3\Project64.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel Control Center.lnk -> C:\Program Files (x86)\Intel\Intel Control Center\IntelControlCenter.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer\Uninstall Win32DiskImager.lnk -> C:\Program Files (x86)\ImageWriter\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer\Win32DiskImager.lnk -> C:\Program Files (x86)\ImageWriter\Win32DiskImager.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Uninstall Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\Installer\setup.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk -> C:\Windows\System32\gameux.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\Minesweeper.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games from Microsoft.lnk -> C:\Program Files\Microsoft Games\More Games\MoreGames.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Purble Place.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink\DVD Shrink 3.2.lnk -> C:\Program Files (x86)\DVD Shrink\DVD Shrink 3.2.exe (DVD Shrink)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink\DVD Shrink Information.lnk -> C:\Program Files (x86)\DVD Shrink\Web\DVD Shrink.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink\Uninstall DVD Shrink.lnk -> C:\Program Files (x86)\DVD Shrink\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite\Media Suite.lnk -> C:\Program Files (x86)\CyberLink\Media Suite\PS.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite\Power2Go\Desktop Burning Gadget.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite\Power2Go\ISO Viewer.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\IsoViewer.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite\Power2Go\Power2Go.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\FancyStart.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_80F7FD616C2099CBC12094.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\FastBoot.lnk -> C:\Windows\Installer\{13F4A7F3-EABC-4261-AF6B-1317777F0755}\_0C599CF61E23A6070D83A0.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AI Recovery.lnk -> C:\Windows\Installer\{D39F0676-163E-4595-A917-E28F99BBD4D2}\_BE6C63053DF56788B94CF9.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS Instant Connect Installer.lnk -> C:\Windows\Installer\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}\_6AEA1C4C5E5F71BB97AD8A.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS Live Update.Lnk -> C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS Virtual Camera.lnk -> C:\Windows\Installer\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}\_4AE49D2DDE6B2531E0BD84.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\e-Driver.lnk -> C:\eSupport\eDriver\InstAll.exe (ASUSTek Computer INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\eManual.Lnk -> C:\eSupport\Manual\eManual.exe (ASUSTek Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\LifeFrame.lnk -> C:\Program Files (x86)\ASUS\ASUS LifeFrame3\LifeFrame.exe (ASUSTek Computer Inc. All rights reserved.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\Power4Gear Hybrid.lnk -> C:\Windows\Installer\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}\_BF23706A735CBF9BC74F88.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\WinFlash.Lnk -> C:\Program Files (x86)\ASUS\WinFlash\WinFlash.exe (ASUSTek Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\Wireless Console 3.lnk -> C:\Windows\Installer\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}\_EC96195B3312607E502EF3.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AsusVibe\ASUS Vibe Fun Center.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AsusVibe\АSUS Vibе Fun Сеnter.lnk -> C:\Users\James\AppData\Roaming\Browsers\exe.rehcnualebivsusa.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS WebStorage\ASUS WebStorage.lnk -> C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS WebStorage\Uninstall.lnk -> C:\Program Files (x86)\ASUS\ASUS WebStorage\uninst.exe (eCareme Technologies, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS Splendid Utility\Splendid Compatibility Tool.Lnk -> C:\Program Files (x86)\ASUS\Splendid\Backache.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS Splendid Utility\Splendid Utility.Lnk -> C:\Program Files (x86)\ASUS\Splendid\Backbone.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS FaceLogon\FaceLogon Console.lnk -> C:\Program Files (x86)\ASUS\FaceLogon\facemgr.exe (ASUSTek Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS FaceLogon\FaceLogon Manager.lnk -> C:\Program Files (x86)\ASUS\FaceLogon\logonmgr.exe (ASUSTek Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS FaceLogon\General disclaimer.lnk -> C:\Program Files (x86)\ASUS\FaceLogon\disclaimer.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Users\James\Desktop\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Users\James\Desktop\7-Zip\7-zip.chm ()
Shortcut: C:\ProgramData\Intel\ExtremeGraphics\CUI\Resource\Intel® HD Graphics.lnk -> C:\Windows\System32\GfxUI.exe (Intel Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\James\Links\Desktop.lnk -> C:\Users\James\Desktop ()
Shortcut: C:\Users\James\Links\Downloads.lnk -> C:\Users\James\Desktop\Downloads ()
Shortcut: C:\Users\James\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\James\Desktop\DVD Shrink 3.2.lnk -> C:\Program Files (x86)\DVD Shrink\DVD Shrink 3.2.exe (DVD Shrink)
Shortcut: C:\Users\James\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\James\Desktop\µTorrent.lnk -> C:\Users\James\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -> C:\Users\James\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Еxplorеr.lnk -> C:\Users\James\AppData\Roaming\Browsers\exe.erolpxei.bat (No File)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security 2012\Trend Micro Titanium Internet Security 2012.lnk -> C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security 2012\Uninstall Trend Micro Titanium Internet Security 2012.lnk -> C:\Program Files\Trend Micro\Titanium\Remove.exe (Trend Micro Inc.)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security 2012\More Tools and Help\ReadMe.lnk -> C:\Program Files\Trend Micro\Titanium\Shortcut\EN-US\readme.htm ()
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security 2012\More Tools and Help\Trend Micro Diagnostic Toolkit.lnk -> C:\Program Files\Trend Micro\Titanium\SupportTool.exe (Trend Micro Inc.)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security 2012\More Tools and Help\Маnage Subscriрtiоn.lnk -> C:\Users\James\AppData\Roaming\Browsers\exe.rehcnualtucrohs.bat (No File)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security 2012\More Tools and Help\Оnline Help.lnk -> C:\Users\James\AppData\Roaming\Browsers\exe.rehcnualtucrohs.bat (No File)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecker.lnk -> C:\Program Files (x86)\Glissando\tenanted.exe ()
