Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Recently Hacked.

  1. #1
    Junior Member
    Join Date
    Oct 2016
    Posts
    6

    Default Recently Hacked.

    Morning,
    An account of mine was recently hacked in London and I wondered if it could be through the computer. Any assistance will be gratefully received.
    Thanks.

    FRST log
    can result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-10-2016
    Ran by Chris (administrator) on CHRIS-PC (30-10-2016 11:54:52)
    Running from C:\Users\Chris\Desktop
    Loaded Profiles: Chris (Available Profiles: Chris)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avpui.exe
    (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
    (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [635784 2010-01-13] (ELAN Microelectronic Corp.)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
    HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)
    HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [607584 2015-03-18] (Copyright 2013 SAMSUNG)
    HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
    HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074600 2016-08-28] (The Eraser Project)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
    HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-04-17] (Egis Technology Inc.)
    HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
    HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [14688 2015-10-16] (Western Digital Technologies, Inc.)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\Run: [Amazon Music] => C:\Users\Chris\AppData\Local\Amazon Music\Amazon Music Helper.exe [5907944 2016-03-24] ()
    HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
    HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2016-09-23] (Garmin Ltd. or its subsidiaries)
    HKU\S-1-5-21-1121932470-416344675-206018667-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [301936 2010-11-10] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-25] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-25] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-25] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-25] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-04-17] (Egis Technology Inc.)
    ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-25] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-25] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-25] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-04-17] (Egis Technology Inc.)
    ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{1f582a72-a073-4f54-b72d-36bfeb09e626}: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{cf1c6892-61d2-470e-bafd-587a3f1e0ab0}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1121932470-416344675-206018667-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
    SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
    SearchScopes: HKU\S-1-5-21-1121932470-416344675-206018667-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enGB420GB420
    SearchScopes: HKU\S-1-5-21-1121932470-416344675-206018667-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
    BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll [2010-04-21] (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-11-12] (IvoSoft)
    BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
    BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-09] (Oracle Corporation)
    BHO-x32: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner.dll [2010-04-21] (Google Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-09] (Oracle Corporation)
    BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-11-12] (IvoSoft)
    Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
    Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
    Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
    Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
    Toolbar: HKU\S-1-5-21-1121932470-416344675-206018667-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: HKLM-x32 {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://kodak.webex.com/client/T27L10NSP25/support/ieatgpc1.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: HKLM-x32 {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} hxxp://cdn1.rednoseday.com/sites/all/assets/ar/ti_required/plugin/DFusionHomeWebPlugIn.Installer.exe

    FireFox:
    ========
    FF DefaultProfile: ygfqz17h.default
    FF ProfilePath: C:\Users\Chris\AppData\Roaming\TomTom\HOME\Profiles\9iwgkyot.default [2011-08-31]
    FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
    FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\ygfqz17h.default [2016-10-30]
    FF user.js: detected! => C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\ygfqz17h.default\user.js [2015-02-10]
    FF Extension: (Avira Browser Safety) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\ygfqz17h.default\Extensions\abs@avira.com [2016-04-27]
    FF Extension: (Ghostery) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\ygfqz17h.default\Extensions\firefox@ghostery.com.xpi [2015-06-06]
    FF Extension: (Adblock Plus) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\ygfqz17h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-06]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [not found]
    FF ProfilePath: C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1121932470-416344675-206018667-1000\FireFox [2016-10-30]
    FF user.js: detected! => C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1121932470-416344675-206018667-1000\FireFox\user.js [2015-02-10]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [not found]
    FF Extension: (Anti-Banner) - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2013-06-23] [not signed]
    FF Extension: (Kaspersky URL Advisor) - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2013-06-23] [not signed]
    FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-06-23] [not signed]
    FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-06-23] [not signed]
    FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-06-23] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
    FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru => not found
    FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF Extension: (No Name) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013-01-04] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
    FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-08-20]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-08] ()
    FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [No File]
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
    FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @t-immersion.com/DFusionHomeWebPlugIn -> C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll [2010-12-08] (Total Immersion)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1121932470-416344675-206018667-1000: box.com/BoxEdit -> C:\Users\Chris\AppData\Local\Box\Box Edit\npBoxEdit.dll [2014-05-29] (Box)

