Solved Infected by CRYPTOLOCKER Virus (Post 1)

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-06 15:35 - 2015-08-19 11:22 - 00000000 ____D C:\Users\Workventures\AppData\Local\Deployment
2016-09-06 15:29 - 2009-07-14 14:45 - 00029808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-06 15:29 - 2009-07-14 14:45 - 00029808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-06 15:24 - 2016-05-28 05:52 - 00003476 _____ C:\Windows\System32\Tasks\Secunia PSI Logon Task
2016-09-06 15:23 - 2016-05-08 20:05 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-06 15:23 - 2016-04-22 19:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-06 15:12 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-06 12:03 - 2016-05-02 22:02 - 00000000 ____D C:\Users\Workventures\AppData\Roaming\Skype
2016-09-06 11:51 - 2015-09-24 13:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-06 11:25 - 2016-04-23 09:50 - 00000000 ____D C:\ProgramData\DivX
2016-09-06 11:25 - 2016-04-23 09:50 - 00000000 ____D C:\Program Files (x86)\DivX
2016-09-06 11:24 - 2016-04-23 09:54 - 00003640 _____ C:\Windows\System32\Tasks\DivXUpdate
2016-09-06 11:24 - 2016-04-23 09:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2016-09-06 11:22 - 2016-04-23 09:53 - 00000000 ____D C:\Users\Workventures\AppData\Roaming\DivX
2016-09-06 11:11 - 2016-04-22 19:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-06 09:13 - 2009-07-14 15:13 - 00781782 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-06 09:13 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\inf
2016-09-06 08:56 - 2015-08-19 11:22 - 00000000 ____D C:\Users\Workventures\AppData\Local\Apps\2.0
2016-09-06 08:55 - 2016-04-20 12:24 - 00000000 ____D C:\Users\Lenovo share
2016-09-06 08:53 - 2009-07-14 12:34 - 00000215 _____ C:\Windows\system.ini
2016-09-06 08:20 - 2016-04-22 19:35 - 00000000 ____D C:\Users\Workventures\AppData\Local\JDownloader v2.0
2016-09-06 08:04 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\NDF
2016-09-05 16:47 - 2016-05-12 07:10 - 00000000 ____D C:\Users\Workventures\AppData\Local\SkypePlugin
2016-09-05 10:21 - 2016-07-20 05:49 - 00000000 ____D C:\Windows\EOONotify
2016-09-05 09:58 - 2016-04-23 07:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-05 09:58 - 2016-04-23 07:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-30 21:52 - 2016-04-22 19:15 - 00000000 ____D C:\Users\Workventures\AppData\Roaming\BitTorrent
2016-08-29 13:28 - 2016-04-23 07:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-23 08:23 - 2015-08-03 14:10 - 00000000 ____D C:\Users\Workventures\AppData\Local\ElevatedDiagnostics
2016-08-23 07:16 - 2016-04-23 07:39 - 00000000 ____D C:\Users\Workventures\Tracing
2016-08-23 06:57 - 2016-04-06 11:12 - 00014503 _____ C:\Users\Workventures\Documents\Tree Trimmming.docx.enc
2016-08-23 06:57 - 2016-02-20 17:50 - 00011938 _____ C:\Users\Workventures\Documents\torrent.docx.enc
2016-08-23 06:57 - 2016-01-13 12:10 - 00013427 _____ C:\Users\Workventures\Documents\steam.docx.enc
2016-08-23 06:57 - 2015-12-21 14:27 - 01663827 _____ C:\Users\Workventures\Documents\Wellplan EAT_Final_1015.pdf.enc
2016-08-23 06:57 - 2015-12-08 12:28 - 00013090 _____ C:\Users\Workventures\Documents\Seniors Card Member Number.docx.enc
2016-08-23 06:57 - 2015-12-05 10:23 - 02392460 _____ C:\Users\Workventures\Documents\Uniden Phone DECT2035_1.pdf.enc
2016-08-23 06:57 - 2015-12-05 10:12 - 00013313 _____ C:\Users\Workventures\Documents\uniden.docx.enc
2016-08-23 06:57 - 2015-10-24 10:20 - 00000000 ____D C:\Users\Workventures\Documents\SelfMV
2016-08-23 06:57 - 2015-08-19 08:03 - 00000000 ____D C:\Users\Workventures\Documents\Story of O Book
2016-08-23 06:57 - 2015-08-14 11:01 - 01152465 _____ C:\Users\Workventures\Documents\Your energy plan.pdf.enc
2016-08-23 06:57 - 2015-08-05 08:14 - 00056087 _____ C:\Users\Workventures\Documents\win 10 rewind.docx.enc
2016-08-23 06:57 - 2015-07-29 10:07 - 00142349 _____ C:\Users\Workventures\Documents\WSC-Request-for-Service-Form.doc.enc
2016-08-23 06:57 - 2015-05-26 18:11 - 00000000 ___RD C:\Users\Workventures\Documents\Scanned Documents
2016-08-23 06:57 - 2015-01-06 14:25 - 14465529 _____ C:\Users\Workventures\Documents\Seniors Directory- C Coast.pdf.enc
2016-08-23 06:56 - 2016-07-01 13:34 - 00278050 _____ C:\Users\Workventures\Documents\Dome Steam Iron ETA-17D Instruction Manual Rev 1.pdf.enc
