1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved I am having IE 11 home page issues (some settings are managed by your system administrator)

Discussion in 'Malware and Virus Removal' started by Damon Davey, 2017/04/23.

  1. 2017/04/23
    Damon Davey

    Damon Davey New Member Thread Starter

    Joined:
    2017/04/23
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Computer Experience:
    Intermediate
    I downloaded something by mistake thinking it was virus/malware removal tools and now I lost my home page. It goes to some weird page and I cant change it. I also get a notice on the security tab at the bottom that says "some settings are managed by your system administrator" but I am the only one that uses the computer and I use it as admin.

    I already used windows defender, spybot, and a few free malware programs and still have the issue. I also reset IE under tools, Internet options, advanced tab at the bottom and nothing.

    Please help
     
  2. 2017/04/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Welcome aboard [​IMG]

    Please, complete all steps listed HERE

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     

  3. to hide this advert.

  4. 2017/04/24
    Damon Davey

    Damon Davey New Member Thread Starter

    Joined:
    2017/04/23
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Computer Experience:
    Intermediate
    Hello,
    Thanks for the info. I am working at the moment but will try to correct later today and let you know what happens.
    Thanks
    Damon

     
  5. 2017/04/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    OK...
     
  6. 2017/04/28
    Damon Davey

    Damon Davey New Member Thread Starter

    Joined:
    2017/04/23
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Computer Experience:
    Intermediate
    Hello
    I have some time today so I am going to try and fix this computer. I will keep you posted.

    Thank You
    Damon
     
  7. 2017/04/28
    Damon Davey

    Damon Davey New Member Thread Starter

    Joined:
    2017/04/23
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Computer Experience:
    Intermediate
    Hello "broni"
    I ran the scan and received the "Addition.txt" and "FRST.txt". I am not sure why you want me to start a new post/topic but I will. I am new here so I want to make sure I am doing things correctly. The new post will have same subject but end will be different so you can easily find it.

    Thank You
    Damon
     
  8. 2017/04/28
    Damon Davey

    Damon Davey New Member Thread Starter

    Joined:
    2017/04/23
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Computer Experience:
    Intermediate
    Hello Broni,
    As I said before, I downloaded something by mistake thinking it was virus/malware removal tools and lost my home page. It goes to another page and I cant change it. I also get a notice on the security tab at the bottom that says "some settings are managed by your system administrator" but I am the only one that uses the computer and I use it as admin. I tried all my scans with no luck. I have Windows 8.1 and IE 11. Hopefully I am not sending something out that will allow others into my home computer.

    I have ran the scan you asked me too and here it is.

    Please get back to me ASAP.

    Thank You for all your help
    Damon

    FRST.txt log - Addition.txt to follow at end

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-04-2017
    Ran by Damon (administrator)
    Running from C:\Users\Damon\Desktop\Virus Info
    Loaded Profiles: Damon (Available Profiles: Damon)
    Platform: Windows 8.1 (Update) (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
    () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Farbar) C:\Users\Damon\Desktop\Virus Info\Farbar Recovery Scan Tool (64).exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7192792 2013-07-05] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
    HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
    HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-18] (ASUS Cloud Corporation)
    HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-08-20] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-23] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [518456 2015-09-13] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2015-09-13] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
    HKLM-x32\...\Run: [System32] => C:\Program Files (x86)\sysconfig\sysdiag.exe*ch using Bing Damon Sun 4/23/17 @ 5:55:52 AM **08:34 PM 1***Ì”ÃwcÄÃwî********¬*****ž*****ÿÿÿÿ****qÄÃw****î*****à^2****±**¬*‹**à^2lçÃw (the data entry has 55 more characters).
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-12-06] (AMD)
    HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [689304 2012-09-23] (Adobe Systems Incorporated)
    HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\Policies\system: [DisableTaskMgr] 1
    HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\MountPoints2: {435d0d18-ece0-11e4-bee2-d850e6c35860} - "E:\VerizonWirelessUpgradeAssistantSetup.exe" -a
    ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Damon\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
    ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Damon\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
    ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Damon\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Damon\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Damon\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Damon\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk [2014-11-23]
    ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (No File)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-10-21]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\Damon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat XI Pro Serial number plus Crack and Keygen Full Download.lnk [2015-03-17]
    ShortcutTarget: Adobe Acrobat XI Pro Serial number plus Crack and Keygen Full Download.lnk -> C:\ProgramData\{5c25daae-e093-5025-5c25-5daaee096abb}\Adobe Acrobat XI Pro Serial number plus Crack and Keygen Full Download.exe (No File)
    Startup: C:\Users\Damon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk [2017-04-26]
    ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    Startup: C:\Users\Damon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (use this one).lnk [2017-02-07]
    ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (use this one).lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    Startup: C:\Users\Damon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-03-28]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
    BootExecute: autocheck autochk * sdnclean64.exe
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{39875994-5A60-4A5F-A0D6-EE13B0ECF40F}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-7a9c68e8
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
    SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
    SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
    SearchScopes: HKLM-x32 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-7a9c68e8&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001 -> DefaultScope {D489BEDE-31C4-4090-9467-75EB28B6FAF2} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    SearchScopes: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001 -> {D489BEDE-31C4-4090-9467-75EB28B6FAF2} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-23] (Oracle Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-23] (Oracle Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-23] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-23] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://flagstar.webex.com/client/WBXclient-T28L10NSP12EP6-17378/training/ieatgpc1.cab
    DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1082
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)

    FireFox:
    ========
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-05-27] [not signed]
    FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-23] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-23] (Oracle Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-09-13] (Citrix Systems, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-23] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-23] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-03] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-4170765248-3900003607-1771355706-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Damon\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-26] (Citrix Online)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
    R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
    R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-06-23] (ASUSTeK Computer Inc.)
    R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-18] () [File not signed]
    S3 ExpressInvoiceService; C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [2601040 2014-06-27] (NCH Software)
    R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
    S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
    S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AC_Service.exe [310080 2015-10-26] (Citrix Online, a division of Citrix Systems, Inc.)
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
    S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
    R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
    R3 AU8168; C:\WINDOWS\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
    S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
    S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
    R3 RtlWlanu; C:\WINDOWS\system32\DRIVERS\rtwlanu.sys [3860224 2015-08-05] (Realtek Semiconductor Corporation )
    S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
    S3 NPF; system32\drivers\npf.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-04-28 05:53 - 2017-04-28 05:54 - 00000000 ____D C:\FRST
    2017-04-28 05:51 - 2017-04-28 05:54 - 00000000 ____D C:\Users\Damon\Desktop\Virus Info
    2017-04-26 14:08 - 2017-04-26 14:08 - 01006118 _____ C:\Users\Damon\Desktop\Co-Ownership Contract (Signed).pdf
    2017-04-26 14:03 - 2017-04-26 14:03 - 00998890 _____ C:\Users\Damon\Desktop\CoOwership Agreement.pdf
    2017-04-26 07:37 - 2017-04-26 07:37 - 00000000 ____D C:\WINDOWS\system32\Plug-In Settings
    2017-04-24 12:30 - 2017-04-24 12:30 - 00000000 ____D C:\Users\Damon\AppData\Local\Apple Computer
    2017-04-24 12:30 - 2017-04-24 12:30 - 00000000 ____D C:\Users\Damon\AppData\Local\Apple
    2017-04-23 17:18 - 2017-04-23 17:18 - 00000085 _____ C:\WINDOWS\wininit.ini
    2017-04-23 17:15 - 2017-04-27 11:41 - 00000000 ____D C:\Users\Damon\AppData\Local\CrashDumps
    2017-04-23 11:14 - 2017-04-23 11:50 - 00000000 ____D C:\Users\Damon\AppData\Local\Adobe
    2017-04-23 11:04 - 2017-04-23 11:13 - 00264218 _____ C:\WINDOWS\ntbtlog.txt
    2017-04-23 10:59 - 2013-08-22 06:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170423-105936.backup
    2017-04-23 09:15 - 2017-04-23 17:18 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2017-04-23 09:15 - 2017-04-23 17:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2017-04-23 09:15 - 2017-04-23 09:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
    2017-04-23 06:39 - 2017-04-23 06:39 - 00000000 ____D C:\Users\Damon\AppData\Local\YSearchUtil
    2017-04-23 06:36 - 2017-04-23 06:36 - 00000000 ____D C:\Users\Damon\AppData\Roaming\Sun
    2017-04-23 06:35 - 2017-04-23 06:35 - 00000000 ____D C:\Users\Damon\AppData\Roaming\Yahoo
    2017-04-23 06:33 - 2017-04-23 06:33 - 00000000 ____D C:\Users\Damon\AppData\LocalLow\Oracle
    2017-04-23 05:41 - 2017-04-23 06:17 - 00000000 ____D C:\Users\Damon\AppData\Local\NPE
    2017-04-23 05:41 - 2017-04-23 05:41 - 00000000 ____D C:\ProgramData\Norton
    2017-04-22 23:34 - 2017-04-22 23:34 - 00002859 _____ C:\Users\Damon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\µTorrent.lnk
    2017-04-22 22:43 - 2017-04-22 23:16 - 00000000 ____D C:\Users\Damon\AppData\Roaming\Wise Registry Cleaner
    2017-04-22 22:43 - 2017-04-22 23:16 - 00000000 ____D C:\Users\Damon\AppData\Roaming\Wise Euask
    2017-04-22 21:17 - 2017-04-22 21:17 - 00000000 ____D C:\Users\Damon\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67}
    2017-04-22 21:15 - 2017-04-23 17:18 - 00000000 ____D C:\Users\Damon\AppData\Roaming\uTorrent
    2017-04-22 20:30 - 2017-04-22 20:30 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2017-04-22 17:14 - 2017-04-23 09:12 - 00000023 _____ C:\msdos.sys
    2017-04-22 17:14 - 2017-04-22 17:14 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\mfc70.dll
    2017-04-22 17:12 - 2017-04-23 10:56 - 00000000 ____D C:\ProgramData\AgentSS
    2017-04-22 17:12 - 2017-04-22 17:12 - 00000000 ____D C:\ProgramData\AgentWL
    2017-04-22 17:12 - 2017-04-22 17:12 - 00000000 ____D C:\ProgramData\AgentSL
    2017-04-22 16:45 - 2017-04-23 10:56 - 00000000 ___HD C:\ProgramData\sa
    2017-04-22 16:45 - 2008-01-30 18:36 - 00090112 _____ (MindVision Software) C:\WINDOWS\unvise32.exe
    2017-04-22 16:44 - 2017-04-23 11:02 - 00000000 ___HD C:\Program Files (x86)\sysconfig
    2017-04-16 03:54 - 2017-03-31 18:12 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2017-04-16 03:54 - 2017-03-31 18:12 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2017-04-12 11:18 - 2015-07-19 20:09 - 08480303 _____ C:\Users\Damon\Desktop\1-04 Coming Down.m4a
    2017-04-12 05:26 - 2017-03-21 06:11 - 00875712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
    2017-04-12 05:26 - 2017-03-21 06:11 - 00869568 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
    2017-04-12 05:26 - 2017-03-21 06:11 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
    2017-04-12 05:26 - 2017-03-21 06:11 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
    2017-04-12 05:22 - 2017-03-25 12:39 - 20284416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2017-04-12 05:22 - 2017-03-25 12:07 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2017-04-12 05:22 - 2017-03-25 12:06 - 13654016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2017-04-12 05:22 - 2017-03-25 11:55 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2017-04-12 05:22 - 2017-03-25 11:52 - 02289152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2017-04-12 05:22 - 2017-03-25 11:51 - 01313280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2017-04-12 05:22 - 2017-03-25 11:47 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2017-04-12 05:22 - 2017-03-25 11:10 - 02898432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2017-04-12 05:22 - 2017-03-25 10:52 - 25746944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2017-04-12 05:22 - 2017-03-25 09:59 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2017-04-12 05:22 - 2017-03-25 09:28 - 15259136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2017-04-12 05:22 - 2017-03-25 09:24 - 03241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2017-04-12 05:22 - 2017-03-25 09:10 - 01546240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2017-04-12 05:22 - 2017-03-24 21:43 - 01375960 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2017-04-12 05:22 - 2017-03-24 11:24 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2017-04-12 05:22 - 2017-03-14 07:26 - 03714560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2017-04-12 05:22 - 2017-03-14 07:09 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
    2017-04-12 05:22 - 2017-03-14 07:08 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2017-04-12 05:22 - 2017-03-14 07:06 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2017-04-12 05:22 - 2017-03-10 20:59 - 01763888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
    2017-04-12 05:22 - 2017-03-10 20:56 - 01489608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
    2017-04-12 05:22 - 2017-03-10 20:49 - 00388440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2017-04-12 05:22 - 2017-03-10 20:44 - 00373080 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2017-04-12 05:22 - 2017-03-10 20:41 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2017-04-12 05:22 - 2017-03-09 14:13 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2017-04-12 05:22 - 2017-03-07 16:25 - 01661064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2017-04-12 05:22 - 2017-03-07 16:21 - 01212760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2017-04-12 05:22 - 2017-03-04 09:37 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2017-04-12 05:22 - 2017-03-03 08:11 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
    2017-04-12 05:22 - 2017-03-03 08:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
    2017-04-12 05:22 - 2017-02-11 11:18 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
    2017-04-12 05:22 - 2017-02-11 10:00 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2017-04-12 05:22 - 2017-02-04 10:51 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
    2017-04-12 05:22 - 2017-02-01 12:42 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2017-04-12 05:22 - 2017-01-18 19:18 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2017-04-12 05:22 - 2017-01-18 07:35 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
    2017-04-12 05:22 - 2017-01-14 13:32 - 00955016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2017-04-12 05:22 - 2017-01-14 12:18 - 00787688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2017-04-12 05:22 - 2017-01-12 09:51 - 00274776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
    2017-04-12 05:22 - 2017-01-12 09:51 - 00117592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
    2017-04-12 05:22 - 2017-01-11 12:12 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
    2017-04-12 05:22 - 2017-01-11 08:09 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
    2017-04-12 05:22 - 2017-01-10 14:06 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
    2017-04-12 05:22 - 2017-01-10 13:46 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
    2017-04-12 05:22 - 2017-01-10 12:20 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
    2017-04-12 05:22 - 2017-01-10 12:09 - 01108480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
    2017-04-12 05:22 - 2017-01-06 10:25 - 02513408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
    2017-04-12 05:22 - 2017-01-06 10:04 - 01495552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
    2017-04-12 05:22 - 2016-12-24 18:14 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
    2017-04-12 05:22 - 2016-12-24 17:48 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
    2017-04-12 05:21 - 2017-03-25 11:48 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2017-04-12 05:21 - 2017-03-25 11:47 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2017-04-12 05:21 - 2017-03-25 11:46 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2017-04-12 05:21 - 2017-03-25 11:46 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2017-04-12 05:21 - 2017-03-25 11:46 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2017-04-12 05:21 - 2017-03-25 11:45 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2017-04-12 05:21 - 2017-03-25 11:45 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2017-04-12 05:21 - 2017-03-25 11:13 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2017-04-12 05:21 - 2017-03-25 10:56 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2017-04-12 05:21 - 2017-03-25 10:41 - 06045696 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2017-04-12 05:21 - 2017-03-25 10:12 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2017-04-12 05:21 - 2017-03-25 10:04 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2017-04-12 05:21 - 2017-03-25 10:00 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2017-04-12 05:21 - 2017-03-25 10:00 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2017-04-12 05:21 - 2017-03-25 09:57 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2017-04-12 05:21 - 2017-03-25 09:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2017-04-12 05:21 - 2017-03-14 12:06 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2017-04-12 05:21 - 2017-03-13 09:13 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
    2017-04-12 05:21 - 2017-03-13 09:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
    2017-04-12 05:21 - 2017-03-13 09:08 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
    2017-04-12 05:21 - 2017-03-13 09:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2017-04-12 05:21 - 2017-03-13 08:59 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
    2017-04-12 05:21 - 2017-03-13 08:59 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
    2017-04-12 05:21 - 2017-03-13 08:56 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2017-04-12 05:21 - 2017-03-12 08:04 - 00033792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
    2017-04-12 05:21 - 2017-03-10 20:49 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2017-04-12 05:21 - 2017-03-09 14:08 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2017-04-12 05:21 - 2017-03-09 12:29 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2017-04-12 05:21 - 2017-03-04 12:24 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2017-04-12 05:21 - 2017-03-04 12:06 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
    2017-04-12 05:21 - 2017-03-04 11:15 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
    2017-04-12 05:21 - 2017-03-03 08:10 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
    2017-04-12 05:21 - 2017-03-03 08:04 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
    2017-04-12 05:21 - 2017-02-11 09:49 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
    2017-04-12 05:21 - 2017-02-11 09:42 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
    2017-04-12 05:21 - 2017-02-10 12:06 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
    2017-04-12 05:21 - 2017-02-10 07:37 - 00046600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
    2017-04-12 05:21 - 2017-02-04 10:53 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
    2017-04-12 05:21 - 2017-02-04 10:19 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
    2017-04-12 05:21 - 2017-02-01 12:44 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2017-04-12 05:21 - 2017-01-18 07:34 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
    2017-04-12 05:21 - 2017-01-14 07:37 - 00447095 _____ C:\WINDOWS\system32\ApnDatabase.xml
    2017-04-12 05:21 - 2017-01-11 23:12 - 00990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2017-04-12 05:21 - 2017-01-11 10:28 - 00422744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2017-04-12 05:21 - 2017-01-10 15:37 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
    2017-04-12 05:21 - 2016-12-24 18:21 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
    2017-04-12 05:21 - 2016-12-24 17:19 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
    2017-04-12 05:21 - 2016-12-24 16:39 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
    2017-04-12 05:21 - 2016-12-09 01:08 - 00379736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2017-03-30 08:12 - 2017-03-30 08:12 - 00307928 _____ C:\WINDOWS\Minidump\033017-32828-01.dmp