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
    CHR HKU\S-1-5-21-1121932470-416344675-206018667-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
    S4 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
    R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
    S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
    S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [965136 2016-09-23] (Garmin Ltd. or its subsidiaries)
    S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
    S4 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-17] (Egis Technology Inc.)
    R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-08] (NewTech Infosystems, Inc.) [File not signed]
    R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2387952 2016-10-06] (IBM Corp.)
    S4 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [616288 2015-03-18] (Copyright 2013 SAMSUNG)
    S3 vmicvss; C:\WINDOWS\System32\ICSvc.dll [511488 2016-09-07] (Microsoft Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364456 2016-09-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-09-07] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [389816 2015-07-05] (Kaspersky Lab ZAO)
    R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
    R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
    R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [79752 2015-12-01] (AO Kaspersky Lab)
    R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78200 2015-12-01] (AO Kaspersky Lab)
    S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
    R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [182664 2015-12-11] (AO Kaspersky Lab)
    R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [237400 2016-08-20] (AO Kaspersky Lab)
    R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [182360 2016-07-26] (AO Kaspersky Lab)
    R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [992600 2016-08-20] (AO Kaspersky Lab)
    R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [51288 2016-04-29] (AO Kaspersky Lab)
    R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
    R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
    R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
    R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [87984 2016-08-20] (AO Kaspersky Lab)
    R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [110424 2016-08-20] (AO Kaspersky Lab)
    R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194440 2015-12-02] (AO Kaspersky Lab)
    S3 MirayVirtualDisk; C:\WINDOWS\System32\drivers\mvdo.sys [464472 2016-04-27] (Miray)
    R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
    R1 RapportCerberus_1609053; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys [1181672 2016-09-16] (IBM Corp.)
    R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [566248 2016-10-06] (IBM Corp.)
    S3 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [235184 2016-10-06] (IBM Corp.)
    S3 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [489712 2016-10-06] (IBM Corp.)
    S3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [547888 2016-10-06] (IBM Corp.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    U3 idsvc; no ImagePath
    S3 NTIDrvr; System32\Drivers\NTIDrvr.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-30 11:56 - 2016-10-30 11:56 - 05198336 _____ (AVAST Software) C:\Users\Chris\Downloads\aswMBR.exe
    2016-10-30 11:54 - 2016-10-30 11:55 - 00027100 _____ C:\Users\Chris\Desktop\FRST.txt
    2016-10-30 11:54 - 2016-10-30 11:54 - 00000000 ____D C:\FRST
    2016-10-30 11:53 - 2016-10-30 11:53 - 02408448 _____ (Farbar) C:\Users\Chris\Desktop\FRST64.exe
    2016-10-30 11:49 - 2016-10-30 11:49 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-CHRIS-PC-Windows-10-Home-(64-bit).dat
    2016-10-30 11:49 - 2016-10-30 11:49 - 00000000 ____D C:\RegBackup
    2016-10-30 11:48 - 2016-10-30 11:48 - 00017985 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2016-10-30 11:48 - 2016-10-30 11:48 - 00002312 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2016-10-30 11:48 - 2016-10-30 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2016-10-30 11:48 - 2016-10-30 11:48 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
    2016-10-30 11:45 - 2016-10-30 11:47 - 05596528 _____ (Tweaking.com) C:\Users\Chris\Desktop\tweaking.com_registry_backup_setup.exe
    2016-10-28 06:08 - 2016-10-28 06:08 - 00000000 ____D C:\Users\Chris\AppData\Local\Eraser 6
    2016-10-28 06:03 - 2016-10-28 06:03 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\45263CBF.sys
    2016-10-28 06:02 - 2016-10-28 06:02 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1E1B3BE1.sys
    2016-10-28 05:20 - 2016-10-28 05:20 - 00001832 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
    2016-10-28 05:20 - 2016-10-28 05:20 - 00001820 _____ C:\Users\Public\Desktop\Eraser.lnk
    2016-10-28 05:20 - 2016-10-28 05:20 - 00000000 ____D C:\Program Files\Eraser
    2016-10-27 20:12 - 2016-10-28 05:12 - 00000000 ___HD C:\$WINDOWS.~BT
    2016-10-13 12:58 - 2016-10-13 12:58 - 00000000 _____ C:\Users\Chris\ipconfig
    2016-10-11 18:54 - 2016-10-05 07:56 - 01644736 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2016-10-11 18:54 - 2016-10-05 07:56 - 01242304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-10-11 18:54 - 2016-10-05 07:56 - 00602304 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2016-10-11 18:54 - 2016-10-05 07:56 - 00591040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-10-11 18:54 - 2016-10-05 07:56 - 00329920 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-10-11 18:54 - 2016-10-05 07:56 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2016-10-11 18:54 - 2016-10-05 07:56 - 00144576 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2016-10-11 18:54 - 2016-10-05 07:56 - 00085696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2016-10-11 18:54 - 2016-10-05 07:20 - 01030408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2016-10-11 18:54 - 2016-10-05 07:20 - 00875480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2016-10-11 18:54 - 2016-10-05 07:19 - 00129376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
    2016-10-11 18:54 - 2016-10-05 07:18 - 07468384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-10-11 18:54 - 2016-10-05 07:18 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-10-11 18:54 - 2016-10-05 07:18 - 01142560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2016-10-11 18:54 - 2016-10-05 07:01 - 01637216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2016-10-11 18:54 - 2016-10-05 07:01 - 01337184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
    2016-10-11 18:54 - 2016-10-05 06:54 - 01297760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2016-10-11 18:54 - 2016-10-05 06:17 - 03693064 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2016-10-11 18:54 - 2016-10-05 06:15 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
    2016-10-11 18:54 - 2016-10-05 06:14 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-10-11 18:54 - 2016-10-05 06:09 - 00604920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-10-11 18:54 - 2016-10-05 05:45 - 00987488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2016-10-11 18:54 - 2016-10-05 05:39 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-10-11 18:54 - 2016-10-05 05:39 - 00576856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-10-11 18:54 - 2016-10-05 05:38 - 00636296 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2016-10-11 18:54 - 2016-10-05 05:38 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2016-10-11 18:54 - 2016-10-05 05:37 - 00640976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2016-10-11 18:54 - 2016-10-05 05:31 - 00422240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2016-10-11 18:54 - 2016-10-05 05:25 - 00871776 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
    2016-10-11 18:54 - 2016-10-05 05:23 - 00305808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
    2016-10-11 18:54 - 2016-10-05 05:08 - 02937896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2016-10-11 18:54 - 2016-10-05 05:05 - 00256704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
    2016-10-11 18:54 - 2016-10-05 05:01 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
    2016-10-11 18:54 - 2016-10-05 05:00 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2016-10-11 18:54 - 2016-10-05 04:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
    2016-10-11 18:54 - 2016-10-05 04:50 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
    2016-10-11 18:54 - 2016-10-05 04:49 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnpclean.dll
    2016-10-11 18:54 - 2016-10-05 04:49 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2016-10-11 18:54 - 2016-10-05 04:47 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevDispItemProvider.dll
    2016-10-11 18:54 - 2016-10-05 04:47 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
    2016-10-11 18:54 - 2016-10-05 04:38 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
    2016-10-11 18:54 - 2016-10-05 04:35 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
    2016-10-11 18:54 - 2016-10-05 04:34 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
    2016-10-11 18:54 - 2016-10-05 04:33 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2016-10-11 18:54 - 2016-10-05 04:32 - 00538744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
    2016-10-11 18:54 - 2016-10-05 04:30 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-10-11 18:54 - 2016-10-05 04:30 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
    2016-10-11 18:54 - 2016-10-05 04:30 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
    2016-10-11 18:54 - 2016-10-05 04:29 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
    2016-10-11 18:54 - 2016-10-05 04:27 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack_win.dll
    2016-10-11 18:54 - 2016-10-05 04:23 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
    2016-10-11 18:54 - 2016-10-05 04:19 - 00717152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
    2016-10-11 18:54 - 2016-10-05 04:18 - 00253080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
    2016-10-11 18:54 - 2016-10-05 04:17 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
    2016-10-11 18:54 - 2016-10-05 04:17 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
    2016-10-11 18:54 - 2016-10-05 04:15 - 00458240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
    2016-10-11 18:54 - 2016-10-05 04:10 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-10-11 18:54 - 2016-10-05 04:10 - 00602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2016-10-11 18:54 - 2016-10-05 04:07 - 01159168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrame.dll
    2016-10-11 18:54 - 2016-10-05 04:05 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2016-10-11 18:54 - 2016-10-05 04:04 - 01718272 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2016-10-11 18:54 - 2016-10-05 04:02 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2016-10-11 18:54 - 2016-10-05 04:00 - 01661952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2016-10-11 18:54 - 2016-10-05 04:00 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
    2016-10-11 18:54 - 2016-10-05 04:00 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
    2016-10-11 18:54 - 2016-10-05 03:57 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2016-10-11 18:54 - 2016-10-05 03:55 - 03549696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
    2016-10-11 18:54 - 2016-10-05 03:48 - 02437120 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2016-10-11 18:54 - 2016-10-05 03:40 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-10-11 18:54 - 2016-10-05 03:40 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
    2016-10-11 18:54 - 2016-10-05 03:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevDispItemProvider.dll
    2016-10-11 18:54 - 2016-10-05 03:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
    2016-10-11 18:54 - 2016-10-05 03:30 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
    2016-10-11 18:54 - 2016-10-05 03:29 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-10-11 18:54 - 2016-10-05 03:29 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-10-11 18:54 - 2016-10-05 03:28 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
    2016-10-11 18:54 - 2016-10-05 03:24 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
    2016-10-11 18:54 - 2016-10-05 03:24 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsmsext.dll
    2016-10-11 18:54 - 2016-10-05 03:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
    2016-10-11 18:54 - 2016-10-05 03:15 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
    2016-10-11 18:54 - 2016-10-05 03:14 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
    2016-10-11 18:54 - 2016-10-05 03:13 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
    2016-10-11 18:54 - 2016-10-05 03:10 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2016-10-11 18:54 - 2016-10-05 03:09 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2016-10-11 18:54 - 2016-10-05 03:05 - 01467904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2016-10-11 18:54 - 2016-10-05 03:04 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-10-11 18:54 - 2016-10-05 03:04 - 00885248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2016-10-11 18:54 - 2016-10-05 02:59 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
    2016-10-11 18:54 - 2016-10-05 02:55 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-10-11 18:54 - 2016-10-05 02:54 - 01987584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2016-10-11 18:54 - 2016-10-05 02:50 - 22379520 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-10-11 18:54 - 2016-10-05 02:50 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-10-11 18:54 - 2016-10-05 02:40 - 01626112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2016-10-11 18:54 - 2016-10-05 02:39 - 24611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-10-11 18:54 - 2016-10-05 02:39 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-10-11 18:54 - 2016-10-05 02:39 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-10-11 18:54 - 2016-10-05 02:33 - 14255104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2016-10-11 18:54 - 2016-10-05 02:27 - 09920512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-10-11 18:54 - 2016-10-05 02:26 - 07836672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-10-11 18:54 - 2016-10-05 02:22 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-10-11 18:54 - 2016-10-05 02:13 - 19349504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-10-11 18:54 - 2016-10-05 02:13 - 18675200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-10-11 18:54 - 2016-10-05 02:13 - 12134400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-10-11 18:54 - 2016-10-05 02:06 - 12587008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2016-10-11 18:54 - 2016-10-05 02:01 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-10-11 18:54 - 2016-10-01 02:16 - 00446124 _____ C:\WINDOWS\system32\ApnDatabase.xml
    2016-10-11 18:54 - 2016-09-27 02:39 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2016-10-11 18:54 - 2016-09-17 08:08 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2016-10-11 18:54 - 2016-09-17 07:45 - 02610176 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2016-10-11 18:54 - 2016-09-17 07:28 - 03077120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-10-11 18:54 - 2016-09-17 07:12 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2016-10-11 18:54 - 2016-09-17 06:45 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
    2016-10-11 18:54 - 2016-09-17 06:43 - 02552832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-10-11 18:54 - 2016-09-17 06:22 - 04405248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
    2016-10-11 18:54 - 2016-06-18 04:55 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
    2016-10-11 18:54 - 2016-06-18 04:51 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
    2016-10-11 18:54 - 2016-06-18 04:49 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
    2016-10-11 18:54 - 2016-06-18 04:45 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
    2016-10-08 14:09 - 2016-10-08 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
    2016-10-02 17:53 - 2016-10-02 17:53 - 00000000 ____D C:\WINDOWS\PCHEALTH