2016-08-23 06:56 - 2016-06-23 15:24 - 00220901 _____ C:\Users\Workventures\Documents\Ramsay Health Zarb_Jerald_1435483.pdf.enc
2016-08-23 06:56 - 2016-05-09 05:50 - 00000000 ____D C:\Users\Workventures\Documents\Flight Simulator X Files
2016-08-23 06:56 - 2016-04-24 09:13 - 00011959 _____ C:\Users\Workventures\Documents\mail washer key.docx.enc
2016-08-23 06:56 - 2016-04-22 08:01 - 00000000 ____D C:\Users\Workventures\Documents\New folder
2016-08-23 06:56 - 2016-04-13 21:48 - 00016106 _____ C:\Users\Workventures\Documents\Meatloaf.docx.enc
2016-08-23 06:56 - 2016-04-08 12:23 - 00000000 ____D C:\Users\Workventures\Documents\CASA
2016-08-23 06:56 - 2016-03-19 08:31 - 00000000 ____D C:\Users\Workventures\Documents\NBN
2016-08-23 06:56 - 2016-03-09 15:39 - 00013539 _____ C:\Users\Workventures\Documents\007 music films.docx.enc
2016-08-23 06:56 - 2016-02-16 15:36 - 00132230 _____ C:\Users\Workventures\Documents\Australian Unity Claim Form.pdf.enc
2016-08-23 06:56 - 2016-01-27 20:27 - 00336713 _____ C:\Users\Workventures\Documents\kink calendar.pdf.enc
2016-08-23 06:56 - 2016-01-13 15:46 - 02359821 _____ C:\Users\Workventures\Documents\My Money.mny.enc
2016-08-23 06:56 - 2015-12-31 08:21 - 00826859 _____ C:\Users\Workventures\Documents\OneTripPDS.pdf.enc
2016-08-23 06:56 - 2015-12-26 15:28 - 00013910 _____ C:\Users\Workventures\Documents\flightsimulator.docx.enc
2016-08-23 06:56 - 2015-12-25 20:13 - 00000000 ____D C:\Users\Workventures\Documents\Flight Simulator X Demo Files
2016-08-23 06:56 - 2015-12-19 10:23 - 00013632 _____ C:\Users\Workventures\Documents\rarbg torrents.docx.enc
2016-08-23 06:56 - 2015-12-18 11:02 - 00149100 _____ C:\Users\Workventures\Documents\737 2016.pdf.enc
2016-08-23 06:56 - 2015-12-08 11:33 - 00342221 _____ C:\Users\Workventures\Documents\2016-NRL-FullDraw.pdf.enc
2016-08-23 06:56 - 2015-11-28 07:02 - 00000000 ____D C:\Users\Workventures\Documents\Remote Assistance Logs
2016-08-23 06:56 - 2015-11-27 12:42 - 00024077 _____ C:\Users\Workventures\Documents\Owner''s Details.Open if found.doc.enc
2016-08-23 06:56 - 2015-11-03 15:51 - 01887945 _____ C:\Users\Workventures\Documents\mobile ph Telstra Buzz.pdf.enc
2016-08-23 06:56 - 2015-10-24 08:47 - 00000000 ____D C:\Users\Workventures\Documents\NativeFus_Log
2016-08-23 06:56 - 2015-10-07 15:52 - 01041627 _____ C:\Users\Workventures\Documents\Bulldogs2016_Member_Certificate.pdf.enc
2016-08-23 06:56 - 2015-09-24 09:26 - 00030857 _____ C:\Users\Workventures\Documents\i pod lock.JPG.enc
2016-08-23 06:56 - 2015-09-24 09:25 - 00029996 _____ C:\Users\Workventures\Documents\i pod Repeat.JPG.enc
2016-08-23 06:56 - 2015-09-24 08:59 - 01837641 _____ C:\Users\Workventures\Documents\iPod_shuffle_4thgen_User_Guide.pdf.enc
2016-08-23 06:56 - 2015-09-23 08:36 - 00013412 _____ C:\Users\Workventures\Documents\Flybuys.docx.enc
2016-08-23 06:56 - 2015-09-11 08:20 - 00000000 ____D C:\Users\Workventures\Documents\2016 Cruise
2016-08-23 06:56 - 2015-08-14 11:01 - 00240878 _____ C:\Users\Workventures\Documents\Market contract terms and conditions.pdf.enc
2016-08-23 06:56 - 2015-08-08 14:12 - 00000000 ____D C:\Users\Workventures\Documents\Bond docs
2016-08-23 06:56 - 2015-07-01 18:04 - 00798459 _____ C:\Users\Workventures\Documents\Bulldogs.jpeg.enc
2016-08-23 06:56 - 2015-07-01 18:04 - 00046093 _____ C:\Users\Workventures\Documents\Letter to Chairman Bulldogs.doc.enc
2016-08-23 06:56 - 2015-06-25 09:49 - 00000000 ____D C:\Users\Workventures\Documents\Croquet
2016-08-23 06:56 - 2015-06-24 16:12 - 00026372 _____ C:\Users\Workventures\Documents\Pasta Frittata.docx.enc
2016-08-23 06:56 - 2015-06-17 18:36 - 01853666 _____ C:\Users\Workventures\Documents\HTC_Desire_300_User_Guide.pdf.enc
2016-08-23 06:56 - 2015-06-12 11:16 - 00028685 _____ C:\Users\Workventures\Documents\Narelle Reference.doc.enc
2016-08-23 06:56 - 2015-06-12 11:06 - 00028685 _____ C:\Users\Workventures\Documents\PERSONAL LETTERHEAD.doc.enc
2016-08-23 06:56 - 2015-05-13 14:46 - 00028817 _____ C:\Users\Workventures\Documents\Paintoy sites.docx.enc
2016-08-23 06:56 - 2015-04-30 10:06 - 00014207 _____ C:\Users\Workventures\Documents\fetlife rope.docx.enc
2016-08-23 06:56 - 2015-04-03 05:06 - 00015814 _____ C:\Users\Workventures\Documents\Fetlife Gangbangersdocx.docx.enc
2016-08-23 06:56 - 2015-03-26 04:30 - 00043563 _____ C:\Users\Workventures\Documents\Capture1 (2).JPG.enc
2016-08-23 06:56 - 2015-03-23 10:43 - 00016670 _____ C:\Users\Workventures\Documents\BDSM Vids.docx.enc