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-04-26 14:08 - 2016-03-10 13:20 - 00000000 ____D C:\Users\Damon\Desktop\SCANS
    2017-04-26 07:36 - 2014-06-26 12:33 - 00000000 ___DO C:\Users\Damon\OneDrive
    2017-04-25 04:35 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\Inf
    2017-04-24 12:37 - 2014-05-26 14:51 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4170765248-3900003607-1771355706-1001
    2017-04-23 12:42 - 2014-03-18 03:03 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-04-23 12:34 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-04-23 11:13 - 2013-08-22 06:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
    2017-04-23 09:08 - 2014-06-26 16:25 - 00000000 ____D C:\Users\Damon\AppData\Local\ElevatedDiagnostics
    2017-04-23 09:01 - 2014-06-25 16:39 - 00000000 ____D C:\ProgramData\Oracle
    2017-04-23 06:37 - 2014-06-25 16:36 - 00000000 ____D C:\Program Files (x86)\Java
    2017-04-23 06:36 - 2014-10-07 23:21 - 00318528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
    2017-04-23 06:36 - 2014-10-07 23:21 - 00206912 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
    2017-04-23 06:36 - 2014-10-07 23:21 - 00206912 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
    2017-04-23 06:36 - 2014-10-07 23:21 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
    2017-04-23 06:36 - 2014-10-07 23:21 - 00000000 ____D C:\Program Files\Java
    2017-04-23 06:36 - 2014-06-25 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2017-04-23 06:35 - 2014-06-25 16:36 - 00268864 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
    2017-04-23 06:35 - 2014-06-25 16:36 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2017-04-23 06:10 - 2014-07-09 16:15 - 00000000 ____D C:\Program Files (x86)\NCH Software
    2017-04-22 23:32 - 2014-06-26 12:09 - 00000000 ____D C:\Users\Damon
    2017-04-22 23:09 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-04-22 23:04 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\registration
    2017-04-22 22:43 - 2016-08-27 02:38 - 00000000 ____D C:\Program Files (x86)\Wise
    2017-04-22 21:12 - 2014-06-26 12:29 - 00001663 _____ C:\Users\Damon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2017-04-22 21:12 - 2014-06-07 00:16 - 00001736 _____ C:\Users\Damon\Desktop\Internet- Explorer.lnk
    2017-04-22 18:56 - 2016-08-27 04:08 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2017-04-22 18:31 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\tracing
    2017-04-22 17:28 - 2014-09-25 04:50 - 00000000 ___RD C:\Users\Damon\Google Drive
    2017-04-17 09:18 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
    2017-04-17 05:00 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
    2017-04-16 03:53 - 2013-08-22 07:44 - 00563752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-04-16 03:49 - 2013-08-22 08:36 - 00000000 ___RD C:\WINDOWS\ToastData
    2017-04-16 03:49 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Windows Defender
    2017-04-16 03:49 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2017-04-12 05:30 - 2014-05-26 17:15 - 00000000 ____D C:\WINDOWS\system32\MRT
    2017-04-12 05:29 - 2014-05-26 17:15 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-04-12 05:29 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
    2017-04-07 15:06 - 2014-05-27 17:51 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2017-03-30 08:12 - 2014-07-01 16:45 - 00000000 ____D C:\WINDOWS\Minidump

    ==================== Files in the root of some directories =======

    2014-07-03 12:07 - 2015-03-31 16:20 - 0000114 _____ () C:\Users\Damon\AppData\Roaming\sview.ini
    2014-06-05 05:51 - 2014-06-05 05:51 - 0000057 _____ () C:\ProgramData\Ament.ini
    2014-09-23 05:07 - 2015-12-09 13:28 - 0009918 _____ () C:\ProgramData\hpzinstall.log
    2015-11-13 13:00 - 2016-02-04 11:06 - 0000045 _____ () C:\ProgramData\log.txt
    2014-06-06 14:59 - 2014-06-06 14:59 - 0000058 _____ () C:\ProgramData\mchguid.ini

    Some files in TEMP:
    ====================
    2015-12-09 13:29 - 2012-10-01 17:44 - 0178824 ____R (Microsoft Corporation) C:\Users\Damon\AppData\Local\Temp\ose00000.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-04-25 03:16

    ==================== End of FRST.txt ============================
     
  9. 2017/04/28
    Damon Davey

    Damon Davey New Member Thread Starter

    Joined:
    2017/04/23
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Computer Experience:
    Intermediate
    Hello Broni,

    As I said before, I downloaded something by mistake thinking it was virus/malware removal tools and lost my home page. It goes to another page and I cant change it. I also get a notice on the security tab at the bottom that says "some settings are managed by your system administrator" but I am the only one that uses the computer and I use it as admin. I tried all my scans with no luck. I have Windows 8.1 and IE 11. Hopefully I am not sending something out that will allow others into my home computer.


    I have ran the scan you asked me too and here it is.


    Please get back to me ASAP.


    Thank You for all your help

    Damon


    Addition.txt log

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2017
    Ran by Damon
    Running from C:\Users\Damon\Desktop\Virus Info
    Windows 8.1 (Update) (X64) (2014-06-26 19:29:02)
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================

    Administrator (S-1-5-21-4170765248-3900003607-1771355706-500 - Administrator - Disabled)
    Damon (S-1-5-21-4170765248-3900003607-1771355706-1001 - Administrator - Enabled) => C:\Users\Damon
    Guest (S-1-5-21-4170765248-3900003607-1771355706-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-4170765248-3900003607-1771355706-1007 - Limited - Enabled)

    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)


    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Disabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ==================== Installed Programs ======================
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    4500_G510gm_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    4500G510gm (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
    4500G510gm_Software_Min (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
    Adobe Connect 9 Add-in (HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\Adobe Connect 9 Add-in) (Version: 11,9,970,233 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
    AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.05 - ASUSTeK Computer Inc.)
    AMD Catalyst Install Manager (HKLM\...\{22E2B25B-2FFE-1A69-E591-55DD72BC5F5B}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASUS Easy Update 2 (HKLM-x32\...\{E7AA854E-6756-424E-84C2-4E47D5729AFF}) (Version: 3.00.08 - ASUSTeK Computer Inc.)
    ASUS Music Maker (HKLM-x32\...\MAGIX_{AB515018-7F9D-4047-B0C0-F26BAC30F3E1}) (Version: 18.0.3.3 - MAGIX AG)
    ASUS Music Maker (Version: 18.0.3.3 - MAGIX AG) Hidden
    ASUS MX Suite (HKLM-x32\...\MAGIX_{CFA9C800-9B0B-42E3-92E7-08B5AF2E192E}) (Version: 1.13.0.121 - MAGIX AG)
    ASUS MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
    ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
    ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4127.52 - CyberLink Corp.)
    ASUSDVD (x32 Version: 10.0.4127.52 - CyberLink Corp.) Hidden
    AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    Catalyst Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )
    Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
    Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.3.100.10 - Citrix Systems, Inc.)
    Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    DJ_AIO_06_F4500_SW_MIN (x32 Version: 140.0.851.000 - Hewlett-Packard) Hidden
    DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
    eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.06 - ASUSTeK Computer Inc.)
    ExeTec (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{34f3c40}) (Version: - ExeTec) <==== ATTENTION
    Express Invoice Invoicing Software (HKLM-x32\...\ExpressInvoice) (Version: 4.10 - NCH Software)
    F4500 (x32 Version: 140.0.851.000 - Hewlett-Packard) Hidden
    Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
    Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
    Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.3.0.1121 - Citrix Online, a division of Citrix Systems, Inc.)
    GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
    HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
    HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{FD126052-310E-4364-937B-6B5564F24578}) (Version: 14.0 - HP)
    HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
    HP Officejet 4500 G510g-m 14.0 Rel. 6 (HKLM\...\{C55BF64E-60E1-494C-B1EB-97A008141A55}) (Version: 14.0 - HP)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
    HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)
    HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
    HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
    Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
    Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft SkyDrive (HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
    OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
    Online Plug-in (x32 Version: 14.3.100.10 - Citrix Systems, Inc.) Hidden
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6971 - Realtek Semiconductor Corp.)
    Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
    Self-service Plug-in (x32 Version: 4.3.100.10167 - Citrix Systems, Inc.) Hidden
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    SmartClient Installation Manager (x32 Version: 1.0.0 - Ellie Mae) Hidden
    SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
    Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
    SwiftView Viewer (HKLM-x32\...\SwiftView) (Version: - )
    Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
    TouchCopy 12 (x64) (HKLM\...\{8D663362-0285-4D0E-939F-98EFD5CE5137}) (Version: 12.69 - Wide Angle Software)
    TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
    Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
    Update for Skype for Business 2015 (KB3115261) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D8E86AF8-E495-4DC1-A058-7E69AA96AA8A}) (Version: - Microsoft)
    Update for Skype for Business 2015 (KB3115261) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{D8E86AF8-E495-4DC1-A058-7E69AA96AA8A}) (Version: - Microsoft)
    Update for Skype for Business 2015 (KB3115261) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D8E86AF8-E495-4DC1-A058-7E69AA96AA8A}) (Version: - Microsoft)
    VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 4.22 - NCH Software)
    WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
    Why ASUS PC (HKLM-x32\...\{5648F9D9-299E-408C-AC1F-59DC75894A1F}) (Version: 1.00.02 - ASUSTeK Computer Inc.)
    Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
    WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
    Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    影像中心 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    照片库 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden