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-30 11:48 - 2012-01-22 12:55 - 00000000 ____D C:\ProgramData\Kaspersky Lab
    2016-10-30 11:41 - 2015-10-30 07:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-10-30 11:38 - 2016-03-07 21:02 - 01009756 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-10-30 11:38 - 2015-10-30 07:21 - 00000000 ____D C:\WINDOWS\INF
    2016-10-30 11:33 - 2016-03-07 21:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-10-30 10:43 - 2016-04-27 13:38 - 00000000 ____D C:\Users\Chris\AppData\Local\ClassicShell
    2016-10-30 10:43 - 2015-10-30 06:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
    2016-10-30 10:05 - 2012-08-25 13:00 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-10-30 09:46 - 2015-10-30 07:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-10-30 09:46 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-10-30 09:30 - 2015-11-28 21:52 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{90ED3531-3919-4669-BEA3-15F251BE538E}
    2016-10-29 14:19 - 2016-04-02 12:53 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Kodi
    2016-10-28 05:59 - 2010-07-01 08:21 - 00000000 ____D C:\book
    2016-10-28 05:48 - 2015-09-20 11:08 - 00000000 ____D C:\Users\Chris\AppData\Local\Packages
    2016-10-28 05:48 - 2010-04-21 10:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2016-10-28 05:12 - 2016-09-25 14:27 - 00000000 ____D C:\WINDOWS\Panther
    2016-10-28 05:11 - 2015-09-10 05:42 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-10-28 05:09 - 2016-03-07 20:54 - 00505808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-10-28 05:09 - 2013-06-23 15:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-10-28 05:09 - 2013-06-23 15:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2016-10-27 20:12 - 2015-10-30 07:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
    2016-10-27 20:12 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-10-27 20:12 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-10-27 20:12 - 2013-07-13 18:11 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-10-27 20:04 - 2011-03-07 11:43 - 143495576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-10-27 19:55 - 2013-06-23 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-10-17 18:56 - 2013-09-16 06:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
    2016-10-16 18:12 - 2016-04-27 12:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-10-13 13:23 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-10-13 12:58 - 2016-03-07 21:03 - 00000000 ____D C:\Users\Chris
    2016-10-08 17:41 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\rescache
    2016-10-08 14:09 - 2014-12-25 09:03 - 00003622 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
    2016-10-08 14:09 - 2014-01-12 17:27 - 00000000 ____D C:\ProgramData\Package Cache
    2016-10-08 14:09 - 2014-01-12 17:27 - 00000000 ____D C:\Program Files (x86)\Garmin
    2016-10-06 16:49 - 2015-06-11 18:33 - 00235184 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
    2016-10-06 16:49 - 2011-07-03 19:55 - 00489712 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
    2016-10-02 19:58 - 2015-10-30 07:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
    2016-10-02 19:58 - 2015-10-30 06:31 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
    2016-10-02 19:58 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
    2016-10-02 19:56 - 2015-10-30 07:24 - 00000000 ___SD C:\WINDOWS\system32\F12
    2016-10-02 19:56 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2016-10-02 19:56 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\setup
    2016-10-02 19:56 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-10-02 19:56 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\migwiz
    2016-10-02 19:56 - 2015-10-30 06:31 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
    2016-10-02 19:56 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\system32\Dism
    2016-10-02 19:54 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
    2016-10-02 19:54 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
    2016-10-02 19:53 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2016-10-02 19:53 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files\Windows Defender
    2016-10-02 19:53 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2016-10-02 19:53 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2016-10-02 18:50 - 2015-10-30 09:07 - 00000000 ____D C:\WINDOWS\ShellNew
    2016-10-01 00:23 - 2015-10-30 07:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-10-01 00:23 - 2015-10-30 07:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== Files in the root of some directories =======