2016-08-23 06:56 - 2015-03-19 04:45 - 00000000 ____D C:\Users\Workventures\Documents\BJ Loan
2016-08-23 06:56 - 2015-02-27 07:45 - 00015348 _____ C:\Users\Workventures\Documents\BUS -Stops.docx.enc
2016-08-23 06:56 - 2014-08-16 14:36 - 02309133 _____ C:\Users\Workventures\Documents\Diary of a slave.doc.enc
2016-08-23 06:56 - 2014-06-05 19:12 - 00020493 _____ C:\Users\Workventures\Documents\Passwwords.doc.enc
2016-08-23 06:56 - 2014-01-23 07:16 - 00029220 _____ C:\Users\Workventures\Documents\LFL.JPG.enc
2016-08-23 06:56 - 2014-01-04 05:25 - 00024077 _____ C:\Users\Workventures\Documents\Pet Girls Site Rip.doc.enc
2016-08-23 06:56 - 2014-01-02 07:41 - 00019981 _____ C:\Users\Workventures\Documents\Passwords for outlook and yahoo.doc.enc
2016-08-23 06:56 - 2013-10-17 18:33 - 00000000 ____D C:\Users\Workventures\Documents\LG Manuals
2016-08-23 06:56 - 2013-02-07 10:17 - 00024589 _____ C:\Users\Workventures\Documents\id.doc.enc
2016-08-23 06:55 - 2016-08-02 16:15 - 00004038 _____ C:\Users\Workventures\AppData\LocalLow\lpm.dat.enc
2016-08-23 06:55 - 2016-06-22 12:29 - 00000687 ____H C:\Users\Workventures\Desktop\~$ster Jez.docx.enc
2016-08-23 06:54 - 2016-08-04 16:18 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-08-23 06:54 - 2016-08-04 12:50 - 328290950 _____ C:\Users\Lenovo share\PT_0803 - Kiki 2c5.mp4.enc
2016-08-23 06:54 - 2016-08-03 14:55 - 452625419 _____ C:\Users\Lenovo share\PT_0727 - Mercy.mp4.enc
2016-08-23 06:54 - 2016-06-24 16:26 - 00000000 ____D C:\Users\Lenovo share\New folder
2016-08-23 06:54 - 2016-06-21 08:16 - 00012205 _____ C:\Users\Lenovo share\le cor.docx.enc
2016-08-23 06:54 - 2016-06-15 12:34 - 00000000 ___RD C:\Users\Lenovo share\Steam
2016-08-23 06:54 - 2016-05-18 13:27 - 00012028 _____ C:\Users\Lenovo share\DELETE Temp Files.docx.enc
2016-08-23 06:54 - 2016-04-27 06:31 - 02598413 _____ C:\Users\Lenovo share\RARE_PHOTOS_YATES.pps.enc
2016-08-23 06:54 - 2016-04-26 07:48 - 00000000 ____D C:\Users\Workventures\Desktop\Croquet
2016-08-23 06:54 - 2016-04-25 08:34 - 00000000 ____D C:\Users\Workventures\.oracle_jre_usage
2016-08-23 06:54 - 2016-03-25 12:45 - 525945912 _____ C:\Users\Lenovo share\SSM - Jul 17, 2015 - Sasha Knox.mp4.enc
2016-08-23 06:54 - 2016-02-16 17:27 - 2838447028 _____ C:\Users\Lenovo share\IR_0205csartre.mp4.enc
2016-08-23 06:54 - 2016-02-01 18:25 - 807264599 _____ C:\Users\Lenovo share\13202_juliette_hi.mp4.enc
2016-08-23 06:54 - 2016-01-08 09:51 - 00000000 ____D C:\Users\Lenovo share\Temp Paintoy
2016-08-23 06:54 - 2015-09-30 09:10 - 118402671 _____ C:\Users\Lenovo share\KU - Sep 07, 2010 - Jade Indica and Bella Rossi (6404).wmv.enc
2016-08-23 06:54 - 2015-09-16 10:51 - 00000000 ____D C:\BurnInTest7 Pro
2016-08-23 06:54 - 2015-08-25 11:46 - 07051937 _____ C:\Users\Lenovo share\Zipper.rm.enc
2016-08-23 06:54 - 2015-04-30 07:23 - 07256077 _____ C:\Users\Lenovo share\Gimnastics.pps.enc
2016-08-23 06:54 - 2015-03-19 07:49 - 01969677 _____ C:\Users\Lenovo share\ForBusyMen.pps.enc
2016-08-23 06:54 - 2015-03-11 09:16 - 07355405 _____ C:\Users\Lenovo share\Gimnastica-Primeleexercitii.pps.enc
2016-08-23 06:54 - 2009-07-14 13:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-08-21 12:30 - 2016-04-20 12:25 - 00932864 ___SH C:\Users\Lenovo share\Thumbs.db
2016-08-17 15:10 - 2016-04-30 09:12 - 00000069 _____ C:\Windows\NeroDigital.ini
2016-08-17 12:36 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache
2016-08-16 21:27 - 2009-07-14 15:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-14 06:44 - 2016-05-02 22:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-14 06:44 - 2016-05-02 22:02 - 00000000 ____D C:\ProgramData\Skype
2016-08-12 16:14 - 2016-04-22 19:27 - 00000000 ____D C:\Users\Workventures\AppData\Local\Google
2016-08-10 08:18 - 2009-07-14 14:45 - 00427960 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-10 08:01 - 2015-07-31 12:16 - 00000000 ____D C:\Windows\system32\MRT
2016-08-10 07:53 - 2015-07-31 12:16 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-09 08:12 - 2016-04-22 19:55 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2016-04-30 09:14 - 2016-06-13 13:28 - 0000042 _____ () C:\Users\Workventures\AppData\Roaming\default.pls
2016-04-22 20:27 - 2016-04-22 20:27 - 0000042 _____ () C:\Users\Workventures\AppData\Roaming\WB.CFG
2016-07-09 06:54 - 2016-07-09 06:54 - 0000000 _____ () C:\Users\Workventures\AppData\Local\{27291B01-FB87-464F-90F0-7AA8E0668D5E}