    ==================== Custom CLSID (Whitelisted): ==========================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    CustomCLSID: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Damon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Damon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Damon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Damon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {10549A0C-81CE-49A6-8F05-823DF8219420} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
    Task: {5E58FAFE-0F22-4242-8EBE-F26DA96FBE35} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
    Task: {5FE9D6A8-33EB-499A-80E4-9FE4E84604B1} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
    Task: {6113AB46-9B26-41F7-BE54-51667276F68F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-04-12] (Microsoft Corporation)
    Task: {656BC3DA-7CF1-4E1F-9E8B-F99C03F78F9D} - System32\Tasks\{C4A2AA97-A5B5-4F12-971F-4A484A17E882} => pcalua.exe -a C:\Users\Damon\AppData\Local\{B5EC83B0-9144-EF08-FCDC-CAE0D8B43678}\uninst.exe -c -FN="C:\Users\Damon\AppData\Roaming\{B5B1830A-90E3-EE7C-FBD5-C9AE27073490}\Sync.exe"-P=/Uninstall /s /noun /DelSelfDir
    Task: {68DEDADD-A6A0-4037-8720-5F85C4A6FD85} - System32\Tasks\ASUS\ASUS Easy Update 2 => C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [2013-07-04] (ASUSTeK Computer Inc.)
    Task: {89A90BF3-E0CC-4EDD-BA7E-04A30507E304} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
    Task: {938E0CCE-F123-4604-8C24-EDC1116ADB1B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {C4B98EFB-BDA4-4912-AC09-62895FE70B17} - System32\Tasks\{26FAE30F-358B-466A-B4D7-A652E254DB2A} => pcalua.exe -a "C:\Program Files (x86)\Itibiti Soft Phone\unins000.exe"
    Task: {D330DC6A-F2BF-44EC-8210-1CC141A479EE} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {E43CAF15-3962-4563-931D-030C7D3CBFB9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\msoia.exe


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    ==================== Shortcuts =============================
    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\Damon\Favorites\Program Info\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
    Shortcut: C:\Users\Damon\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_1817102133_en-us.lnk -> hxxp://www.windowssearch.com:80/suggestions?qry=google+chrome&cc=US&setlang=en-US&inlang=en-US&adlt=moderate&scale=100&contrast=none&hw=1080%2C1920&CVID=1F45CB46441247708BB62FB0ACB45B7
    Shortcut: C:\Users\Damon\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_2556942070_en-us.lnk -> hxxp://keystone.mwbsys.co
    Shortcut: C:\Users\Damon\AppData\Local\Microsoft\Windows\ConnectedSearch\History\txt_3716225050_en-US.lnk -> hxxp://www.electronerdz.com/2012/07/find-your-adobe-acrobat-serial-number/#sthash.hmzQSr8R.dpu

    ==================== Loaded Modules (Whitelisted) ==============
    2013-08-20 10:07 - 2012-06-01 02:42 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    2012-12-18 23:10 - 2012-12-18 23:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
    2016-06-14 13:37 - 2016-06-14 13:37 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-08-20 10:07 - 2017-04-23 12:34 - 00025600 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
    2013-08-20 10:07 - 2010-06-28 19:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll


    ==================== Alternate Data Streams (Whitelisted) =========


    (If an entry is included in the fixlist, only the ADS will be removed.)


    AlternateDataStreams: C:\ProgramData\Temp:C41CE1F6 [136]

    ==================== Safe Mode (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

    ==================== Association (Whitelisted) ===============
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7933 more sites.

    IE trusted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\flagstar.com -> hxxps://wholesale.flagstar.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\123simsen.com -> www.123simsen.com

    There are 7933 more sites.

    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 06:25 - 2017-04-23 10:59 - 00454348 ____R C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15592 more lines.

    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Damon\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is enabled.


    ==================== MSCONFIG/TASK MANAGER disabled items ==


    HKLM\...\StartupApproved\Run: => "IAStorIcon"
    HKLM\...\StartupApproved\Run: => "HotKeysCmds"
    HKLM\...\StartupApproved\Run: => "Persistence"
    HKLM\...\StartupApproved\Run32: => "ASUSWebStorage"
    HKLM\...\StartupApproved\Run32: => "ASUSPRP"
    HKLM\...\StartupApproved\Run32: => "mcui_exe"
    HKLM\...\StartupApproved\Run32: => "StartCCC"
    HKLM\...\StartupApproved\Run32: => "RemoteControl10"
    HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
    HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\StartupApproved\Run: => "GoogleDriveSync"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{13E29FB4-770F-44FB-B385-163B24F4520E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A4FA4D4C-3E6C-409B-83BF-0ECAF34F245E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{BF325926-10DA-492B-A4C4-031C9DA33937}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{D5F071B5-5D6A-48B4-8AFF-79E5593A41E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4D0872CE-65A7-46A0-A00A-A02F6E90CFB9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{9CCD0621-7AD4-4B35-8CEE-082ECEF8FE0F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{C28ACCF0-82D0-4059-9EFC-42A42F1AEE95}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{130A9D61-493C-4E4A-AE52-42A874A46C39}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [UDP Query User{A2AE26BF-C7C7-4A49-AB08-966BCDD85095}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [TCP Query User{026462B0-91AD-4067-B016-45483FB88FF2}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [{87EF0AD9-0EBE-4323-8BA0-A708BB9A3806}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
    FirewallRules: [{07EFA879-A2BD-49CC-9ACC-8CFE6AB476FB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
    FirewallRules: [{4FE52619-89FA-46EB-8FA1-2A3DC76B65B1}] => (Allow) LPort=1900
    FirewallRules: [{0F8DB801-CCF3-45AC-81B6-CB94A886C821}] => (Allow) LPort=2869
    FirewallRules: [{A7AAAB41-B947-4016-BB79-85C1350AF9A6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{898D5C79-E79C-4140-891A-24D743EB1E40}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{9A8AA1F7-08FA-41A0-9951-B8137B8B9B88}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{E6D6C126-D3EC-4D52-BCE5-3CC1BEF22254}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{343A97C5-86E4-4B48-BD43-B87609010380}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{C95074DC-76AF-44DE-937A-F142837E51B0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
    FirewallRules: [{DA53065D-E2BD-4131-8D7C-0268A4364B04}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{8A1B2D9E-261D-41E0-B5CD-605298ED98A4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
    FirewallRules: [{53E70031-B7C2-4422-A0EA-37874989B1EF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{633B9666-1270-4608-A5A2-E3D540CAC426}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{4D72F2CC-8EC3-43BE-81D2-C1025539CF9E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{E14B5BCD-8B8F-46BD-8022-57CE6105AC8C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{5411FBB2-BEFC-48EF-9067-6D50FEF19DD0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{C359B6D9-98F4-4CC1-8403-088D636B5043}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
    FirewallRules: [{9BDA79EB-B85B-4C2A-BFCB-852B4C47EAC6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{7311B2FB-6CE8-40EA-91D3-89BFE552679B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{C18ECD73-EE4A-4C5F-901F-F7A498A97B84}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{BC125FF0-A2D1-4C79-B34B-7061271F3AC0}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{3A680D56-133C-4A6A-92D0-514B49C5E99D}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\FaxApplications.exe
    FirewallRules: [{D0DC2B39-49DC-4902-89F7-F788F874A6C1}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\DigitalWizards.exe
    FirewallRules: [{10384152-996C-445B-B361-E77482BDC4A2}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\SendAFax.exe
    FirewallRules: [{1F491103-CE98-4653-9575-7728605E03CC}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\DeviceSetup.exe
    FirewallRules: [{50861B29-FC06-4A23-8D91-ABEA1973C054}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{E58879C7-5BE7-4E94-A768-D56E7050DFB3}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{207601B3-3D55-4546-820D-98E34E5BEB85}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{8607021E-9F99-4DC4-9C56-B0D917FA9286}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
    FirewallRules: [{4A3E8254-B8F3-4449-AAF6-CFFA0558C3E5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
    FirewallRules: [{77AAD147-47B4-497B-ACA3-B8C9537DC3E4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
    FirewallRules: [{98297B02-C08B-45BC-B34D-CC8D7F8FB8B6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
    FirewallRules: [{AEF383D9-56E6-488A-A8ED-4F468EE409F2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe

    ==================== Restore Points =========================

    ==================== Faulty Device Manager Devices =============
    Name: Deskjet F4500 series
    Description: Deskjet F4500 series
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Deskjet F4500 series
    Description: Deskjet F4500 series
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: HP
    Service: StillCam
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/27/2017 11:41:42 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: LiveUpdt.exe, version: 2.0.0.0, time stamp: 0x51d531bc
    Faulting module name: LiveUpdt.exe, version: 2.0.0.0, time stamp: 0x51d531bc
    Exception code: 0xc0000005
    Fault offset: 0x000415f9
    Faulting process id: 0x199c
    Faulting application start time: 0x01d2bf85e9a7c28f
    Faulting application path: C:\Program Files (x86)\ASUS\ASUS Easy Update\LiveUpdt.exe
    Faulting module path: C:\Program Files (x86)\ASUS\ASUS Easy Update\LiveUpdt.exe
    Report Id: 279775ba-2b79-11e7-bf69-d850e6c35860
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (04/26/2017 02:37:58 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18124, time stamp: 0x5641278d
    Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4e1d
    Exception code: 0xc0000374
    Fault offset: 0x000e6054
    Faulting process id: 0x1170
    Faulting application start time: 0x01d2bed532470f02
    Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: 9d4c3ce8-2ac8-11e7-bf69-d850e6c35860
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (04/26/2017 07:47:41 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: LiveUpdt.exe, version: 2.0.0.0, time stamp: 0x51d531bc
    Faulting module name: LiveUpdt.exe, version: 2.0.0.0, time stamp: 0x51d531bc
    Exception code: 0xc0000005
    Fault offset: 0x000415f9
    Faulting process id: 0x13e8
    Faulting application start time: 0x01d2be9be9dbeeff
    Faulting application path: C:\Program Files (x86)\ASUS\ASUS Easy Update\LiveUpdt.exe
    Faulting module path: C:\Program Files (x86)\ASUS\ASUS Easy Update\LiveUpdt.exe
    Report Id: 4c69bed7-2a8f-11e7-bf69-d850e6c35860
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (04/26/2017 07:39:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Client application bug: DNSServiceResolve(88:c6:63:8a:c4:02@fe80::8ac6:63ff:fe8a:c402._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

    Error: (04/24/2017 05:17:15 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: LiveUpdt.exe, version: 2.0.0.0, time stamp: 0x51d531bc
    Faulting module name: LiveUpdt.exe, version: 2.0.0.0, time stamp: 0x51d531bc
    Exception code: 0xc0000005
    Fault offset: 0x000415f9
    Faulting process id: 0x328
    Faulting application start time: 0x01d2bd594a740313
    Faulting application path: C:\Program Files (x86)\ASUS\ASUS Easy Update\LiveUpdt.exe
    Faulting module path: C:\Program Files (x86)\ASUS\ASUS Easy Update\LiveUpdt.exe
    Report Id: 88b14468-294c-11e7-bf69-d850e6c35860
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (04/24/2017 12:33:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Client application bug: DNSServiceResolve(88:c6:63:8a:c4:02@fe80::8ac6:63ff:fe8a:c402._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

    Error: (04/23/2017 05:14:42 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: LiveUpdt.exe, version: 2.0.0.0, time stamp: 0x51d531bc
    Faulting module name: LiveUpdt.exe, version: 2.0.0.0, time stamp: 0x51d531bc
    Exception code: 0xc0000005
    Fault offset: 0x000415f9
    Faulting process id: 0x1720
    Faulting application start time: 0x01d2bc8fc49e37e9
    Faulting application path: C:\Program Files (x86)\ASUS\ASUS Easy Update\LiveUpdt.exe
    Faulting module path: C:\Program Files (x86)\ASUS\ASUS Easy Update\LiveUpdt.exe
    Report Id: 031571f8-2883-11e7-bf69-d850e6c35860
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (04/23/2017 12:00:00 AM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (1392) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU054DC.log.