    2012-07-29 11:50 - 2012-07-29 16:22 - 0000236 _____ () C:\Users\Chris\AppData\Local\LaunchHomeCenter.log
    2011-05-08 16:51 - 2013-06-23 16:21 - 0007601 _____ () C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
    2012-01-22 13:00 - 2012-01-22 13:00 - 0017408 _____ () C:\Users\Chris\AppData\Local\WebpageIcons.db
    2011-03-21 19:48 - 2011-03-21 19:48 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    2010-04-21 10:41 - 2010-01-27 14:40 - 0131472 _____ () C:\ProgramData\FullRemove.exe

    Files to move or delete:
    ====================
    C:\Users\Chris\WDMyCloud_win.exe


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-10-11 18:48

    ==================== End of FRST.txt ============================

    addition log

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2016
    Ran by Chris (30-10-2016 11:56:33)
    Running from C:\Users\Chris\Desktop
    Windows 10 Home Version 1511 (X64) (2016-03-07 21:40:18)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1121932470-416344675-206018667-500 - Administrator - Disabled)
    Chris (S-1-5-21-1121932470-416344675-206018667-1000 - Administrator - Enabled) => C:\Users\Chris
    DefaultAccount (S-1-5-21-1121932470-416344675-206018667-503 - Limited - Disabled)
    Guest (S-1-5-21-1121932470-416344675-206018667-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1121932470-416344675-206018667-1004 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.60 - NewTech Infosystems)
    Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3003 - Acer Incorporated)
    Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0412.2010 - Acer Incorporated)
    Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
    Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
    Adobe Premiere Elements 12 (HKLM\...\PremElem120) (Version: 12.0 - Adobe Systems Incorporated)
    Adobe Premiere Elements 12 (Version: 12.0 - Adobe Systems Incorporated) Hidden
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung)
    Amazon Cloud Drive (HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\Amazon Cloud Drive) (Version: 2.5.2.40 - Amazon Digital Services, LLC.)
    Amazon Music (HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\Amazon Amazon Music) (Version: 4.2.2.1311 - Amazon Services LLC)
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    Backup Manager Basic (x32 Version: 2.0.0.60 - NewTech Infosystems) Hidden
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Box Edit (HKLM-x32\...\{E2FF4AB2-6569-42F1-BE29-6436A5AFCA3F}) (Version: 2.0.31.311 - Box)
    Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.04 - Broadcom Corporation)
    Brother MFL-Pro Suite DCP-J4120DW (HKLM-x32\...\{7FC49664-DAA4-4E7C-ADD0-614ABB43691B}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
    Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2719.50 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.4 - Illustrate)
    Dropbox (HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
    Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
    Elevated Installer (x32 Version: 4.1.28.0 - Garmin Ltd or its subsidiaries) Hidden
    Eraser 6.2.0.2979 (HKLM\...\{C5900DE9-D199-4C27-B692-354C9A6A6C8B}) (Version: 6.2.2979 - The Eraser Project)
    ETDWare PS/2-x64 7.0.6.4_WHQL (HKLM\...\Elantech) (Version: 7.0.6.4 - ELAN Microelectronics Corp.)
    Fotosizer 1.16 (HKLM-x32\...\Fotosizer) (Version: 1.16 - Fotosizer.com)
    Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
    Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (HKLM-x32\...\{ddd0d306-806b-4c64-941b-e279cf1069e4}) (Version: 4.1.28.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 4.1.28.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 4.1.28.0 - Garmin Ltd or its subsidiaries) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
    iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Kaspersky Cleaner (HKLM-x32\...\{7DDC11A1-C25C-4090-AC3F-0330955593BA}) (Version: 1.0.1.150 - Kaspersky Lab)
    Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
    Kaspersky Internet Security (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden
    K-Lite Codec Pack 9.3.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
    Kodi (HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\Kodi) (Version: - XBMC-Foundation)
    Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.8 - Acer Inc.)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version: - )
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    MyWinLocker (x32 Version: 3.1.210.0 - Egis Technology Inc.) Hidden
    MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.210.0 - Egis Technology Inc.)
    MyWinLocker Suite (x32 Version: 3.1.210.0 - Egis Technology Inc.) Hidden
    NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.628 - NewTech Infosystems)
    NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden
    PRE12 STI 64Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
    PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
    PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
    Rapport (Version: 3.5.1205.20 - Trusteer) Hidden
    Rapport (x32 Version: 3.5.1609.103 - Trusteer) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6015 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
    Samsung Link 2.0.0.1503181422 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1503181422 - Copyright 2013 SAMSUNG)
    SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19269 - Gemalto N.V.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
    Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
    Tarsia 3.9 (HKLM-x32\...\{982226EE-99E0-4947-BC90-33C1171E8824}) (Version: 3.9.2410.10091 - Hermitech Laboratory)
    TaskMagic (HKLM-x32\...\{A51CBA0B-3B65-412B-B9B7-E58EF50D8560}) (Version: 2.00.1000 - mdlsoft.co.uk)
    Total Immersion D'Fusion @Home Web Plug-In (HKLM-x32\...\D'Fusion @Home Web Plug-In) (Version: - Total Immersion)
    Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.103 - Trusteer)
    TuneUp Utilities Language Pack (en-GB) (x32 Version: 10.0.4600.20 - TuneUp Software) Hidden
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.2 - Tweaking.com)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    WD Access (HKLM-x32\...\{79f4d6a1-f721-43f9-8e15-19129edd8f19}) (Version: 1.1.5767.15076 - Western Digital Technologies, Inc.)
    WD Access (x32 Version: 1.1.5767.15076 - Western Digital Technologies, Inc) Hidden
    WD My Cloud (HKLM\...\{4B86F896-11DC-4711-BB60-81104832FA44}) (Version: 1.0.7.17 - Western Digital Technologies, Inc.)
    WebEx (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1121932470-416344675-206018667-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1121932470-416344675-206018667-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\FileCoAuth.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1121932470-416344675-206018667-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1121932470-416344675-206018667-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1121932470-416344675-206018667-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1121932470-416344675-206018667-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {04B6342B-0A44-440C-A861-B89608890E45} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {0AFA2017-3B27-49E0-894A-5F18E7F0F5D7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {0F81574A-C5EE-4E6D-B6FE-8D67F42B39D6} - System32\Tasks\IHUninstallTrackingTASK => /C DEL C:\Users\Chris\AppData\Local\Temp\IHUCF80.tmp.exe <==== ATTENTION