Files to move or delete:
====================
C:\Users\Lenovo share\KiesSetup.exe
C:\Users\Lenovo share\TeamViewer_Setup_en-kne.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Workventures (06-09-2016 15:43:03)
Running from C:\Users\Workventures\Desktop\Clean UP
Windows 7 Professional Service Pack 1 (X64) (2015-07-31 00:32:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1926230946-431629159-532477852-500 - Administrator - Disabled)
Guest (S-1-5-21-1926230946-431629159-532477852-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1926230946-431629159-532477852-1006 - Limited - Enabled)
Workventures (S-1-5-21-1926230946-431629159-532477852-1001 - Administrator - Enabled) => C:\Users\Workventures

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}) (Version: 1.3.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
BitTorrent (HKU\S-1-5-21-1926230946-431629159-532477852-1001\...\BitTorrent) (Version: 7.9.8.42450 - BitTorrent Inc.)
Boilsoft Video Converter 3.01 (HKLM-x32\...\{4822DF0D-087B-435C-843D-ADAB239CCA13}_is1) (Version: - Boilsoft. Inc.)
Boilsoft Video Joiner 6.57 (HKLM-x32\...\{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1) (Version: - Boilsoft, Inc.)
Bonjour (HKLM\...\{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}) (Version: 2.0.3.0 - Apple Inc.)
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version: - )
Canon MP270 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.83 - DivX, LLC)
Foxtel GO (HKU\S-1-5-21-1926230946-431629159-532477852-1001\...\Foxtel GO 1.84) (Version: 1.84 - Foxtel)
Foxtel GO (x32 Version: 1.84 - Foxtel) Hidden
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 7 - Philipp Winterberg)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.2 - Intel)
Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
iTunes (HKLM\...\{5F02C14D-A630-4771-8409-0BA89FCCA8D6}) (Version: 10.0.0.68 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 12.1.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.1.0 - KLCP)
Lenovo Mouse Suite (HKLM\...\MouseSuite98) (Version: 6.66 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-1926230946-431629159-532477852-1001\...\dda9ca0b023f4c56) (Version: 1.6.3.7 - Lenovo)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
MailWasherPro (HKLM-x32\...\{A5901025-525B-4B2A-ACF4-E742D989D008}) (Version: 7.8 - Firetrust)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.62615.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62615.0 - Microsoft Corporation)
Microsoft Flight Simulator X: Steam Edition (HKLM\...\Steam App 314160) (Version: - Microsoft Game Studios)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1926230946-431629159-532477852-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Outlook Hotmail Connector 64-bit (HKLM\...\{95140000-007A-0409-1000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit (HKLM\...\{95140000-007D-0409-1000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Picture It! Photo Standard 7.0 (HKLM-x32\...\{369B36BE-3D64-4641-9AEA-808D436FE133}) (Version: 7.0.0.0000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music Recorder (HKLM-x32\...\{F50CC230-EE79-4931-B72D-8E4D195DFFB0}) (Version: 14.1.500.0 - Audials AG)
Nero 8 Essentials (HKLM-x32\...\{7E8FF4A8-10EE-4C95-83B2-73856BFE1033}) (Version: 8.3.428 - Nero AG)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.7.1001 - ooVoo LLC.)
QuickTime (HKLM-x32\...\{EB900AF8-CC61-4E15-871B-98D1EA3E8025}) (Version: 7.67.75.0 - Apple Inc.)
RealDownloader (x32 Version: 18.1.4.137 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.4.144 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.4 - RealNetworks)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0199 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{38E19A71-52FB-453D-B2F8-01A59548DDD7}) (Version: 7.24.0.53 - Skype Technologies S.A.)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6595 - Analog Devices)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Unlocker 1.9.0 (HKLM-x32\...\Unlocker) (Version: 1.9.0 - Cedrick Collomb)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
USB Video Device (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 9.15 - Ecom)
vc2012_redist (x32 Version: 1.0.0.0 - Realnetworks) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Downloader (x32 Version: 1.2.0 - RealNetworks) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wondershare Filmora(Build 7.5.0) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.5.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)
WOT for Internet Explorer (HKLM-x32\...\{F99520C7-7EE6-472E-8DD8-E60003A9292F}) (Version: 10.8.30.0 - WOT Services Oy)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version: - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.02B04 - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1926230946-431629159-532477852-1001_Classes\CLSID\{09CFB9C5-1F71-4595-857A-2F1D0E9BCC5D}\InprocServer32 -> C:\Users\Workventures\AppData\Local\SkypePlugin\7.24.0.53\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1926230946-431629159-532477852-1001_Classes\CLSID\{202B9C51-2DCD-4C14-B21C-5975224F6C82}\localserver32 -> C:\Users\Workventures\AppData\Local\SkypePlugin\7.24.0.53\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1926230946-431629159-532477852-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Workventures\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1926230946-431629159-532477852-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Workventures\AppData\Local\SkypePlugin\7.24.0.53\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1926230946-431629159-532477852-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Workventures\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0254D2CB-0A5B-4E8F-B60B-F6FB171CEC8A} - System32\Tasks\Secunia PSI Logon Task => C:\Users\Workventures\Desktop\Icons\pc SCANS\Icons\psi.exe [2010-07-21] (Secunia)
Task: {126BBDBD-1A7C-43DB-BDE2-D20EA78882E2} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1926230946-431629159-532477852-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2016-05-13] (RealNetworks, Inc.)
Task: {13542815-4834-4F9E-B573-34BF70FF99E2} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {180CFE17-C482-464D-B558-72BDAE4912F4} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-08-01] (DivX, LLC)
Task: {1A2E5FDF-DC5E-444D-83D5-B4C09D63B547} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-15] (Adobe Systems Incorporated)
Task: {1ABF67F7-D920-44F3-BD9E-0E093FA4774C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1926230946-431629159-532477852-1001Core => C:\Users\Workventures\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-02] (Google Inc.)
Task: {25A9C0AA-5291-49AB-8538-91E2E6FDE289} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1926230946-431629159-532477852-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2016-05-13] (RealNetworks, Inc.)
Task: {38113228-FF62-4A6C-A6B5-DF3EF9C28950} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {48154690-7857-4870-9472-58BBBEEFDADB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1926230946-431629159-532477852-1001UA => C:\Users\Workventures\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-02] (Google Inc.)
Task: {63DA75DB-42E7-4F4F-91C7-E233DD967B9D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {64A80AD1-F1B8-481A-9132-BDAAFCFD36BD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6BAF2CB2-BBBD-49E2-8D8A-22AB31A2956A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-22] (Google Inc.)
Task: {6FF09F4B-D0BA-4996-AB80-5A44985D7BF1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-22] (Google Inc.)
Task: {80CB1730-9207-4D12-B56F-F38436A6707E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {88A24FA3-4E02-4AA7-9C44-4D4A46E256CC} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {89A6F8E5-3B82-4E90-8410-324C80D0C349} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A2363C14-AD02-4E1B-B9C9-E5BACC22AD83} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2016-07-05] ()
Task: {C356C191-FCE5-48B9-A67C-1272CC41C022} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-04-18] ()
Task: {CEC0F339-2C07-41FD-AF56-B6AA051BE647} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-1926230946-431629159-532477852-1001 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\Workventures\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {D9DCBC7E-892C-4539-800F-0E33C5551DA5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {FCAB4987-234C-4DBC-B452-B82AEF07BE6E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Workventures\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.html
Shortcut: C:\Users\Workventures\Desktop\Icons\Tools\Favorites\Helpful Websites\NCH Audio and Telephony Software.lnk -> hxxp://www.nch.com.au/index.html
Shortcut: C:\Users\Workventures\Desktop\Icons\Tools\Favorites\Helpful Websites\NCH Software Download.lnk -> hxxp://www.nchsoftware.com/index.html
Shortcut: C:\Users\Workventures\Desktop\Icons\Favorites\Helpful Websites\NCH Audio and Telephony Software.lnk -> hxxp://www.nch.com.au/index.html
Shortcut: C:\Users\Workventures\Desktop\Icons\Favorites\Helpful Websites\NCH Software Download.lnk -> hxxp://www.nchsoftware.com/index.html