    Error: (04/22/2017 11:35:59 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: utorrentie.exe, version: 1.0.0.43580, time stamp: 0x58d59a6a
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x775e0319
    Faulting process id: 0x11cc
    Faulting application start time: 0x01d2bbfb62255c26
    Faulting application path: C:\Users\Damon\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe
    Faulting module path: unknown
    Report Id: 1c76abae-27ef-11e7-bf63-d850e6c35860
    Faulting package full name:
    Faulting package-relative application ID:


    Error: (04/22/2017 10:48:49 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: utorrentie.exe, version: 1.0.0.43580, time stamp: 0x58d59a6a
    Faulting module name: Flash.ocx, version: 25.0.0.148, time stamp: 0x58d562be
    Exception code: 0xc0000005
    Fault offset: 0x000b70a5
    Faulting process id: 0x1204
    Faulting application start time: 0x01d2bbf51d126476
    Faulting application path: C:\Users\Damon\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe
    Faulting module path: C:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx
    Report Id: 85756bb6-27e8-11e7-bf63-d850e6c35860
    Faulting package full name:
    Faulting package-relative application ID:

    System errors:
    =============
    Error: (04/28/2017 05:51:11 AM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

    Error: (04/28/2017 05:12:47 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Security Update for Microsoft PowerPoint 2013 (KB3115487) 64-Bit Edition.

    Error: (04/28/2017 05:12:29 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft Excel 2013 (KB3191823) 64-Bit Edition.

    Error: (04/28/2017 05:12:29 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft Office 2013 (KB3172448) 64-Bit Edition.


    Error: (04/28/2017 05:12:29 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Hewlett-Packard - Imaging, Other hardware - Null Fax - HP Photosmart 7520 series.

    Error: (04/28/2017 05:12:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft PowerPoint 2013 (KB3162043) 64-Bit Edition.

    Error: (04/28/2017 05:12:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft Publisher 2013 (KB3114329) 64-Bit Edition.

    Error: (04/28/2017 05:12:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Security Update for Microsoft Excel 2013 (KB3172542) 64-Bit Edition.


    Error: (04/28/2017 05:12:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft OneDrive for Business (KB3178645) 64-Bit Edition.

    Error: (04/28/2017 05:12:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft OneNote 2013 (KB3141465) 64-Bit Edition.

    CodeIntegrity:
    ===================================
    Date: 2017-04-23 14:45:41.720
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-04-23 11:44:36.718
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-04-23 06:48:19.354
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-04-23 00:03:58.580
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-04-22 23:33:05.433
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2017-04-22 22:18:32.566
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2017-04-22 22:18:32.331
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2017-04-22 19:30:30.139
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2017-04-22 19:11:57.146
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-04-22 18:53:26.341
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    ==================== Memory info ===========================
    Processor: Intel(R) Core(TM) i7-4770S CPU @ 3.10GHz
    Percentage of memory in use: 26%
    Total physical RAM: 8131.28 MB
    Available physical RAM: 5982.91 MB
    Total Virtual: 16323.28 MB
    Available Virtual: 13640 MB

    ==================== Drives ================================
    Drive c: (Windows) (Fixed) (Total:149.56 GB) (Free:20.09 GB) NTFS
    Drive d: (Data) (Fixed) (Total:759.33 GB) (Free:692.94 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 3496C9C5)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  10. 2017/04/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Please, do NOT create new topics.
    Continue right here.


    [​IMG] Uninstall following unwanted program: ExeTec.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
    [​IMG] Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.
    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  11. 2017/04/29
    Damon Davey

    Damon Davey New Member Thread Starter

    Joined:
    2017/04/23
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Computer Experience:
    Intermediate
    Hello I have ran all the scans above and here are the results. I think it is fixed because it is opening normal.

    RogueKiller Scan
    RogueKiller V12.10.6.0 (x64) [Apr 24 2017] (Free) by Adlice Software
    mail : Contact - Adlice Software
    Feedback : Adlice forum - Home
    Website : RogueKiller Anti-Malware Free Download - Official Website
    Blog : Downloads - Adlice Software

    Operating System : Windows 8.1 (6.3.9600) 64 bits version
    Started in : Normal mode
    User : Damon [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 04/29/2017 06:42:52 (Duration : 00:40:35)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 9 ¤¤¤
    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-4170765248-3900003607-1771355706-1001\Software\ProductSetup -> Not selected
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-4170765248-3900003607-1771355706-1001\Software\ProductSetup -> Not selected
    [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos -> Not selected
    [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-7a9c68e8 -> Not selected
    [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-4170765248-3900003607-1771355706-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-4170765248-3900003607-1771355706-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
    [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-4170765248-3900003607-1771355706-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 1 -> Not selected
    [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-4170765248-3900003607-1771355706-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 8 ¤¤¤
    [Suspicious.Path][File] C:\Users\Damon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat XI Pro Serial number plus Crack and Keygen Full Download.lnk [LNK@] C:\ProgramData\{5c25daae-e093-5025-5c25-5daaee096abb}\Adobe Acrobat XI Pro Serial number plus Crack and Keygen Full Download.exe --startup=1 -> Deleted
    [Hj.Shortcut][File] C:\Users\Damon\Desktop\Internet- Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe Homepage -> Shortcut cleaned
    [Hj.Shortcut][File] C:\Users\Damon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe Homepage -> Shortcut cleaned
    [Hj.Shortcut][File] C:\Users\Damon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe Homepage -> Shortcut cleaned
    [Hj.Shortcut][File] C:\Users\Damon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe Homepage -> Shortcut cleaned
    [PUP.Gen1][Folder] C:\Users\Damon\AppData\Local\YSearchUtil -> Deleted
    [PUP.Gen1][Folder] C:\Users\Damon\AppData\Local\YSearchUtil\CrashLogs -> Deleted
    [Hj.Shortcut][File] C:\Users\Damon\Desktop\Internet- Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe Homepage -> Shortcut cleaned
    [Hj.Shortcut][File] C:\Users\Damon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe Homepage -> Deleted

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA DT01ACA100 +++++
    --- User ---
    [MBR] 2fa2cabf8661bc37f5f30a36e088ea9b
    [BSP] d052694f14fa69a776b2c49cafb78779 : Empty MBR Code
    Partition table:
    0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 800 MB
    1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1640448 | Size: 260 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2172928 | Size: 128 MB
    3 - Basic data partition | Offset (sectors): 2435072 | Size: 153150 MB
    4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 316086272 | Size: 450 MB
    5 - Basic data partition | Offset (sectors): 317007872 | Size: 777553 MB
    6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1909436416 | Size: 21527 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: Generic- Multiple Reader USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )


    Malwarebytes Scan

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 4/29/17
    Scan Time: 8:03 AM
    Logfile: malware txt report.txt
    Administrator: Yes

    -Software Information-
    Version: 3.0.6.1469
    Components Version: 1.0.103
    Update Package Version: 1.0.1835
    License: Trial

    -System Information-
    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: THEDAVEYS\Damon

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 375472
    Time Elapsed: 4 min, 7 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 2
    Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SYSTEM32, Quarantined, [24], [211976],1.0.1835
    PUM.Optional.LowRiskFileTypes, HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LOWRISKFILETYPES, Quarantined, [15249], [251589],1.0.1835

    Registry Data: 1
    PUM.Optional.DisableTaskMgr, HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DISABLETASKMGR, Replaced, [16325], [293320],1.0.1835

    Data Stream: 0
    (No malicious items detected)

    Folder: 3
    PUP.Optional.WiseRC, C:\USERS\DAMON\APPDATA\ROAMING\Wise Euask, Quarantined, [2175], [379114],1.0.1835
    PUP.Optional.WiseRC, C:\USERS\DAMON\APPDATA\ROAMING\Wise Registry Cleaner, Quarantined, [2175], [349249],1.0.1835
    PUP.Optional.WiseRC, C:\PROGRAM FILES (X86)\WISE\WISE REGISTRY CLEANER, Quarantined, [2175], [349246],1.0.1835

    File: 4
    PUP.Optional.WiseRC, C:\Program Files (x86)\Wise\Wise Registry Cleaner\License.txt, Quarantined, [2175], [349246],1.0.1835
    PUP.Optional.WiseRC, C:\Program Files (x86)\Wise\Wise Registry Cleaner\unins000.dat, Quarantined, [2175], [349246],1.0.1835
    PUP.Optional.WiseRC, C:\Program Files (x86)\Wise\Wise Registry Cleaner\unins000.msg, Quarantined, [2175], [349246],1.0.1835
    Trojan.MalPack, C:\PROGRAM FILES (X86)\SYSCONFIG\AUTOI.SYS, Quarantined, [53], [102272],1.0.1835

    Physical Sector: 0
    (No malicious items detected)

    (end)

    AdwCleaner Scan
    # AdwCleaner v6.046 - Logfile created 29/04/2017 at 20:13:51
    # Updated on 24/04/2017 by Malwarebytes
    # Database : 2017-04-29.1 [Server]
    # Operating System : Windows 8.1 (X64)
    # Username : Damon - THEDAVEYS
    # Running from : C:\Users\Damon\Desktop\adwcleaner_6.046.exe
    # Mode: Clean
    # Support : Customer Support & Help Center



    ***** [ Services ] *****



    ***** [ Folders ] *****

    [-] Folder deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil


    ***** [ Files ] *****



    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [-] Key deleted: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\Software\PRODUCTSETUP
    [#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
    [-] Key deleted: HKLM\SOFTWARE\WISECLEANER
    [#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
    [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
    [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4


    ***** [ Web browsers ] *****



    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [3023 Bytes] - [27/08/2016 01:16:20]
    C:\AdwCleaner\AdwCleaner[C2].txt - [1831 Bytes] - [29/04/2017 20:13:51]
    C:\AdwCleaner\AdwCleaner[S0].txt - [2908 Bytes] - [27/08/2016 01:14:36]
    C:\AdwCleaner\AdwCleaner[S1].txt - [2144 Bytes] - [29/04/2017 13:10:55]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2050 Bytes] ##########
     
  12. 2017/04/29
    Damon Davey

    Damon Davey New Member Thread Starter

    Joined:
    2017/04/23
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Computer Experience:
    Intermediate
    Hello
    here is the last one

    Thank You so much and let me know what you think.

    Junkware Scan
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.3 (04.10.2017)
    Operating System: Windows 8.1 x64
    Ran by Damon (Administrator) on Sat 04/29/2017 at 20:26:38.71
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 3

    Successfully deleted: C:\Users\Damon\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67} (Empty Folder)
    Successfully deleted: C:\Users\Damon\Documents\add-in express (Folder)
    Successfully deleted: C:\WINDOWS\wininit.ini (File)



    Registry: 3

    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} (Registry Key)
    Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 04/29/2017 at 20:27:53.54
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  13. 2017/04/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Good news, but we need to finish cleaning process...

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  14. 2017/05/01
    Damon Davey

    Damon Davey New Member Thread Starter

    Joined:
    2017/04/23
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Computer Experience:
    Intermediate
    Ok I will do that today. I just noticed that my task manager is also disabled by admin
     
  15. 2017/05/01
    Damon Davey

    Damon Davey New Member Thread Starter

    Joined:
    2017/04/23
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Computer Experience:
    Intermediate
    Hello
    I have re-run the Farbar Recovery Scan and posted the logs below.