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eckerecker.lnk -> C:\Program Files (x86)\labour\glare.exe ()
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget\AnonymizerGadget.lnk -> C:\Users\James\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe (No File)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget\АnоnymizerGаdget.lnk -> C:\Users\James\AppData\Roaming\Browsers\exe.rehcnualrezimynona.bat (No File)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnet Ехplоrеr (No Аdd-оns).lnk -> C:\Users\James\AppData\Roaming\Browsers\exe.erolpxei.bat (No File)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Сhromе.lnk -> C:\Users\James\AppData\Roaming\Browsers\exe.emorhc.bat (No File)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Internet Еxрlоrеr Вrowser.lnk -> C:\Users\James\AppData\Roaming\Browsers\exe.erolpxei.bat (No File)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -> C:\Users\James\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоogle Сhrоme.lnk -> C:\Users\James\AppData\Roaming\Browsers\exe.emorhc.bat (No File)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnet Еxplorеr.lnk -> C:\Users\James\AppData\Roaming\Browsers\exe.erolpxei.bat (No File)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firefох.lnk -> C:\Users\James\AppData\Roaming\Browsers\exe.xoferif.bat (No File)
Shortcut: C:\Users\Public\Desktop\ASUS Vibe Fun Center.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Shortcut: C:\Users\Public\Desktop\ASUS Instant Connect Installer.lnk -> C:\Windows\Installer\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}\_6674EC67E9921BF5B03A07.exe ()
Shortcut: C:\Users\Public\Desktop\ASUS WebStorage.lnk -> C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
Shortcut: C:\Users\Public\Desktop\Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\SD Card Formatter.lnk -> C:\Windows\Installer\{10C16E01-F739-4093-89A7-E570589FA0F6}\NewShortcut11_9F21041712364E7FBB19D6D84D3AFF1D.exe (Flexera Software LLC)
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\Users\Public\Desktop\Win32DiskImager.lnk -> C:\Program Files (x86)\ImageWriter\Win32DiskImager.exe ()
Shortcut: C:\Users\Public\Desktop\АSUS Vibe Fun Сеntеr.lnk -> C:\Users\James\AppData\Roaming\Browsers\exe.rehcnualebivsusa.bat (No File)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.) -> /start
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe () -> -d
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project64 2.3\Uninstall Project64 2.3.lnk -> C:\Program Files (x86)\Project64 2.3\unins000.exe () -> /LOG
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Excel Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Excel Starter 2010 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Word Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Word Starter 2010 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Clip Organizer 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office 2010 Upload Center 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office Picture Manager 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office Starter To-Go Device Manager 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office Starter To-Go Device Manager 2010 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\unins001.exe () -> /LOG
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Web Companion.lnk -> C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe (Lavasoft) -> --startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security 2012\More Tools and Help\Manage Subscription.lnk -> C:\Program Files\Trend Micro\Titanium\ShorcutLauncher.exe (Trend Micro Inc.) -> -LaunchMyAccountUrl
ShortcutWithArgument: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security 2012\More Tools and Help\Online Help.lnk -> C:\Program Files\Trend Micro\Titanium\ShorcutLauncher.exe (Trend Micro Inc.) -> -Launch_OLH_Url
ShortcutWithArgument: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\James\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller on the Web.url -> URL: hxxps://www.revouninstaller.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project64 2.3\Support.url -> URL: hxxp://forum.pj64-emu.com
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Frequently Asked Questions.url -> URL: hxxp://webcompanion.com/faq
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer\Win32DiskImager on the Web.url -> URL: hxxp://win32diskimager.sourceforge.net
InternetURL: C:\Users\James\Favorites\Links for United States\GobiernoUSA.gov.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\James\Favorites\Links for United States\USA.gov.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\James\Favorites\Links\Suggested Sites.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\James\Favorites\Links\Web Slice Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\James\Favorites\ASUS E-Service\ASUS Homepage.url -> URL: hxxp://www.asus.com/
InternetURL: C:\Users\James\Favorites\ASUS E-Service\ASUS Member.url -> URL: hxxp://member.asus.com/
InternetURL: C:\Users\James\Favorites\ASUS E-Service\ASUS Software Download.url -> URL: hxxp://www.asus.com/support/download
InternetURL: C:\Users\James\Favorites\ASUS E-Service\ASUS Technical Support.url -> URL: hxxp://www.asus.com/support

==================== End of Shortcut.txt =============================

 

[jbryan1984]

On the final scan log, the forum says this ........ Your content can not be submitted. This is likely because your content is spam-like or contains inappropriate elements. Please change your content or try again later. If you still have problems, please contact an administrator.

 

[Broni]

You're infected with Smartservice rootkit.
It can't be fixed from within Windows so you must follow these instructions.
Please pay attention to every single step.

NOTE 1. Use another working computer to download Farbar Recovery Scan Tool and save it to USB flash drive.
NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.


If you are using Windows 10 If you're having problems accessing System Recovery Options create Windows 10 USB or DVD as described here: http://betanews.com/2015/07/29/how-...your-own-installation-usb-flash-drive-or-dvd/ and boot from it.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt. To access Advanced Boot Options start and shut down computer TWICE. On third start you should see Advanced Boot Options.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• Startup Repair
• System Restore
• Windows Complete PC Restore
• Windows Memory Diagnostic Tool
• Command Prompt

Plug the flashdrive into the infected PC.
Important! Do NOT plug flashdrive at any earlier stage because it'll corrupt FRST file.

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.