==================== Loaded Modules (Whitelisted) ==============

2015-09-29 13:16 - 2012-03-13 10:46 - 00178688 ____N () C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
2016-05-13 15:13 - 2016-05-13 15:13 - 00032544 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2015-09-29 13:16 - 2008-11-27 16:16 - 00018432 ____N () C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
2015-09-29 13:16 - 2010-06-02 11:37 - 00228352 ____N () C:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe
2016-07-05 18:18 - 2016-07-05 18:18 - 00714992 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2016-05-13 15:13 - 2016-05-13 15:13 - 00037688 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2016-05-13 15:13 - 2016-05-13 15:13 - 00039224 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2016-05-13 15:13 - 2016-05-13 15:13 - 00037192 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
2015-09-29 13:19 - 2009-10-07 16:47 - 00077824 _____ () C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
2016-05-20 16:21 - 2012-11-06 09:47 - 00114688 _____ () C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\EnumDevLib.dll
2016-05-08 20:08 - 2016-08-09 09:27 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-05-08 20:08 - 2015-07-02 08:06 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-05-08 20:08 - 2015-07-02 08:06 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-05-08 20:08 - 2015-07-02 08:06 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-05-08 20:08 - 2016-08-24 05:33 - 02321184 _____ () C:\Program Files (x86)\Steam\video.dll
2016-05-08 20:08 - 2016-01-27 17:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-05-08 20:08 - 2016-01-27 17:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-05-08 20:08 - 2016-01-27 17:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-05-08 20:08 - 2016-01-27 17:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-05-08 20:08 - 2016-01-27 17:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-05-08 20:08 - 2016-08-24 05:33 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-05-08 20:08 - 2016-07-05 08:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-06-17 06:50 - 2016-06-17 06:50 - 00022800 _____ () c:\program files (x86)\real\realplayer\RPDS\Tools\ffmpeg\mediautil.dll
2016-04-13 14:56 - 2016-04-13 14:56 - 00061952 _____ () C:\Program Files (x86)\Firetrust\MailWasher\MWPBridgeDLL.dll
2016-04-13 14:56 - 2016-04-13 14:56 - 05999616 _____ () C:\Program Files (x86)\Firetrust\MailWasher\MWPappDLL.dll
2016-04-18 13:14 - 2016-04-18 13:14 - 00069272 _____ () C:\Program Files (x86)\Firetrust\MailWasher\FTBridge.dll
2016-04-18 13:14 - 2016-04-18 13:14 - 00279704 _____ () C:\Program Files (x86)\Firetrust\MailWasher\FTClientNode.dll
2016-03-23 22:07 - 2016-03-23 22:07 - 00324608 _____ () C:\Program Files (x86)\Firetrust\MailWasher\MWPHeaderParser.dll
2010-08-10 00:01 - 2010-08-10 00:01 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-05-08 20:08 - 2016-08-05 06:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-05-13 14:20 - 2016-05-13 14:20 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2016-06-17 06:49 - 2016-06-17 06:49 - 00654608 _____ () c:\program files (x86)\real\realplayer\RPDS\Lib\r1api.dll
2016-07-05 18:18 - 2016-07-05 18:18 - 00077552 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\dtvhooks.dll
2016-08-04 16:21 - 2016-06-20 14:48 - 01506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-08-04 16:21 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-08-09 08:12 - 2016-08-03 10:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-09 08:12 - 2016-08-03 10:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Workventures\Documents\Bulldogs.jpeg.enc:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Workventures\Documents\Bulldogs.jpeg.enc:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2016-09-06 08:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1926230946-431629159-532477852-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Workventures\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C9E81D59-F0CC-4643-805A-DA4EDB94D9DD}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{F237A21E-8C6C-46C1-AE36-A4A22BDC1712}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{679D78BF-F7CA-42A3-B28B-3C59A66374B9}] => (Allow) LPort=1542
FirewallRules: [{C8669D51-4AF8-49F1-A6FE-2C2D70791CCB}] => (Allow) LPort=1542
FirewallRules: [{7441C320-97B7-41DF-99BD-8DD91766CBD5}] => (Allow) LPort=53
FirewallRules: [{C58E008C-727F-46B0-9C17-98C54F7C8D8F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3DEA719-6DF8-430D-B2E5-39C3ABE8DF45}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BB7DB8B9-6FDA-42AB-954C-A798BBDBD2C1}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{A5F3AA9C-4567-4C16-85B4-9CD707A9EA02}] => (Allow) C:\Users\Workventures\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{D9D3CB7A-1AD8-402D-99C0-07C3E9F2BCDE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{98413C45-18E3-448C-8FDF-3338AD933774}] => (Allow) LPort=2869