    Task: {1C659BAC-CE4D-4D93-AD8B-B32908E02A6A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {1C895DA2-BC7B-4322-AE61-7FB2E399ECD8} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {1FDD620A-B655-4ABA-9F12-D1B293C8B843} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {216C202E-C3D9-4FE6-A53A-53F56B87696A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {254474E1-FDC6-4E52-83C7-205CE20C5010} - System32\Tasks\{899044A5-E454-4767-85A7-91281BFDD0F0} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
    Task: {25CD929C-0C12-46D1-A54E-506D96EA8C97} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
    Task: {2D743D75-B206-4AA6-859A-6966BB6F38C9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {3075D965-C9AB-4DCD-8D34-0B3F2AC46798} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {390A65C3-5E11-40A2-88E0-CF862051C030} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {39398F45-6392-4C45-9DA3-7C379CA029C3} - System32\Tasks\IHSelfDeleteTASK => /C DEL C:\Users\Chris\AppData\Local\Temp\IHUD358.tmp.exe <==== ATTENTION
    Task: {41A6B9E5-F8EE-4CB3-8151-E05251585BCA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {43879F91-EDE4-462D-8EA0-5543058EB8DA} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
    Task: {489DADE6-0709-4A7C-9B4F-8CDA81894C25} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1121932470-416344675-206018667-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {48A584F8-1B6A-4EFD-9FA4-6FE6D3F1C3BF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {4C7046B6-10AA-4685-817A-9CABC5387E7A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {54CD4535-3E40-4772-AD4A-40B6171DFB3D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {57021D58-9716-492C-BDB8-CE18D9F4E1A6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {614B4BC9-587D-4792-A0CB-3FBE66736BE6} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {61B8C24C-F145-48EF-9FB1-94DD02529E9A} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {6615C4D7-059E-46E2-8478-DE2C1A8D24BC} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {668F1848-94FE-497D-8EDF-0A8986A7A2A9} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-09-23] ()
    Task: {67F56EB8-FCCA-4C37-BE36-71E4A6E60B75} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
    Task: {69AE4227-2778-4E5B-B5F5-4CEED5E37180} - System32\Tasks\{96BDFC90-5A05-42A3-A70A-B6CD25DE017E} => pcalua.exe -a D:\Install.exe -d D:\
    Task: {6D545702-022E-40BA-BAAE-EBA7888F96CF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {6E2B72ED-0158-404F-9589-F11AC8D331EB} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1121932470-416344675-206018667-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {6FB4523C-ACD5-4F4A-90F8-997486BC8394} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {7AE68962-820F-4EDE-9F7B-4FC1E101B07D} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {7B1A0405-4EE7-4F7A-A3D4-58D11D07529A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {801121DE-6861-4BC9-B34D-DABF4928B579} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {896B3FA6-23C6-4EA5-9FCF-A706171D34F5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-10-27] (Microsoft Corporation)
    Task: {900AD3B0-2068-479E-8BF4-C2A47EEEAE3F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
    Task: {929779CA-8A57-41F4-AD4A-8E7EC65ED52B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {934DD81C-CC44-4C29-8346-48DA5803DDE2} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
    Task: {9410CF23-D966-48E9-836D-3B06D0CB2A1B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {9731E9DA-AAC4-40D1-9F55-9E3B7E6ABA10} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
    Task: {9FD4F3E0-F565-40E1-BDD9-D8399B613975} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1121932470-416344675-206018667-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {A0C382DC-A75E-483B-BC09-382B1959A0CB} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
    Task: {A2BBADE4-9F0B-4991-8CBD-19B4BFEE2A90} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {A326F177-56F4-4FC3-A167-17566205AA68} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-25] (Adobe Systems Incorporated)
    Task: {AD510F30-6EF7-4E8D-B130-772CCA278045} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {B3AAFAF4-F78E-4206-B22A-076B0B60578C} - System32\Tasks\AdobeAAMUpdater-1.0-Chris-PC-Chris => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
    Task: {B8AFABB6-4269-4CE8-AA98-B111CE4E3094} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {BABC050B-61FB-4767-AE60-508FD364A315} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {C2D7074D-550B-4CF1-8A13-57F2FADE50EA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {CEB341E5-6AF6-4B55-8DCF-DD1873FB7905} - System32\Tasks\Real Player online update program => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
    Task: {D28D19CB-AEFA-4B8C-9F91-7DC680C30C8E} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
    Task: {D2CB01CE-F31B-4D83-A987-4109A2E8FFD6} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {D7BB4537-F05B-4357-B941-779B29560693} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1121932470-416344675-206018667-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {D82C14E3-D3AA-4C8B-BAA6-2A4EAC7EF034} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
    Task: {E1D49CD5-3D1A-4411-AB2E-039999790988} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
    Task: {EFDE8064-F2FD-48ED-B1C1-58075664A691} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {F075CDC5-6C67-4683-9ADF-1471787F5A5B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-30 07:18 - 2015-10-30 07:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-03-18 21:56 - 2016-03-18 21:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-03-18 21:56 - 2016-03-18 21:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-04-10 13:56 - 2005-04-22 04:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
    2016-09-24 05:51 - 2016-09-07 05:39 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-09-24 05:51 - 2016-09-07 05:39 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2016-04-20 04:58 - 2016-04-20 18:39 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2016-03-08 04:44 - 2016-03-08 04:44 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2016-07-12 18:39 - 2016-07-01 03:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-09-24 05:42 - 2016-09-07 04:15 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-09-24 05:42 - 2016-09-07 04:10 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-09-24 05:42 - 2016-09-07 04:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-09-24 05:42 - 2016-09-07 04:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-12-22 01:47 - 2015-12-22 01:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\kpcengine.2.3.dll
    2010-03-09 00:18 - 2010-03-09 00:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
    2010-03-09 00:13 - 2010-03-09 00:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
    2010-04-21 10:34 - 2009-12-24 00:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2016-04-20 04:58 - 2016-04-20 18:39 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-04-20 04:58 - 2016-04-20 18:39 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
    2015-06-02 14:51 - 2015-06-02 14:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:0B9176C0 [135]
    AlternateDataStreams: C:\ProgramData\Temp:798A3728 [262]
    AlternateDataStreams: C:\ProgramData\Temp:AB689DEA [292]
    AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE [132]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\123simsen.com -> www.123simsen.com