    Thanks
    Damon

    FRST Scan Log (I have to send the Addition in another post, its too big and wont send)
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-05-2017
    Ran by Damon (administrator) on THEDAVEYS (01-05-2017 16:31:22)
    Running from D:\BACKUP\DAMON\Software\ASUS Virus Info (windows explorer)
    Loaded Profiles: Damon (Available Profiles: Damon)
    Platform: Windows 8.1 (Update) (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
    () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
    (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\THEDAVEYS\THEDAVEYS\svchost.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
    (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Farbar) D:\BACKUP\DAMON\Software\ASUS Virus Info (windows explorer)\Farbar Recovery Scan Tool (64).exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7192792 2013-07-05] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
    HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-18] (ASUS Cloud Corporation)
    HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-08-20] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-23] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [518456 2015-09-13] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2015-09-13] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
    HKLM-x32\...\Run: [SOUND CARD DRIVER] => C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\THEDAVEYS\THEDAVEYS\svchost.exe [189831 2009-09-04] (Microsoft Corporation)
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-12-06] (AMD)
    HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [689304 2012-09-23] (Adobe Systems Incorporated)
    HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\MountPoints2: {435d0d18-ece0-11e4-bee2-d850e6c35860} - "E:\VerizonWirelessUpgradeAssistantSetup.exe" -a
    ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Damon\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
    ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Damon\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
    ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Damon\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Damon\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Damon\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Damon\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk [2014-11-23]
    ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (No File)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-10-21]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\Damon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk [2017-05-01]
    ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    Startup: C:\Users\Damon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (use this one).lnk [2017-02-07]
    ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (use this one).lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    Startup: C:\Users\Damon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-03-28]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
    BootExecute: autocheck autochk * sdnclean64.exe
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{39875994-5A60-4A5F-A0D6-EE13B0ECF40F}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-7a9c68e8
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
    SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
    SearchScopes: HKLM-x32 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-7a9c68e8&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001 -> DefaultScope {D489BEDE-31C4-4090-9467-75EB28B6FAF2} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    SearchScopes: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001 -> {D489BEDE-31C4-4090-9467-75EB28B6FAF2} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-23] (Oracle Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-23] (Oracle Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-23] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-23] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://flagstar.webex.com/client/WBXclient-T28L10NSP12EP6-17378/training/ieatgpc1.cab
    DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1082
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)

    FireFox:
    ========
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-05-27] [not signed]
    FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-23] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-23] (Oracle Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-09-13] (Citrix Systems, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-23] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-23] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-03] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-4170765248-3900003607-1771355706-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Damon\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-26] (Citrix Online)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
    R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
    R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-06-23] (ASUSTeK Computer Inc.)
    R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-18] () [File not signed]
    S3 ExpressInvoiceService; C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [2601040 2014-06-27] (NCH Software)
    R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
    S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
    S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AC_Service.exe [310080 2015-10-26] (Citrix Online, a division of Citrix Systems, Inc.)
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
    R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
    R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
    R3 AU8168; C:\WINDOWS\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
    S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
    S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-03-22] ()
    R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-04-29] (Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-05-01] (Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-05-01] (Malwarebytes)
    R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-01] (Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92096 2017-05-01] (Malwarebytes)
    R3 RtlWlanu; C:\WINDOWS\system32\DRIVERS\rtwlanu.sys [3860224 2015-08-05] (Realtek Semiconductor Corporation )
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
    S3 NPF; system32\drivers\npf.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-05-01 10:19 - 2017-05-01 10:24 - 00203125 _____ C:\Users\Damon\Desktop\CDC Dachshund Davey Signed.pdf
    2017-05-01 08:08 - 2017-05-01 08:08 - 00071168 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ijl11pro.DLL
    2017-04-30 04:58 - 2017-05-01 08:11 - 00000523 _____ C:\WINDOWS\winhelp.ini
    2017-04-29 20:34 - 2017-04-29 20:34 - 00000798 _____ C:\Users\Damon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Junkware Removal Tool.lnk
    2017-04-29 20:20 - 2017-04-29 20:20 - 00000761 _____ C:\Users\Damon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\adwcleaner_6.lnk
    2017-04-29 06:45 - 2017-05-01 14:26 - 00092096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2017-04-29 06:45 - 2017-05-01 08:10 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2017-04-29 06:45 - 2017-05-01 08:10 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2017-04-29 06:45 - 2017-05-01 08:10 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2017-04-29 06:45 - 2017-04-29 06:45 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
    2017-04-29 06:44 - 2017-04-29 06:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-04-29 06:44 - 2017-04-29 06:44 - 00000000 ____D C:\Program Files\Malwarebytes
    2017-04-29 06:44 - 2017-03-22 11:02 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
    2017-04-29 06:34 - 2017-04-29 08:03 - 00000000 ____D C:\ProgramData\RogueKiller
    2017-04-29 06:34 - 2017-04-29 06:42 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2017-04-29 06:34 - 2017-04-29 06:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2017-04-29 06:34 - 2017-04-29 06:34 - 00000000 ____D C:\Program Files\RogueKiller
    2017-04-28 05:53 - 2017-05-01 16:31 - 00000000 ____D C:\FRST
    2017-04-26 14:08 - 2017-04-26 14:08 - 01006118 _____ C:\Users\Damon\Desktop\Co-Ownership Contract (Signed).pdf
    2017-04-26 14:03 - 2017-04-26 14:03 - 00998890 _____ C:\Users\Damon\Desktop\CoOwership Agreement.pdf
    2017-04-26 07:37 - 2017-04-26 07:37 - 00000000 ____D C:\WINDOWS\system32\Plug-In Settings
    2017-04-24 12:30 - 2017-04-24 12:30 - 00000000 ____D C:\Users\Damon\AppData\Local\Apple Computer
    2017-04-24 12:30 - 2017-04-24 12:30 - 00000000 ____D C:\Users\Damon\AppData\Local\Apple
    2017-04-23 17:15 - 2017-05-01 14:36 - 00000000 ____D C:\Users\Damon\AppData\Local\CrashDumps
    2017-04-23 11:14 - 2017-04-23 11:50 - 00000000 ____D C:\Users\Damon\AppData\Local\Adobe
    2017-04-23 11:04 - 2017-04-23 11:13 - 00264218 _____ C:\WINDOWS\ntbtlog.txt
    2017-04-23 10:59 - 2013-08-22 06:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170423-105936.backup
    2017-04-23 09:15 - 2017-04-29 06:39 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2017-04-23 09:15 - 2017-04-23 17:18 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2017-04-23 09:15 - 2017-04-23 09:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
    2017-04-23 06:36 - 2017-04-23 06:36 - 00000000 ____D C:\Users\Damon\AppData\Roaming\Sun
    2017-04-23 06:35 - 2017-04-23 06:35 - 00000000 ____D C:\Users\Damon\AppData\Roaming\Yahoo
    2017-04-23 06:33 - 2017-04-23 06:33 - 00000000 ____D C:\Users\Damon\AppData\LocalLow\Oracle
    2017-04-23 05:41 - 2017-04-23 06:17 - 00000000 ____D C:\Users\Damon\AppData\Local\NPE
    2017-04-23 05:41 - 2017-04-23 05:41 - 00000000 ____D C:\ProgramData\Norton
    2017-04-22 23:34 - 2017-04-22 23:34 - 00002859 _____ C:\Users\Damon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\µTorrent.lnk
    2017-04-22 21:15 - 2017-04-23 17:18 - 00000000 ____D C:\Users\Damon\AppData\Roaming\uTorrent
    2017-04-22 20:30 - 2017-04-22 20:30 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2017-04-22 17:14 - 2017-04-23 09:12 - 00000023 _____ C:\msdos.sys
    2017-04-22 17:14 - 2017-04-22 17:14 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\mfc70.dll
    2017-04-22 17:12 - 2017-04-23 10:56 - 00000000 ____D C:\ProgramData\AgentSS
    2017-04-22 17:12 - 2017-04-22 17:12 - 00000000 ____D C:\ProgramData\AgentWL
    2017-04-22 17:12 - 2017-04-22 17:12 - 00000000 ____D C:\ProgramData\AgentSL
    2017-04-22 16:45 - 2017-04-23 10:56 - 00000000 ___HD C:\ProgramData\sa
    2017-04-22 16:45 - 2008-01-30 18:36 - 00090112 _____ (MindVision Software) C:\WINDOWS\unvise32.exe
    2017-04-22 16:44 - 2017-04-23 11:02 - 00000000 ___HD C:\Program Files (x86)\sysconfig
    2017-04-16 03:54 - 2017-03-31 18:12 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2017-04-16 03:54 - 2017-03-31 18:12 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2017-04-12 11:18 - 2015-07-19 20:09 - 08480303 _____ C:\Users\Damon\Desktop\1-04 Coming Down.m4a
    2017-04-12 05:26 - 2017-03-21 06:11 - 00875712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
    2017-04-12 05:26 - 2017-03-21 06:11 - 00869568 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
    2017-04-12 05:26 - 2017-03-21 06:11 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
    2017-04-12 05:26 - 2017-03-21 06:11 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
    2017-04-12 05:22 - 2017-03-25 12:39 - 20284416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2017-04-12 05:22 - 2017-03-25 12:07 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2017-04-12 05:22 - 2017-03-25 12:06 - 13654016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2017-04-12 05:22 - 2017-03-25 11:55 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2017-04-12 05:22 - 2017-03-25 11:52 - 02289152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2017-04-12 05:22 - 2017-03-25 11:51 - 01313280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2017-04-12 05:22 - 2017-03-25 11:47 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2017-04-12 05:22 - 2017-03-25 11:10 - 02898432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2017-04-12 05:22 - 2017-03-25 10:52 - 25746944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2017-04-12 05:22 - 2017-03-25 09:59 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2017-04-12 05:22 - 2017-03-25 09:28 - 15259136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2017-04-12 05:22 - 2017-03-25 09:24 - 03241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2017-04-12 05:22 - 2017-03-25 09:10 - 01546240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2017-04-12 05:22 - 2017-03-24 21:43 - 01375960 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2017-04-12 05:22 - 2017-03-24 11:24 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2017-04-12 05:22 - 2017-03-14 07:26 - 03714560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2017-04-12 05:22 - 2017-03-14 07:09 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
    2017-04-12 05:22 - 2017-03-14 07:08 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2017-04-12 05:22 - 2017-03-14 07:06 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2017-04-12 05:22 - 2017-03-10 20:59 - 01763888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
    2017-04-12 05:22 - 2017-03-10 20:56 - 01489608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
    2017-04-12 05:22 - 2017-03-10 20:49 - 00388440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2017-04-12 05:22 - 2017-03-10 20:44 - 00373080 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2017-04-12 05:22 - 2017-03-10 20:41 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2017-04-12 05:22 - 2017-03-09 14:13 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2017-04-12 05:22 - 2017-03-07 16:25 - 01661064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2017-04-12 05:22 - 2017-03-07 16:21 - 01212760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2017-04-12 05:22 - 2017-03-04 09:37 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2017-04-12 05:22 - 2017-03-03 08:11 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
    2017-04-12 05:22 - 2017-03-03 08:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
    2017-04-12 05:22 - 2017-02-11 11:18 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
    2017-04-12 05:22 - 2017-02-11 10:00 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2017-04-12 05:22 - 2017-02-04 10:51 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
    2017-04-12 05:22 - 2017-02-01 12:42 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2017-04-12 05:22 - 2017-01-18 19:18 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2017-04-12 05:22 - 2017-01-18 07:35 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
    2017-04-12 05:22 - 2017-01-14 13:32 - 00955016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2017-04-12 05:22 - 2017-01-14 12:18 - 00787688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2017-04-12 05:22 - 2017-01-12 09:51 - 00274776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
    2017-04-12 05:22 - 2017-01-12 09:51 - 00117592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
    2017-04-12 05:22 - 2017-01-11 12:12 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
    2017-04-12 05:22 - 2017-01-11 08:09 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
    2017-04-12 05:22 - 2017-01-10 14:06 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
    2017-04-12 05:22 - 2017-01-10 13:46 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
    2017-04-12 05:22 - 2017-01-10 12:20 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
    2017-04-12 05:22 - 2017-01-10 12:09 - 01108480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
    2017-04-12 05:22 - 2017-01-06 10:25 - 02513408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
    2017-04-12 05:22 - 2017-01-06 10:04 - 01495552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
    2017-04-12 05:22 - 2016-12-24 18:14 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
    2017-04-12 05:22 - 2016-12-24 17:48 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
    2017-04-12 05:21 - 2017-03-25 11:48 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2017-04-12 05:21 - 2017-03-25 11:47 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2017-04-12 05:21 - 2017-03-25 11:46 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2017-04-12 05:21 - 2017-03-25 11:46 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2017-04-12 05:21 - 2017-03-25 11:46 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2017-04-12 05:21 - 2017-03-25 11:45 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2017-04-12 05:21 - 2017-03-25 11:45 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2017-04-12 05:21 - 2017-03-25 11:13 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2017-04-12 05:21 - 2017-03-25 10:56 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2017-04-12 05:21 - 2017-03-25 10:41 - 06045696 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2017-04-12 05:21 - 2017-03-25 10:12 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2017-04-12 05:21 - 2017-03-25 10:04 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2017-04-12 05:21 - 2017-03-25 10:00 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2017-04-12 05:21 - 2017-03-25 10:00 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2017-04-12 05:21 - 2017-03-25 09:57 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2017-04-12 05:21 - 2017-03-25 09:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2017-04-12 05:21 - 2017-03-14 12:06 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2017-04-12 05:21 - 2017-03-13 09:13 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
    2017-04-12 05:21 - 2017-03-13 09:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
    2017-04-12 05:21 - 2017-03-13 09:08 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
    2017-04-12 05:21 - 2017-03-13 09:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2017-04-12 05:21 - 2017-03-13 08:59 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
    2017-04-12 05:21 - 2017-03-13 08:59 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
    2017-04-12 05:21 - 2017-03-13 08:56 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2017-04-12 05:21 - 2017-03-12 08:04 - 00033792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
    2017-04-12 05:21 - 2017-03-10 20:49 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2017-04-12 05:21 - 2017-03-09 14:08 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2017-04-12 05:21 - 2017-03-09 12:29 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2017-04-12 05:21 - 2017-03-04 12:24 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2017-04-12 05:21 - 2017-03-04 12:06 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
    2017-04-12 05:21 - 2017-03-04 11:15 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
    2017-04-12 05:21 - 2017-03-03 08:10 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
    2017-04-12 05:21 - 2017-03-03 08:04 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
    2017-04-12 05:21 - 2017-02-11 09:49 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
    2017-04-12 05:21 - 2017-02-11 09:42 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
    2017-04-12 05:21 - 2017-02-10 12:06 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
    2017-04-12 05:21 - 2017-02-10 07:37 - 00046600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
    2017-04-12 05:21 - 2017-02-04 10:53 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
    2017-04-12 05:21 - 2017-02-04 10:19 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
    2017-04-12 05:21 - 2017-02-01 12:44 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2017-04-12 05:21 - 2017-01-18 07:34 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
    2017-04-12 05:21 - 2017-01-14 07:37 - 00447095 _____ C:\WINDOWS\system32\ApnDatabase.xml
    2017-04-12 05:21 - 2017-01-11 23:12 - 00990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2017-04-12 05:21 - 2017-01-11 10:28 - 00422744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2017-04-12 05:21 - 2017-01-10 15:37 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
    2017-04-12 05:21 - 2016-12-24 18:21 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
    2017-04-12 05:21 - 2016-12-24 17:19 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
    2017-04-12 05:21 - 2016-12-24 16:39 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
    2017-04-12 05:21 - 2016-12-09 01:08 - 00379736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-05-01 10:14 - 2014-05-26 14:42 - 00000000 ____D C:\Users\Damon\AppData\Local\Packages
    2017-05-01 08:14 - 2014-03-18 03:03 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-05-01 08:14 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\Inf
    2017-05-01 08:11 - 2014-06-26 12:33 - 00000000 ___DO C:\Users\Damon\OneDrive
    2017-05-01 08:10 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-05-01 08:09 - 2013-08-22 06:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
    2017-04-30 06:04 - 2014-05-26 14:51 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4170765248-3900003607-1771355706-1001
    2017-04-29 20:13 - 2016-08-27 01:13 - 00000000 ____D C:\AdwCleaner
    2017-04-29 08:08 - 2016-08-27 02:38 - 00000000 ____D C:\Program Files (x86)\Wise
    2017-04-29 08:00 - 2014-06-07 00:16 - 00001514 _____ C:\Users\Damon\Desktop\Internet- Explorer.lnk
    2017-04-29 07:22 - 2013-08-22 08:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
    2017-04-29 06:44 - 2014-08-14 10:40 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-04-26 14:08 - 2016-03-10 13:20 - 00000000 ____D C:\Users\Damon\Desktop\SCANS
    2017-04-23 09:08 - 2014-06-26 16:25 - 00000000 ____D C:\Users\Damon\AppData\Local\ElevatedDiagnostics
    2017-04-23 09:01 - 2014-06-25 16:39 - 00000000 ____D C:\ProgramData\Oracle
    2017-04-23 06:37 - 2014-06-25 16:36 - 00000000 ____D C:\Program Files (x86)\Java
    2017-04-23 06:36 - 2014-10-07 23:21 - 00318528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
    2017-04-23 06:36 - 2014-10-07 23:21 - 00206912 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
    2017-04-23 06:36 - 2014-10-07 23:21 - 00206912 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
    2017-04-23 06:36 - 2014-10-07 23:21 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
    2017-04-23 06:36 - 2014-10-07 23:21 - 00000000 ____D C:\Program Files\Java
    2017-04-23 06:36 - 2014-06-25 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2017-04-23 06:35 - 2014-06-25 16:36 - 00268864 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
    2017-04-23 06:35 - 2014-06-25 16:36 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2017-04-23 06:10 - 2014-07-09 16:15 - 00000000 ____D C:\Program Files (x86)\NCH Software
    2017-04-22 23:32 - 2014-06-26 12:09 - 00000000 ____D C:\Users\Damon
    2017-04-22 23:09 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-04-22 23:04 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\registration
    2017-04-22 18:31 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\tracing
    2017-04-22 17:28 - 2014-09-25 04:50 - 00000000 ___RD C:\Users\Damon\Google Drive
    2017-04-17 09:18 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
    2017-04-17 05:00 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
    2017-04-16 03:53 - 2013-08-22 07:44 - 00563752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-04-16 03:49 - 2013-08-22 08:36 - 00000000 ___RD C:\WINDOWS\ToastData
    2017-04-16 03:49 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Windows Defender
    2017-04-16 03:49 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2017-04-12 05:30 - 2014-05-26 17:15 - 00000000 ____D C:\WINDOWS\system32\MRT
    2017-04-12 05:29 - 2014-05-26 17:15 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-04-12 05:29 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
    2017-04-07 15:06 - 2014-05-27 17:51 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