FirewallRules: [{0995CBB1-2E67-41D3-B889-5853EF388409}] => (Allow) LPort=1900
FirewallRules: [{F33FD1C4-F321-44A5-B08D-146C020CEF6B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{622018D0-B2CF-46A0-81F4-B179AF768EBC}] => (Allow) C:\Users\Workventures\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B7CF2E1B-BCF0-491F-AA88-79E825D2D328}] => (Allow) C:\Users\Workventures\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{BE9A0C86-32EE-4531-8828-3893B956A676}] => (Allow) C:\Users\Workventures\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{DB527125-06EB-45B7-98EE-22030EAB2F51}] => (Allow) C:\Users\Workventures\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D6CB07D3-8B41-4167-96A6-964395D74C4D}] => (Allow) C:\Users\Workventures\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{AFA2C2C8-B9CC-456B-8697-78228A011024}] => (Allow) C:\Users\Workventures\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5B409339-E922-4375-9EEA-E6421ADEAEFE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F8B3C482-DDD3-4FA7-85D0-21416EF3927B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F3C1AE5D-5283-4053-9B00-8A42B9BF187B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EFCC1813-10AF-4709-AB45-0F8C78C3C396}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1D2EE9AC-A0D8-458A-A555-8B1761B8267D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4A384C51-FBEA-46AC-9751-9488409164B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe
FirewallRules: [{75CC1F2A-80E5-4071-811E-1BB84F929EBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe
FirewallRules: [TCP Query User{A90310FC-F27E-44D4-9840-56532D68B880}C:\users\workventures\appdata\local\skypeplugin\7.18.0.51\pluginhost.exe] => (Allow) C:\users\workventures\appdata\local\skypeplugin\7.18.0.51\pluginhost.exe
FirewallRules: [UDP Query User{F1D66C57-25F0-4555-B1CC-572082A01598}C:\users\workventures\appdata\local\skypeplugin\7.18.0.51\pluginhost.exe] => (Allow) C:\users\workventures\appdata\local\skypeplugin\7.18.0.51\pluginhost.exe
FirewallRules: [{B62EE58A-ED81-4472-97F0-ECD4500C9797}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{EAB8E841-0012-494F-8558-E52CBAEF21FD}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{808B671A-3479-4809-8AC6-402E9D92D981}] => (Allow) LPort=1542
FirewallRules: [{CB442C10-BE34-42DB-8A34-1BEEC64C9003}] => (Allow) LPort=1542
FirewallRules: [{3C68AB9F-7E28-4EBF-B78E-395E61EAB518}] => (Allow) LPort=67
FirewallRules: [{3410323E-D01D-4364-B3B4-EE54E7CD0193}] => (Allow) LPort=68
FirewallRules: [{29920B5D-37B5-40E4-B061-5218F81E3A95}] => (Allow) LPort=53
FirewallRules: [{4A547304-CAF6-4419-A4B9-4C1A91612706}] => (Allow) LPort=53
FirewallRules: [{D91AD47B-663C-4F7E-913A-62B88366CC78}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\Rtldhcp.exe
FirewallRules: [{EB5F2129-D915-40DA-AF68-3BD7573E2A27}] => (Allow) C:\Program Files (x86)\Music Recorder\Music Recorder 2016\Audials.exe
FirewallRules: [{AA001EC9-15DF-45EF-84B6-E56217F148F3}] => (Allow) LPort=12972
FirewallRules: [{2AC17A2F-BDB8-45D6-9394-2751EDF84074}] => (Allow) LPort=14714
FirewallRules: [{F8BD5A38-1925-48AE-A8C9-B1DC010202E7}] => (Allow) LPort=31931
FirewallRules: [TCP Query User{23D9F465-1506-4D9B-8520-741403EFD7C6}C:\users\workventures\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\users\workventures\appdata\local\jdownloader v2.0\jdownloader2.exe
FirewallRules: [UDP Query User{5E214168-DB5A-45EF-A91D-2D74C2D0AF44}C:\users\workventures\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\users\workventures\appdata\local\jdownloader v2.0\jdownloader2.exe
FirewallRules: [TCP Query User{6DD71F42-B67E-435C-A608-64FFC3DF139B}C:\users\workventures\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\users\workventures\appdata\local\jdownloader v2.0\jdownloader2.exe
FirewallRules: [UDP Query User{45A682B4-D739-419A-95C7-C0B29EAC7718}C:\users\workventures\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\users\workventures\appdata\local\jdownloader v2.0\jdownloader2.exe
FirewallRules: [{6086610B-E13E-4DFC-ADA9-182483D93469}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [TCP Query User{83A96E7A-E99F-4752-90C6-474650798764}C:\users\workventures\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\workventures\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{126F8BD1-2509-4F6A-93E8-AB37C5E9D996}C:\users\workventures\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\workventures\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{E7DA6322-58B0-4ECD-B45D-3D21BBFB56E6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