    There are 7867 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 02:34 - 2015-07-22 09:35 - 00900088 ___RA C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com
    127.0.0.1 123simsen.com

    There are 15465 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1121932470-416344675-206018667-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: NTIBackupSvc => 3
    MSCONFIG\Services: NTISchedulerSvc => 2
    MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
    MSCONFIG\startupfolder: C:^Users^Chris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
    MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe"
    MSCONFIG\startupreg: Box Edit => C:\Users\Chris\AppData\Local\Box\Box Edit\Box Edit.exe
    MSCONFIG\startupreg: CAHeadless => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
    MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
    MSCONFIG\startupreg: EKStatusMonitor => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
    MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    HKLM\...\StartupApproved\Run: => "HotKeysCmds"
    HKLM\...\StartupApproved\Run: => "Persistence"
    HKLM\...\StartupApproved\Run: => "ETDWare"
    HKLM\...\StartupApproved\Run: => "Samsung Link"
    HKLM\...\StartupApproved\Run32: => "IAStorIcon"
    HKLM\...\StartupApproved\Run32: => "LManager"
    HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\StartupApproved\Run: => "uTorrent"
    HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\StartupApproved\Run: => "GarminExpressTrayApp"
    HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-1121932470-416344675-206018667-1000\...\StartupApproved\Run: => "Amazon Music"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
    FirewallRules: [{2A5A7BBA-ED5B-4550-A719-D0C8F9F9C939}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    FirewallRules: [{1EB388D1-2150-467A-8AFA-61FD15522962}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    FirewallRules: [{67A51617-FF8C-47A1-9CD2-5B0D05D56469}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    FirewallRules: [{B904F141-D85D-418C-9A2D-20CAC3B4DFFC}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    FirewallRules: [{C789B16A-A14B-4A6A-BFE9-8DE48114A42F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
    FirewallRules: [{8EE7CD95-9056-4075-AE98-DAEE732FED03}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [{E31F50D0-EF05-4BDD-BB53-1AF6ED4AD12A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{E7BFFB1C-66BF-4C96-AF8A-1F1AFD58EF9F}] => (Allow) LPort=2869
    FirewallRules: [{388BE453-3D8B-4921-AA2F-86F105231A56}] => (Allow) LPort=1900
    FirewallRules: [{38C78478-60C8-47EF-9158-A6121DBECD94}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{8D21015C-8364-4A05-BE45-82789B381121}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{67484D94-2F30-4C20-A47A-E2491D49513E}] => (Allow) C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{F88200B0-688C-41E7-939D-D66574A5230C}] => (Allow) C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{B3A743EE-3C69-4FDD-83FD-35682F490365}] => (Allow) LPort=5353
    FirewallRules: [{964D7E2E-DBBB-4678-87A8-576C919B9CEA}] => (Allow) LPort=9322
    FirewallRules: [{BDEA403B-E633-425D-A1A4-7C75E149B261}] => (Allow) LPort=5353
    FirewallRules: [{8B79C1BC-2C08-440B-A7D0-CE5666759A3E}] => (Allow) LPort=9322
    FirewallRules: [{C9A92253-844D-43D4-ADC4-F7B89CD9D19F}] => (Allow) LPort=5353
    FirewallRules: [TCP Query User{76181127-FAAA-4020-9186-566F6F1FE858}C:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{CE636788-D0CB-49C5-92A1-FC46BF5449BE}C:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{933171BC-7460-4C0D-98D1-5B33C1E7E7F9}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
    FirewallRules: [{2AE27EE6-1634-47D8-A6FC-EEC80D7D1E06}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
    FirewallRules: [{284F0352-62C4-4C4D-894F-B7244318651B}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
    FirewallRules: [{0A414779-CF4C-4C34-9CD0-AC96FF873D3C}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
    FirewallRules: [{CE072307-2A14-4A04-9CBD-D610AB0AF1F1}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
    FirewallRules: [{C5002C3C-A4C0-4F81-ABFD-6A5B6039AF93}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
    FirewallRules: [{3591507A-F55C-4541-9AB4-379E98983491}] => (Allow) LPort=8743
    FirewallRules: [{F8EEC872-5931-4365-8526-7A4DA070A434}] => (Allow) LPort=8643
    FirewallRules: [{A60E06D2-97F8-40EF-858E-C3D2EE6EB0F8}] => (Allow) LPort=7676
    FirewallRules: [{88488AC0-1B1C-4816-82A8-DF039A3DE5DC}] => (Allow) LPort=7679
    FirewallRules: [{E356E284-5963-4C5E-98F4-90A5EFCC7EC6}] => (Allow) LPort=24234
    FirewallRules: [{CAA2DAC0-7C5A-4542-8404-E82C91B7F2CF}] => (Allow) LPort=7900
    FirewallRules: [{70BC8C7E-32B6-4AFF-ACE0-08ABBEE205C3}] => (Allow) LPort=1900
    FirewallRules: [{72D88392-50F9-446B-9AA3-AF38422215A6}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
    FirewallRules: [{A8DF3E45-5B0B-4AF7-B8C6-D0CD4A4AD7E6}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
    FirewallRules: [{67967B02-C96A-43FA-96D5-EB03CC20FC0F}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
    FirewallRules: [{F70CC5BE-C7B6-4E16-8DFC-479D9BD93DFB}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
    FirewallRules: [{8A1CE2BF-6A1C-4C31-B2C9-6BFFE5110EE5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{7059194A-E14D-47D1-96C1-191C35F980A7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{84CB89D2-C686-49CE-85B8-73141B9737E9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{3F301CD2-F73D-40F9-B8B4-97704F478847}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{CFB09AC6-F6C0-4F33-8460-D383F54B983F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [TCP Query User{FBCE8274-000D-46E7-AC8A-5195548F924C}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
    FirewallRules: [UDP Query User{83A34D08-05D5-409D-B265-B4CB4CDA5D00}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    02-10-2016 17:49:24 Windows Update
    08-10-2016 14:08:05 Garmin Express
    17-10-2016 18:56:25 Installed Rapport
    27-10-2016 19:51:57 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/30/2016 11:51:21 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

    Error: (10/30/2016 11:51:21 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

    Error: (10/30/2016 10:42:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Chris-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147417848 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (10/30/2016 10:42:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Chris-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147417848 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (10/27/2016 07:58:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
    .