    ==================== Files in the root of some directories =======

    2014-07-03 12:07 - 2015-03-31 16:20 - 0000114 _____ () C:\Users\Damon\AppData\Roaming\sview.ini
    2014-06-05 05:51 - 2014-06-05 05:51 - 0000057 _____ () C:\ProgramData\Ament.ini
    2014-09-23 05:07 - 2015-12-09 13:28 - 0009918 _____ () C:\ProgramData\hpzinstall.log
    2015-11-13 13:00 - 2016-02-04 11:06 - 0000045 _____ () C:\ProgramData\log.txt
    2014-06-06 14:59 - 2014-06-06 14:59 - 0000058 _____ () C:\ProgramData\mchguid.ini

    Some files in TEMP:
    ====================
    2017-04-29 06:34 - 2016-08-13 00:40 - 1737080 _____ (Microsoft Corporation) C:\Users\Damon\AppData\Local\Temp\dllnt_dump.dll
    2015-12-09 13:29 - 2012-10-01 17:44 - 0178824 ____R (Microsoft Corporation) C:\Users\Damon\AppData\Local\Temp\ose00000.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-05-01 08:21

    ==================== End of FRST.txt ============================
     
  16. 2017/05/01
    Damon Davey

    Damon Davey New Member Thread Starter

    Joined:
    2017/04/23
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Computer Experience:
    Intermediate
    Hello
    Here is the Addition scan.

    Thank You
    Damon

    Addition Scan Log
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-05-2017
    Ran by Damon (01-05-2017 16:31:59)
    Running from D:\BACKUP\DAMON\Software\ASUS Virus Info (windows explorer)
    Windows 8.1 (Update) (X64)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4170765248-3900003607-1771355706-500 - Administrator - Disabled)
    Damon (S-1-5-21-4170765248-3900003607-1771355706-1001 - Administrator - Enabled) => C:\Users\Damon
    Guest (S-1-5-21-4170765248-3900003607-1771355706-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-4170765248-3900003607-1771355706-1007 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    4500_G510gm_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    4500G510gm (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
    4500G510gm_Software_Min (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
    Adobe Connect 9 Add-in (HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\Adobe Connect 9 Add-in) (Version: 11,9,970,233 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
    AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.05 - ASUSTeK Computer Inc.)
    AMD Catalyst Install Manager (HKLM\...\{22E2B25B-2FFE-1A69-E591-55DD72BC5F5B}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASUS Easy Update 2 (HKLM-x32\...\{E7AA854E-6756-424E-84C2-4E47D5729AFF}) (Version: 3.00.08 - ASUSTeK Computer Inc.)
    ASUS Music Maker (HKLM-x32\...\MAGIX_{AB515018-7F9D-4047-B0C0-F26BAC30F3E1}) (Version: 18.0.3.3 - MAGIX AG)
    ASUS Music Maker (Version: 18.0.3.3 - MAGIX AG) Hidden
    ASUS MX Suite (HKLM-x32\...\MAGIX_{CFA9C800-9B0B-42E3-92E7-08B5AF2E192E}) (Version: 1.13.0.121 - MAGIX AG)
    ASUS MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
    ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
    ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4127.52 - CyberLink Corp.)
    ASUSDVD (x32 Version: 10.0.4127.52 - CyberLink Corp.) Hidden
    AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    Catalyst Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )
    Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
    Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.3.100.10 - Citrix Systems, Inc.)
    Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    DJ_AIO_06_F4500_SW_MIN (x32 Version: 140.0.851.000 - Hewlett-Packard) Hidden
    DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
    eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.06 - ASUSTeK Computer Inc.)
    ExeTec (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{34f3c40}) (Version: - ExeTec) <==== ATTENTION
    Express Invoice Invoicing Software (HKLM-x32\...\ExpressInvoice) (Version: 4.10 - NCH Software)
    F4500 (x32 Version: 140.0.851.000 - Hewlett-Packard) Hidden
    Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
    Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
    Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.3.0.1121 - Citrix Online, a division of Citrix Systems, Inc.)
    GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
    HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
    HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{FD126052-310E-4364-937B-6B5564F24578}) (Version: 14.0 - HP)
    HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
    HP Officejet 4500 G510g-m 14.0 Rel. 6 (HKLM\...\{C55BF64E-60E1-494C-B1EB-97A008141A55}) (Version: 14.0 - HP)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
    HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)
    HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
    HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
    Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
    Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
    Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
    MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft SkyDrive (HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
    OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
    Online Plug-in (x32 Version: 14.3.100.10 - Citrix Systems, Inc.) Hidden
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6971 - Realtek Semiconductor Corp.)
    RogueKiller version 12.10.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.6.0 - Adlice Software)
    Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
    Self-service Plug-in (x32 Version: 4.3.100.10167 - Citrix Systems, Inc.) Hidden
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    SmartClient Installation Manager (x32 Version: 1.0.0 - Ellie Mae) Hidden
    SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
    Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
    SwiftView Viewer (HKLM-x32\...\SwiftView) (Version: - )
    Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
    TouchCopy 12 (x64) (HKLM\...\{8D663362-0285-4D0E-939F-98EFD5CE5137}) (Version: 12.69 - Wide Angle Software)
    TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
    Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
    Update for Skype for Business 2015 (KB3115261) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D8E86AF8-E495-4DC1-A058-7E69AA96AA8A}) (Version: - Microsoft)
    Update for Skype for Business 2015 (KB3115261) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{D8E86AF8-E495-4DC1-A058-7E69AA96AA8A}) (Version: - Microsoft)
    Update for Skype for Business 2015 (KB3115261) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D8E86AF8-E495-4DC1-A058-7E69AA96AA8A}) (Version: - Microsoft)
    VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 4.22 - NCH Software)
    WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
    Why ASUS PC (HKLM-x32\...\{5648F9D9-299E-408C-AC1F-59DC75894A1F}) (Version: 1.00.02 - ASUSTeK Computer Inc.)
    Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
    WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
    Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    影像中心 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    照片库 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Damon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Damon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Damon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Damon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {10549A0C-81CE-49A6-8F05-823DF8219420} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
    Task: {5E58FAFE-0F22-4242-8EBE-F26DA96FBE35} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
    Task: {5FE9D6A8-33EB-499A-80E4-9FE4E84604B1} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
    Task: {6113AB46-9B26-41F7-BE54-51667276F68F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-04-12] (Microsoft Corporation)
    Task: {656BC3DA-7CF1-4E1F-9E8B-F99C03F78F9D} - System32\Tasks\{C4A2AA97-A5B5-4F12-971F-4A484A17E882} => pcalua.exe -a C:\Users\Damon\AppData\Local\{B5EC83B0-9144-EF08-FCDC-CAE0D8B43678}\uninst.exe -c -FN="C:\Users\Damon\AppData\Roaming\{B5B1830A-90E3-EE7C-FBD5-C9AE27073490}\Sync.exe"-P=/Uninstall /s /noun /DelSelfDir
    Task: {68DEDADD-A6A0-4037-8720-5F85C4A6FD85} - System32\Tasks\ASUS\ASUS Easy Update 2 => C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [2013-07-04] (ASUSTeK Computer Inc.)
    Task: {89A90BF3-E0CC-4EDD-BA7E-04A30507E304} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
    Task: {938E0CCE-F123-4604-8C24-EDC1116ADB1B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {C4B98EFB-BDA4-4912-AC09-62895FE70B17} - System32\Tasks\{26FAE30F-358B-466A-B4D7-A652E254DB2A} => pcalua.exe -a "C:\Program Files (x86)\Itibiti Soft Phone\unins000.exe"
    Task: {D330DC6A-F2BF-44EC-8210-1CC141A479EE} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {E43CAF15-3962-4563-931D-030C7D3CBFB9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\msoia.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\Damon\Favorites\Program Info\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
    Shortcut: C:\Users\Damon\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_1817102133_en-us.lnk -> hxxp://www.windowssearch.com:80/suggestions?qry=google+chrome&cc=US&setlang=en-US&inlang=en-US&adlt=moderate&scale=100&contrast=none&hw=1080%2C1920&CVID=1F45CB46441247708BB62FB0ACB45B7
    Shortcut: C:\Users\Damon\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_2556942070_en-us.lnk -> hxxp://keystone.mwbsys.co
    Shortcut: C:\Users\Damon\AppData\Local\Microsoft\Windows\ConnectedSearch\History\txt_3716225050_en-US.lnk -> hxxp://www.electronerdz.com/2012/07/find-your-adobe-acrobat-serial-number/#sthash.hmzQSr8R.dpu

    ==================== Loaded Modules (Whitelisted) ==============

    2013-08-20 10:07 - 2012-06-01 02:42 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    2012-12-18 23:10 - 2012-12-18 23:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
    2017-04-29 06:44 - 2017-03-22 10:24 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
    2017-04-29 06:44 - 2017-03-23 19:40 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    2016-06-14 13:37 - 2016-06-14 13:37 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-08-20 10:07 - 2017-05-01 08:10 - 00025600 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
    2013-08-20 10:07 - 2010-06-28 19:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:C41CE1F6 [136]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7933 more sites.