05-09-2016 10:55:08 JRT Pre-Junkware Removal
05-09-2016 10:56:10 JRT Pre-Junkware Removal
06-09-2016 11:20:37 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/06/2016 03:13:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/06/2016 07:01:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/06/2016 05:08:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/05/2016 08:54:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MailWasherPro.exe, version: 2015.7.8.0, time stamp: 0x57153fdc
Faulting module name: MWPappDLL.dll, version: 0.0.0.0, time stamp: 0x570ec073
Exception code: 0xc0000005
Fault offset: 0x0038c2a6
Faulting process id: 0xd10
Faulting application start time: 0x01d2072015dcb09a
Faulting application path: C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
Faulting module path: C:\Program Files (x86)\Firetrust\MailWasher\MWPappDLL.dll
Report Id: 1e286c6b-7357-11e6-b3fd-50e549703148

Error: (09/05/2016 08:54:28 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: MailWasherPro.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 63BAC2A6

Error: (09/05/2016 12:49:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/05/2016 10:47:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/05/2016 10:26:28 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: MailWasherPro.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 687BC2A6

Error: (09/05/2016 10:23:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/05/2016 06:19:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (09/06/2016 12:03:44 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (09/06/2016 09:10:34 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (09/06/2016 08:53:06 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (09/06/2016 08:52:39 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/06/2016 08:49:55 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (09/05/2016 10:57:08 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (09/05/2016 05:02:24 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (09/05/2016 04:08:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (09/05/2016 04:08:05 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (09/05/2016 04:08:04 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.


CodeIntegrity:
===================================
Date: 2016-09-06 08:52:39.313
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-09-06 08:52:39.281
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 73%
Total physical RAM: 3551.18 MB
Available physical RAM: 956.04 MB
Total Virtual: 7100.54 MB
Available Virtual: 4212.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:355.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E18B4DB5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Workventures (07-09-2016 11:52:26) Run:1
Running from C:\Users\Workventures\Desktop
Loaded Profiles: Workventures (Available Profiles: Workventures)
Boot Mode: Normal
==============================================