    Error: (10/27/2016 07:58:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
    .

    Error: (10/27/2016 07:58:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
    .

    Error: (10/27/2016 07:58:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
    .

    Error: (10/27/2016 07:58:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
    .

    Error: (10/27/2016 07:58:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
    .


    System errors:
    =============
    Error: (10/30/2016 11:49:10 AM) (Source: DCOM) (EventID: 10016) (User: Chris-PC)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user Chris-PC\Chris SID (S-1-5-21-1121932470-416344675-206018667-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

    Error: (10/30/2016 11:49:10 AM) (Source: DCOM) (EventID: 10016) (User: Chris-PC)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user Chris-PC\Chris SID (S-1-5-21-1121932470-416344675-206018667-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

    Error: (10/30/2016 11:48:39 AM) (Source: DCOM) (EventID: 10016) (User: Chris-PC)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user Chris-PC\Chris SID (S-1-5-21-1121932470-416344675-206018667-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

    Error: (10/30/2016 11:48:39 AM) (Source: DCOM) (EventID: 10016) (User: Chris-PC)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user Chris-PC\Chris SID (S-1-5-21-1121932470-416344675-206018667-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

    Error: (10/30/2016 11:48:39 AM) (Source: DCOM) (EventID: 10016) (User: Chris-PC)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user Chris-PC\Chris SID (S-1-5-21-1121932470-416344675-206018667-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

    Error: (10/30/2016 11:48:39 AM) (Source: DCOM) (EventID: 10016) (User: Chris-PC)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user Chris-PC\Chris SID (S-1-5-21-1121932470-416344675-206018667-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

    Error: (10/30/2016 11:48:39 AM) (Source: DCOM) (EventID: 10016) (User: Chris-PC)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user Chris-PC\Chris SID (S-1-5-21-1121932470-416344675-206018667-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

    Error: (10/30/2016 11:48:39 AM) (Source: DCOM) (EventID: 10016) (User: Chris-PC)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user Chris-PC\Chris SID (S-1-5-21-1121932470-416344675-206018667-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

    Error: (10/30/2016 11:48:39 AM) (Source: DCOM) (EventID: 10016) (User: Chris-PC)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user Chris-PC\Chris SID (S-1-5-21-1121932470-416344675-206018667-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

    Error: (10/30/2016 11:48:39 AM) (Source: DCOM) (EventID: 10016) (User: Chris-PC)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user Chris-PC\Chris SID (S-1-5-21-1121932470-416344675-206018667-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.


    CodeIntegrity:
    ===================================
    Date: 2016-10-28 06:14:14.438
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-10-28 06:10:39.989
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-10-09 11:36:57.395
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-10-07 19:43:11.968
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-10-02 19:54:51.720
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-09-03 07:26:15.987
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-25 07:17:25.017
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-25 07:16:17.388
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-07-14 15:05:53.540
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-07-13 19:51:20.323
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) CPU P6000 @ 1.87GHz
    Percentage of memory in use: 36%
    Total physical RAM: 7862.71 MB
    Available physical RAM: 4966.09 MB
    Total Virtual: 15798.71 MB
    Available Virtual: 12660.18 MB

    ==================== Drives ================================

    Drive c: (Acer) (Fixed) (Total:212.22 GB) (Free:117.12 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 3773C763)
    Partition 1: (Not Active) - (Size=11.3 GB) - (Type=27)
    Partition 2: (Active) - (Size=73 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=212.2 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

    ASW log
    wMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2016-10-30 11:58:02
    -----------------------------
    11:58:02.939 OS Version: Windows x64 6.2.9200
    11:58:02.939 Number of processors: 2 586 0x2502
    11:58:02.940 ComputerName: CHRIS-PC UserName: Chris
    11:58:04.090 Initialize success
    11:58:04.265 VM: initialized successfully
    11:58:04.266 VM: Intel CPU virtualization not supported
    12:08:30.681 AVAST engine defs: 16103000
    12:10:20.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    12:10:20.640 Disk 0 Vendor: PNY_CS13 CS13 Size: 228936MB BusType: 3
    12:10:20.655 Disk 0 MBR read successfully
    12:10:20.675 Disk 0 MBR scan
    12:10:20.677 Disk 0 Windows 7 default MBR code
    12:10:20.677 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 11545 MB offset 2048
    12:10:20.693 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 72 MB offset 23647584
    12:10:20.693 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 217313 MB offset 23796536
    12:10:20.739 Disk 0 scanning C:\WINDOWS\system32\drivers
    12:10:32.191 Service scanning
    12:10:34.527 Service CompositeBus C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys **LOCKED** 32
    12:10:38.550 Service klids C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys **LOCKED** 32
    12:10:45.804 Service RapportCerberus_1609053 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys **LOCKED** 32
    12:10:45.857 Service RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys **LOCKED** 32
    12:10:46.073 Service RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys **LOCKED** 32
    12:10:55.232 Modules scanning
    12:10:55.238 Disk 0 trace - called modules:
    12:10:55.253 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    12:10:55.269 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001fdfba060]
    12:10:55.269 3 CLASSPNP.SYS[fffff8014a5d7d95] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xffffe001fcc80050]
    12:10:56.568 AVAST engine scan C:\WINDOWS
    12:10:58.139 AVAST engine scan C:\WINDOWS\system32
    12:14:26.175 AVAST engine scan C:\WINDOWS\system32\drivers
    12:14:37.434 AVAST engine scan C:\Users\Chris
    12:15:29.164 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
    12:15:29.178 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"