    IE trusted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\flagstar.com -> hxxps://wholesale.flagstar.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\123simsen.com -> www.123simsen.com

    There are 7933 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 06:25 - 2017-04-23 10:59 - 00454348 ____R C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15592 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Damon\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKLM\...\StartupApproved\Run: => "IAStorIcon"
    HKLM\...\StartupApproved\Run: => "HotKeysCmds"
    HKLM\...\StartupApproved\Run: => "Persistence"
    HKLM\...\StartupApproved\Run32: => "ASUSWebStorage"
    HKLM\...\StartupApproved\Run32: => "ASUSPRP"
    HKLM\...\StartupApproved\Run32: => "mcui_exe"
    HKLM\...\StartupApproved\Run32: => "StartCCC"
    HKLM\...\StartupApproved\Run32: => "RemoteControl10"
    HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
    HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\...\StartupApproved\Run: => "GoogleDriveSync"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{13E29FB4-770F-44FB-B385-163B24F4520E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A4FA4D4C-3E6C-409B-83BF-0ECAF34F245E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{BF325926-10DA-492B-A4C4-031C9DA33937}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{D5F071B5-5D6A-48B4-8AFF-79E5593A41E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4D0872CE-65A7-46A0-A00A-A02F6E90CFB9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{9CCD0621-7AD4-4B35-8CEE-082ECEF8FE0F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{C28ACCF0-82D0-4059-9EFC-42A42F1AEE95}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{130A9D61-493C-4E4A-AE52-42A874A46C39}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [UDP Query User{A2AE26BF-C7C7-4A49-AB08-966BCDD85095}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [TCP Query User{026462B0-91AD-4067-B016-45483FB88FF2}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [{87EF0AD9-0EBE-4323-8BA0-A708BB9A3806}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
    FirewallRules: [{07EFA879-A2BD-49CC-9ACC-8CFE6AB476FB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
    FirewallRules: [{4FE52619-89FA-46EB-8FA1-2A3DC76B65B1}] => (Allow) LPort=1900
    FirewallRules: [{0F8DB801-CCF3-45AC-81B6-CB94A886C821}] => (Allow) LPort=2869
    FirewallRules: [{A7AAAB41-B947-4016-BB79-85C1350AF9A6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{898D5C79-E79C-4140-891A-24D743EB1E40}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{9A8AA1F7-08FA-41A0-9951-B8137B8B9B88}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{E6D6C126-D3EC-4D52-BCE5-3CC1BEF22254}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{343A97C5-86E4-4B48-BD43-B87609010380}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{C95074DC-76AF-44DE-937A-F142837E51B0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
    FirewallRules: [{DA53065D-E2BD-4131-8D7C-0268A4364B04}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{8A1B2D9E-261D-41E0-B5CD-605298ED98A4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
    FirewallRules: [{53E70031-B7C2-4422-A0EA-37874989B1EF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{633B9666-1270-4608-A5A2-E3D540CAC426}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{4D72F2CC-8EC3-43BE-81D2-C1025539CF9E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{E14B5BCD-8B8F-46BD-8022-57CE6105AC8C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{5411FBB2-BEFC-48EF-9067-6D50FEF19DD0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{C359B6D9-98F4-4CC1-8403-088D636B5043}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
    FirewallRules: [{9BDA79EB-B85B-4C2A-BFCB-852B4C47EAC6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{7311B2FB-6CE8-40EA-91D3-89BFE552679B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{C18ECD73-EE4A-4C5F-901F-F7A498A97B84}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{BC125FF0-A2D1-4C79-B34B-7061271F3AC0}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{3A680D56-133C-4A6A-92D0-514B49C5E99D}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\FaxApplications.exe
    FirewallRules: [{D0DC2B39-49DC-4902-89F7-F788F874A6C1}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\DigitalWizards.exe
    FirewallRules: [{10384152-996C-445B-B361-E77482BDC4A2}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\SendAFax.exe
    FirewallRules: [{1F491103-CE98-4653-9575-7728605E03CC}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\DeviceSetup.exe
    FirewallRules: [{50861B29-FC06-4A23-8D91-ABEA1973C054}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{E58879C7-5BE7-4E94-A768-D56E7050DFB3}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{207601B3-3D55-4546-820D-98E34E5BEB85}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{8607021E-9F99-4DC4-9C56-B0D917FA9286}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
    FirewallRules: [{4A3E8254-B8F3-4449-AAF6-CFFA0558C3E5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
    FirewallRules: [{77AAD147-47B4-497B-ACA3-B8C9537DC3E4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
    FirewallRules: [{98297B02-C08B-45BC-B34D-CC8D7F8FB8B6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
    FirewallRules: [{AEF383D9-56E6-488A-A8ED-4F468EE409F2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe

    ==================== Restore Points =========================

    01-05-2017 11:13:07 Windows Update

    ==================== Faulty Device Manager Devices =============

    Name: Deskjet F4500 series
    Description: Deskjet F4500 series
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Deskjet F4500 series
    Description: Deskjet F4500 series
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: HP
    Service: StillCam
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/01/2017 02:21:02 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: LiveUpdt.exe, version: 2.0.0.0, time stamp: 0x51d531bc
    Faulting module name: LiveUpdt.exe, version: 2.0.0.0, time stamp: 0x51d531bc
    Exception code: 0xc0000005
    Fault offset: 0x000415f9
    Faulting process id: 0x13a0
    Faulting application start time: 0x01d2c2c0d550cabf
    Faulting application path: C:\Program Files (x86)\ASUS\ASUS Easy Update\LiveUpdt.exe
    Faulting module path: C:\Program Files (x86)\ASUS\ASUS Easy Update\LiveUpdt.exe
    Report Id: 1359d506-2eb4-11e7-bf6f-d850e6c35860
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (05/01/2017 08:31:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Client application bug: DNSServiceResolve(88:c6:63:8a:c4:02@fe80::8ac6:63ff:fe8a:c402._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

    Error: (04/30/2017 02:18:45 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: LiveUpdt.exe, version: 2.0.0.0, time stamp: 0x51d531bc
    Faulting module name: LiveUpdt.exe, version: 2.0.0.0, time stamp: 0x51d531bc
    Exception code: 0xc0000005
    Fault offset: 0x000415f9
    Faulting process id: 0x944
    Faulting application start time: 0x01d2c1f759542689
    Faulting application path: C:\Program Files (x86)\ASUS\ASUS Easy Update\LiveUpdt.exe
    Faulting module path: C:\Program Files (x86)\ASUS\ASUS Easy Update\LiveUpdt.exe
    Report Id: 976a41ae-2dea-11e7-bf6d-d850e6c35860
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (04/30/2017 05:02:38 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe, version: 6.3.9600.17415, time stamp: 0x54504177
    Faulting module name: combase.dll, version: 6.3.9600.18202, time stamp: 0x569e6ee3
    Exception code: 0xc0000005
    Fault offset: 0x00000000000394ca
    Faulting process id: 0xaac
    Faulting application start time: 0x01d2c15fed797a95
    Faulting application path: C:\WINDOWS\system32\svchost.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\combase.dll
    Report Id: e770b32b-2d9c-11e7-bf6c-d850e6c35860
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (04/29/2017 08:27:21 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SelfServicePlugin.exe, version: 4.3.100.10167, time stamp: 0x55f5668d
    Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x5736541b
    Exception code: 0xc0020001
    Fault offset: 0x00014878
    Faulting process id: 0x13f8
    Faulting application start time: 0x01d2c1602daa50a0
    Faulting application path: C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\KERNELBASE.dll
    Report Id: eb5befae-2d54-11e7-bf6c-d850e6c35860
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (04/29/2017 01:21:54 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: LiveUpdt.exe, version: 2.0.0.0, time stamp: 0x51d531bc
    Faulting module name: LiveUpdt.exe, version: 2.0.0.0, time stamp: 0x51d531bc
    Exception code: 0xc0000005
    Fault offset: 0x000415f9
    Faulting process id: 0xbcc
    Faulting application start time: 0x01d2c1263ddde793
    Faulting application path: C:\Program Files (x86)\ASUS\ASUS Easy Update\LiveUpdt.exe
    Faulting module path: C:\Program Files (x86)\ASUS\ASUS Easy Update\LiveUpdt.exe
    Report Id: 7bf0f848-2d19-11e7-bf6b-d850e6c35860
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (04/29/2017 06:26:33 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
    Description: There was an error with the Windows Location Provider database

    Error: (04/28/2017 11:48:17 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: LiveUpdt.exe, version: 2.0.0.0, time stamp: 0x51d531bc
    Faulting module name: LiveUpdt.exe, version: 2.0.0.0, time stamp: 0x51d531bc
    Exception code: 0xc0000005
    Fault offset: 0x000415f9
    Faulting process id: 0x14f0
    Faulting application start time: 0x01d2c04fff06b79f
    Faulting application path: C:\Program Files (x86)\ASUS\ASUS Easy Update\LiveUpdt.exe
    Faulting module path: C:\Program Files (x86)\ASUS\ASUS Easy Update\LiveUpdt.exe
    Report Id: 3d68d97e-2c43-11e7-bf69-d850e6c35860
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (04/28/2017 07:55:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Client application bug: DNSServiceResolve(88:c6:63:8a:c4:02@fe80::8ac6:63ff:fe8a:c402._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

    Error: (04/27/2017 11:41:42 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: LiveUpdt.exe, version: 2.0.0.0, time stamp: 0x51d531bc
    Faulting module name: LiveUpdt.exe, version: 2.0.0.0, time stamp: 0x51d531bc
    Exception code: 0xc0000005
    Fault offset: 0x000415f9
    Faulting process id: 0x199c
    Faulting application start time: 0x01d2bf85e9a7c28f
    Faulting application path: C:\Program Files (x86)\ASUS\ASUS Easy Update\LiveUpdt.exe
    Faulting module path: C:\Program Files (x86)\ASUS\ASUS Easy Update\LiveUpdt.exe
    Report Id: 279775ba-2b79-11e7-bf69-d850e6c35860
    Faulting package full name:
    Faulting package-relative application ID:


    System errors:
    =============
    Error: (05/01/2017 04:28:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Security Update for Microsoft PowerPoint 2013 (KB3115487) 64-Bit Edition.

    Error: (05/01/2017 04:28:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft Excel 2013 (KB3191823) 64-Bit Edition.

    Error: (05/01/2017 04:28:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft Office 2013 (KB3172448) 64-Bit Edition.

    Error: (05/01/2017 04:28:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Hewlett-Packard - Imaging, Other hardware - Null Fax - HP Photosmart 7520 series.

    Error: (05/01/2017 04:28:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft PowerPoint 2013 (KB3162043) 64-Bit Edition.

    Error: (05/01/2017 04:28:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft Publisher 2013 (KB3114329) 64-Bit Edition.

    Error: (05/01/2017 04:28:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Security Update for Microsoft Excel 2013 (KB3172542) 64-Bit Edition.

    Error: (05/01/2017 04:28:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft OneDrive for Business (KB3178645) 64-Bit Edition.

    Error: (05/01/2017 04:28:05 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft OneNote 2013 (KB3141465) 64-Bit Edition.

    Error: (05/01/2017 04:28:05 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft Access 2013 (KB3118349) 64-Bit Edition.