fixlist content:
*****************
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1926230946-431629159-532477852-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-1926230946-431629159-532477852-1001 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2016-08-23 06:57 - 2016-08-23 06:57 - 00003644 _____ C:\Users\Workventures\Documents\HOW_TO_RESTORE_FILES.html
2016-08-23 06:57 - 2016-08-23 06:57 - 00001126 _____ C:\Users\Workventures\Documents\HOW_TO_RESTORE_FILES.txt
2016-08-23 06:55 - 2016-08-23 06:55 - 00003644 _____ C:\Users\Workventures\AppData\LocalLow\HOW_TO_RESTORE_FILES.html
2016-08-23 06:55 - 2016-08-23 06:55 - 00001126 _____ C:\Users\Workventures\AppData\LocalLow\HOW_TO_RESTORE_FILES.txt
2016-08-23 06:54 - 2016-08-23 06:55 - 00000000 ____D C:\ProgramData\ewywybatajeluxot
2016-08-23 06:54 - 2016-08-23 06:54 - 00003644 _____ C:\Users\Lenovo share\HOW_TO_RESTORE_FILES.html
2016-08-23 06:54 - 2016-08-23 06:54 - 00003644 _____ C:\Users\Default\HOW_TO_RESTORE_FILES.html
2016-08-23 06:54 - 2016-08-23 06:54 - 00001126 _____ C:\Users\Lenovo share\HOW_TO_RESTORE_FILES.txt
2016-08-23 06:54 - 2016-08-23 06:54 - 00001126 _____ C:\Users\Default\HOW_TO_RESTORE_FILES.txt
2016-04-30 09:14 - 2016-06-13 13:28 - 0000042 _____ () C:\Users\Workventures\AppData\Roaming\default.pls
2016-04-22 20:27 - 2016-04-22 20:27 - 0000042 _____ () C:\Users\Workventures\AppData\Roaming\WB.CFG
2016-07-09 06:54 - 2016-07-09 06:54 - 0000000 _____ () C:\Users\Workventures\AppData\Local\{27291B01-FB87-464F-90F0-7AA8E0668D5E}
C:\Users\Lenovo share\KiesSetup.exe
C:\Users\Lenovo share\TeamViewer_Setup_en-kne.exe
Task: {38113228-FF62-4A6C-A6B5-DF3EF9C28950} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {63DA75DB-42E7-4F4F-91C7-E233DD967B9D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {64A80AD1-F1B8-481A-9132-BDAAFCFD36BD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {88A24FA3-4E02-4AA7-9C44-4D4A46E256CC} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {89A6F8E5-3B82-4E90-8410-324C80D0C349} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D9DCBC7E-892C-4539-800F-0E33C5551DA5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Workventures\Documents\Bulldogs.jpeg.enc:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Workventures\Documents\Bulldogs.jpeg.enc:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => key removed successfully
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => key removed successfully
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => key removed successfully
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1926230946-431629159-532477852-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-1926230946-431629159-532477852-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => value removed successfully
HKCR\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => key not found.
"HKCR\PROTOCOLS\Handler\WSWSVCUchrome" => key removed successfully
catchme => service removed successfully
C:\Users\Workventures\Documents\HOW_TO_RESTORE_FILES.html => moved successfully
C:\Users\Workventures\Documents\HOW_TO_RESTORE_FILES.txt => moved successfully
C:\Users\Workventures\AppData\LocalLow\HOW_TO_RESTORE_FILES.html => moved successfully
C:\Users\Workventures\AppData\LocalLow\HOW_TO_RESTORE_FILES.txt => moved successfully
C:\ProgramData\ewywybatajeluxot => moved successfully
"C:\Users\Lenovo share\HOW_TO_RESTORE_FILES.html" => not found.
C:\Users\Default\HOW_TO_RESTORE_FILES.html => moved successfully
"C:\Users\Lenovo share\HOW_TO_RESTORE_FILES.txt" => not found.
C:\Users\Default\HOW_TO_RESTORE_FILES.txt => moved successfully
C:\Users\Workventures\AppData\Roaming\default.pls => moved successfully
C:\Users\Workventures\AppData\Roaming\WB.CFG => moved successfully
C:\Users\Workventures\AppData\Local\{27291B01-FB87-464F-90F0-7AA8E0668D5E} => moved successfully
C:\Users\Lenovo share\KiesSetup.exe => moved successfully
C:\Users\Lenovo share\TeamViewer_Setup_en-kne.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38113228-FF62-4A6C-A6B5-DF3EF9C28950}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38113228-FF62-4A6C-A6B5-DF3EF9C28950}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{63DA75DB-42E7-4F4F-91C7-E233DD967B9D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63DA75DB-42E7-4F4F-91C7-E233DD967B9D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64A80AD1-F1B8-481A-9132-BDAAFCFD36BD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64A80AD1-F1B8-481A-9132-BDAAFCFD36BD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88A24FA3-4E02-4AA7-9C44-4D4A46E256CC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88A24FA3-4E02-4AA7-9C44-4D4A46E256CC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89A6F8E5-3B82-4E90-8410-324C80D0C349}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89A6F8E5-3B82-4E90-8410-324C80D0C349}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9DCBC7E-892C-4539-800F-0E33C5551DA5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9DCBC7E-892C-4539-800F-0E33C5551DA5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"C:\Users\Workventures\Documents\Bulldogs.jpeg.enc" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
C:\Users\Workventures\Documents\Bulldogs.jpeg.enc => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.

==== End of Fixlog 11:52:28 ====

 

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 101
Java version 32-bit out of Date!
Google Chrome (51.0.2704.103)
Google Chrome (52.0.2743.116)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Firetrust MailWasher MailWasherPro.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 101
Java version 32-bit out of Date!
Google Chrome (51.0.2704.103)
Google Chrome (52.0.2743.116)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Firetrust MailWasher MailWasherPro.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

Sorry..here it is ......Sophos is still running.
Farbar Service Scanner Version: 27-01-2016
Ran by Workventures (administrator) on 07-09-2016 at 12:41:32
Running from "C:\Users\Workventures\Desktop "
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware "=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

Sophos reports that My computer is clean..Number of threats found is zero

 

I can not thank you enough for all of your efforts in getting rid of the infection. I will certainly do monthly maintenance as you suggest but most of all, be very careful of what emails I open in future. Once More, a huge THANK YOU!