    CodeIntegrity:
    ===================================
    Date: 2017-04-29 07:13:08.025
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-04-28 06:35:55.749
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-04-28 06:35:55.539
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-04-28 06:35:55.321
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-04-28 06:35:55.102
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-04-23 14:45:41.720
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-04-23 11:44:36.718
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-04-23 06:48:19.354
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-04-23 00:03:58.580
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-04-22 23:33:05.433
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4770S CPU @ 3.10GHz
    Percentage of memory in use: 27%
    Total physical RAM: 8131.28 MB
    Available physical RAM: 5910.96 MB
    Total Virtual: 9411.28 MB
    Available Virtual: 6899.18 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:149.56 GB) (Free:18.28 GB) NTFS
    Drive d: (Data) (Fixed) (Total:759.33 GB) (Free:700.84 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 3496C9C5)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  17. 2017/05/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  18. 2017/05/05
    Damon Davey

    Damon Davey New Member Thread Starter

    Joined:
    2017/04/23
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Computer Experience:
    Intermediate
    Hello
    Here is the fixlog below. Sorry for the delay

    Thanks, Damon

    FIXLOG
    Fix result of Farbar Recovery Scan Tool (x64) Version: 05-05-2017 02
    Ran by Damon (05-05-2017 17:14:14) Run:1
    Running from D:\BACKUP\DAMON\Software\ASUS Virus Info (windows explorer)
    Loaded Profiles: Damon (Available Profiles: Damon)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKLM-x32\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Damon\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
    ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Damon\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
    ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Damon\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
    ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Damon\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Damon\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Damon\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (No File)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
    Toolbar: HKU\S-1-5-21-4170765248-3900003607-1771355706-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    S3 NPF; system32\drivers\npf.sys [X]
    2014-07-03 12:07 - 2015-03-31 16:20 - 0000114 _____ () C:\Users\Damon\AppData\Roaming\sview.ini
    2014-06-05 05:51 - 2014-06-05 05:51 - 0000057 _____ () C:\ProgramData\Ament.ini
    2014-09-23 05:07 - 2015-12-09 13:28 - 0009918 _____ () C:\ProgramData\hpzinstall.log
    2015-11-13 13:00 - 2016-02-04 11:06 - 0000045 _____ () C:\ProgramData\log.txt
    2014-06-06 14:59 - 2014-06-06 14:59 - 0000058 _____ () C:\ProgramData\mchguid.ini
    2017-04-29 06:34 - 2016-08-13 00:40 - 1737080 _____ (Microsoft Corporation) C:\Users\Damon\AppData\Local\Temp\dllnt_dump.dll
    2015-12-09 13:29 - 2012-10-01 17:44 - 0178824 ____R (Microsoft Corporation) C:\Users\Damon\AppData\Local\Temp\ose00000.exe

    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
    HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => key removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
    HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
    HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
    HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
    HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
    HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
    C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe => not found.
    HKLM\SOFTWARE\Policies\Google => key removed successfully
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
    HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
    HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
    HKLM\System\CurrentControlSet\Services\NPF => key removed successfully
    NPF => service removed successfully
    C:\Users\Damon\AppData\Roaming\sview.ini => moved successfully
    C:\ProgramData\Ament.ini => moved successfully
    C:\ProgramData\hpzinstall.log => moved successfully
    C:\ProgramData\log.txt => moved successfully
    C:\ProgramData\mchguid.ini => moved successfully
    C:\Users\Damon\AppData\Local\Temp\dllnt_dump.dll => moved successfully
    C:\Users\Damon\AppData\Local\Temp\ose00000.exe => moved successfully

    ==== End of Fixlog 17:14:15 ====
     
  19. 2017/05/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  20. 2017/05/08
    Damon Davey

    Damon Davey New Member Thread Starter

    Joined:
    2017/04/23
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Computer Experience:
    Intermediate
    Hello
    sorry for the delay but here are the logs that you requested. (Security Check, Farbar Service Scanner, Sophos Free Virus Removal Tool)

    Thank You
    Damon


    Security Check
    Results of screen317's Security Check version 1.014 --- 12/23/15
    x64 (UAC is disabled!)

    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    Malwarebytes
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    MVPS Hosts File
    Java 8 Update 131
    Java version 32-bit out of Date!

    Adobe Reader 10.1.3 Adobe Reader out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamtray.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````


    Farbar Service Scanner
    Farbar Service Scanner Version: 27-01-2016
    Ran by Damon (administrator) on 08-05-2017 at 12:42:11
    Running from "C:\Users\Damon\Desktop"
    Microsoft Windows 8.1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.
    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    System Restore:
    ============
    System Restore Policy:
    ========================
    Action Center:
    ============
    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Demand. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.
    Windows Autoupdate Disabled Policy:
    ============================
    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1
    Other Services:
    ==============
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****

    Sophos Free Virus Removal Tool

    2017-05-08 19:51:12.265 Sophos Virus Removal Tool version 2.5.6
    2017-05-08 19:51:12.265 Copyright (c) 2009-2016 Sophos Limited. All rights reserved.

    2017-05-08 19:51:12.265 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2017-05-08 19:51:12.265 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
    2017-05-08 19:51:12.265 Checking for updates...
    2017-05-08 19:51:12.280 Update progress: proxy server not available
    2017-05-08 19:51:17.687 Option all = no
    2017-05-08 19:51:17.687 Option recurse = yes
    2017-05-08 19:51:17.687 Option archive = no
    2017-05-08 19:51:17.687 Option service = yes
    2017-05-08 19:51:17.687 Option confirm = yes
    2017-05-08 19:51:17.687 Option sxl = yes
    2017-05-08 19:51:17.687 Option max-data-age = 35
    2017-05-08 19:51:17.687 Option vdl-logging = yes
    2017-05-08 19:51:17.703 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2017-05-08 19:51:17.703 Machine ID: a9484b53718244b09afea0f379a8c361
    2017-05-08 19:51:17.703 Component SVRTcli.exe version 2.5.6
    2017-05-08 19:51:17.703 Component control.dll version 2.5.6
    2017-05-08 19:51:17.703 Component SVRTservice.exe version 2.5.6
    2017-05-08 19:51:17.703 Component engine\osdp.dll version 1.44.1.2281
    2017-05-08 19:51:17.703 Component engine\veex.dll version 3.68.1.2281
    2017-05-08 19:51:17.703 Component engine\savi.dll version 9.0.7.2281
    2017-05-08 19:51:17.703 Component rkdisk.dll version 1.5.31.1
    2017-05-08 19:51:17.703 Version info: Product version 2.5.6
    2017-05-08 19:51:17.703 Version info: Detection engine 3.68.1
    2017-05-08 19:51:17.703 Version info: Detection data 5.38
    2017-05-08 19:51:17.703 Version info: Build date 4/4/2017
    2017-05-08 19:51:17.703 Version info: Data files added 267
    2017-05-08 19:51:17.703 Version info: Last successful update (not yet updated)
    2017-05-08 19:51:21.572 Downloading updates...
    2017-05-08 19:51:21.572 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
    2017-05-08 19:51:21.572 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
    2017-05-08 19:51:21.572 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
    2017-05-08 19:51:21.572 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
    2017-05-08 19:51:21.572 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
    2017-05-08 19:51:21.572 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
    2017-05-08 19:51:21.572 Update progress: [I49502] sdds.data0910.xml: found supplement IDE539 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
    2017-05-08 19:51:21.572 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE539 LATEST path=
    2017-05-08 19:51:21.572 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE539 LATEST path=
    2017-05-08 19:51:21.572 Update progress: [I49502] sdds.data0910.xml: found supplement IDE540 LATEST path= baseVersion= [included from product IDE539 LATEST path=]
    2017-05-08 19:51:21.572 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE540 LATEST path=
    2017-05-08 19:51:21.572 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE540 LATEST path=
    2017-05-08 19:51:21.572 Update progress: [I49502] sdds.data0910.xml: found supplement IDE541 LATEST path= baseVersion= [included from product IDE540 LATEST path=]
    2017-05-08 19:51:21.572 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE541 LATEST path=
    2017-05-08 19:51:21.572 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE541 LATEST path=
    2017-05-08 19:51:21.572 Update progress: [I49502] sdds.data0910.xml: found supplement IDE542 LATEST path= baseVersion= [included from product IDE541 LATEST path=]
    2017-05-08 19:51:21.572 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE542 LATEST path=
    2017-05-08 19:51:21.572 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE542 LATEST path=
    2017-05-08 19:51:21.572 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
    2017-05-08 19:51:21.682 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
    2017-05-08 19:51:21.682 Update progress: [I19463] Product download size 162626989 bytes
    2017-05-08 19:51:52.758 Update progress: [I19463] Syncing product IDE539 LATEST path=
    2017-05-08 19:51:52.758 Update progress: [I19463] Product download size 2453408 bytes
    2017-05-08 19:51:57.940 Update progress: [I19463] Syncing product IDE540 LATEST path=
    2017-05-08 19:51:57.940 Update progress: [I19463] Product download size 1784068 bytes
    2017-05-08 19:52:01.198 Update progress: [I19463] Syncing product IDE541 LATEST path=
    2017-05-08 19:52:01.198 Update progress: [I19463] Product download size 475666 bytes
    2017-05-08 19:52:01.886 Update progress: [I19463] Syncing product IDE542 LATEST path=
    2017-05-08 19:52:01.979 Installing updates...
    2017-05-08 19:52:02.605 Error level 1
    2017-05-08 19:52:42.683 Update successful
    2017-05-08 19:52:49.045 Option all = no
    2017-05-08 19:52:49.045 Option recurse = yes
    2017-05-08 19:52:49.045 Option archive = no
    2017-05-08 19:52:49.045 Option service = yes
    2017-05-08 19:52:49.045 Option confirm = yes
    2017-05-08 19:52:49.045 Option sxl = yes
    2017-05-08 19:52:49.045 Option max-data-age = 35
    2017-05-08 19:52:49.045 Option vdl-logging = yes
    2017-05-08 19:52:49.045 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2017-05-08 19:52:49.045 Machine ID: a9484b53718244b09afea0f379a8c361
    2017-05-08 19:52:49.045 Component SVRTcli.exe version 2.5.6
    2017-05-08 19:52:49.045 Component control.dll version 2.5.6
    2017-05-08 19:52:49.045 Component SVRTservice.exe version 2.5.6
    2017-05-08 19:52:49.045 Component engine\osdp.dll version 1.44.1.2281
    2017-05-08 19:52:49.045 Component engine\veex.dll version 3.68.1.2281
    2017-05-08 19:52:49.045 Component engine\savi.dll version 9.0.7.2281
    2017-05-08 19:52:49.045 Component rkdisk.dll version 1.5.31.1
    2017-05-08 19:52:49.045 Version info: Product version 2.5.6
    2017-05-08 19:52:49.045 Version info: Detection engine 3.68.1
    2017-05-08 19:52:49.045 Version info: Detection data 5.38
    2017-05-08 19:52:49.045 Version info: Build date 4/4/2017
    2017-05-08 19:52:49.045 Version info: Data files added 309
    2017-05-08 19:52:49.045 Version info: Last successful update 5/8/2017 12:52:42 PM

    2017-05-08 20:07:25.921 Could not open C:\hiberfil.sys
    2017-05-08 20:12:40.295 >>> Virus 'Mal/VB-A' found in file C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\THEDAVEYS\THEDAVEYS\svchost.exe
    2017-05-08 20:12:40.295 >>> Virus 'Mal/VB-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SOUND CARD DRIVER
    2017-05-08 20:12:40.295 >>> Virus 'Mal/VB-A' found in file HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
    2017-05-08 20:12:40.295 >>> Virus 'Mal/VB-A' found in file HKU\S-1-5-21-4170765248-3900003607-1771355706-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
    2017-05-08 20:12:40.295 >>> Virus 'Mal/VB-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2017-05-08 20:12:40.295 >>> Virus 'Mal/VB-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2017-05-08 20:16:32.397 Could not open C:\swapfile.sys
    2017-05-08 20:26:30.311 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2017-05-08 20:26:30.311 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2017-05-08 20:26:32.150 Could not open C:\Windows\System32\config\BBI
    2017-05-08 20:26:32.306 Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2017-05-08 20:26:32.306 Could not open C:\Windows\System32\config\RegBack\SAM
    2017-05-08 20:26:32.322 Could not open C:\Windows\System32\config\RegBack\SECURITY
    2017-05-08 20:26:32.322 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2017-05-08 20:26:32.322 Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2017-05-08 20:42:58.839 Could not open D:\pagefile.sys
    2017-05-08 20:42:58.845 Could not open LOGICAL:0005:00000000
    2017-05-08 20:42:58.847 Could not open F:\
    2017-05-08 20:42:58.849 Could not open LOGICAL:0006:00000000
    2017-05-08 20:42:58.853 Could not open G:\
    2017-05-08 20:42:58.935 Could not open PHYSICAL:0081:0000:0000:0001
    2017-05-08 20:42:58.954 The following items will be cleaned up:
    2017-05-08 20:42:58.954 Mal/VB-A





     
  21. 2017/05/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - Keep your Firefox healthy with a quick checkup
    other browsers: Qualys BrowserCheck (click on "Scan without installing plugin" and then on "Scan now")

    5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    7. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    10. Read:
    How did I get infected?, With steps so it does not happen again!: How did I get infected? - Anti-Virus, Anti-Malware, and Privacy Software
    Simple and easy ways to keep your computer safe and secure on the Internet: Simple and easy ways to keep your computer safe and secure on the Internet
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: Answers to common security questions - Best Practices - Anti-Virus, Anti-Malware, and Privacy Software

    11. Please, let me know, how your computer is doing.
     

Share This Page