    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2016-10-30 12:17:00
    -----------------------------
    12:17:00.358 OS Version: Windows x64 6.2.9200
    12:17:00.358 Number of processors: 2 586 0x2502
    12:17:00.358 ComputerName: CHRIS-PC UserName: Chris
    12:17:01.264 Initialize success
    12:17:01.317 VM: initialized successfully
    12:17:01.317 VM: Intel CPU virtualization not supported
    12:17:57.375 AVAST engine defs: 16103000
    12:18:09.254 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    12:18:09.254 Disk 0 Vendor: PNY_CS13 CS13 Size: 228936MB BusType: 3
    12:18:09.560 Disk 0 MBR read successfully
    12:18:09.560 Disk 0 MBR scan
    12:18:09.576 Disk 0 Windows 7 default MBR code
    12:18:09.607 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 11545 MB offset 2048
    12:18:09.633 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 72 MB offset 23647584
    12:18:09.648 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 217313 MB offset 23796536
    12:18:09.978 Disk 0 scanning C:\WINDOWS\system32\drivers
    12:18:50.794 Service scanning
    12:18:53.173 Service CompositeBus C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys **LOCKED** 32
    12:18:57.407 Service klids C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys **LOCKED** 32
    12:19:04.690 Service RapportCerberus_1609053 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys **LOCKED** 32
    12:19:04.743 Service RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys **LOCKED** 32
    12:19:04.974 Service RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys **LOCKED** 32
    12:19:14.643 Modules scanning
    12:19:14.643 Disk 0 trace - called modules:
    12:19:14.688 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    12:19:14.688 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001fdfba060]
    12:19:14.704 3 CLASSPNP.SYS[fffff8014a5d7d95] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xffffe001fcc80050]
    12:19:15.520 AVAST engine scan C:\WINDOWS
    12:19:38.245 AVAST engine scan C:\WINDOWS\system32
    12:22:13.990 AVAST engine scan C:\WINDOWS\system32\drivers
    12:22:34.401 AVAST engine scan C:\Users\Chris
    12:28:34.825 AVAST engine scan C:\ProgramData
    12:35:41.538 Disk 0 statistics 4237247/0/0 @ 3.10 MB/s
    12:35:41.549 Scan finished successfully
    12:35:54.773 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
    12:35:54.783 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"


    Thanks for any help in advance.
    Chris

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I, am not able to locate point of entry but, I see an old outdated and vulnerable version of Java on your machine.
    Highly exploitable.

    Please go to your add/remove programs list and uninstall
    Java 8 Update 31

    ~~~

    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)





    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-1121932470-416344675-206018667-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-09] (Oracle Corporation)
    BHO-x32: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner.dll [2010-04-21] (Google Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-09] (Oracle Corporation)
    Toolbar: HKU\S-1-5-21-1121932470-416344675-206018667-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    FF user.js: detected! => C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\ygfqz17h.default\user.js [2015-02-10]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [not found]
    FF user.js: detected! => C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1121932470-416344675-206018667-1000\FireFox\user.js [2015-02-10]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [not found]
    FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-06-23] [not signed]
    FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-06-23] [not signed]
    FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-06-23] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
    FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru => not found
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation)
    U3 idsvc; no ImagePath
    C:\Users\Chris\WDMyCloud_win.exe
    Task: {0AFA2017-3B27-49E0-894A-5F18E7F0F5D7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {0F81574A-C5EE-4E6D-B6FE-8D67F42B39D6} - System32\Tasks\IHUninstallTrackingTASK => /C DEL C:\Users\Chris\AppData\Local\Temp\IHUCF80.tmp.exe <==== ATTENTION
    Task: {1C659BAC-CE4D-4D93-AD8B-B32908E02A6A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {2D743D75-B206-4AA6-859A-6966BB6F38C9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {3075D965-C9AB-4DCD-8D34-0B3F2AC46798} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {4C7046B6-10AA-4685-817A-9CABC5387E7A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {54CD4535-3E40-4772-AD4A-40B6171DFB3D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {6D545702-022E-40BA-BAAE-EBA7888F96CF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {6FB4523C-ACD5-4F4A-90F8-997486BC8394} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {934DD81C-CC44-4C29-8346-48DA5803DDE2} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
    Task: {9410CF23-D966-48E9-836D-3B06D0CB2A1B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {9731E9DA-AAC4-40D1-9F55-9E3B7E6ABA10} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
    Task: {B8AFABB6-4269-4CE8-AA98-B111CE4E3094} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {C2D7074D-550B-4CF1-8A13-57F2FADE50EA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {D28D19CB-AEFA-4B8C-9F91-7DC680C30C8E} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\Temp:0B9176C0 [135]
    AlternateDataStreams: C:\ProgramData\Temp:798A3728 [262]
    AlternateDataStreams: C:\ProgramData\Temp:AB689DEA [292]
    AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE [132]
    CMD: ipconfig /flushdns
    EmptyTemp:
    End
    Open FRST/FRST64 and press the > Fix < button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    AdwCleaner
    • Please download AdwCleaner and save the file to your Desktop.
      In order to use AdwCleaner, you have to agree the Eula:
    • Right-click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
    • Click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

    ~~~~~~~~~~~~~~~~~~~~

    Please download Junkware Removal Tool
    or from here http://downloads.malwarebytes.org/file/jrt
    to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    ~~
    please post
    Fixlog.txt
    AdwCleaner[C1].txt
    JRT.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Oct 2016
    Posts
    6

    Default Sorry for the delay.

    Sorry for the delay, had issues logging on. Here are the logs requested.

    Fixlog

    Fix result of Farbar Recovery Scan Tool (x64) Version: 29-10-2016
    Ran by Chris (30-10-2016 13:45:35) Run:1
    Running from C:\Users\Chris\Desktop
    Loaded Profiles: Chris (Available Profiles: Chris)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-1121932470-416344675-206018667-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-09] (Oracle Corporation)
    BHO-x32: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner.dll [2010-04-21] (Google Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-09] (Oracle Corporation)
    Toolbar: HKU\S-1-5-21-1121932470-416344675-206018667-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    FF user.js: detected! => C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\ygfqz17h.default\user.js [2015-02-10]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [not found]
    FF user.js: detected! => C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1121932470-416344675-206018667-1000\FireFox\user.js [2015-02-10]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [not found]
    FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-06-23] [not signed]
    FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-06-23] [not signed]
    FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-06-23] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
    FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru => not found
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation)
    U3 idsvc; no ImagePath
    C:\Users\Chris\WDMyCloud_win.exe
    Task: {0AFA2017-3B27-49E0-894A-5F18E7F0F5D7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {0F81574A-C5EE-4E6D-B6FE-8D67F42B39D6} - System32\Tasks\IHUninstallTrackingTASK => /C DEL C:\Users\Chris\AppData\Local\Temp\IHUCF80.tmp.exe <==== ATTENTION
    Task: {1C659BAC-CE4D-4D93-AD8B-B32908E02A6A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {2D743D75-B206-4AA6-859A-6966BB6F38C9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {3075D965-C9AB-4DCD-8D34-0B3F2AC46798} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {4C7046B6-10AA-4685-817A-9CABC5387E7A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {54CD4535-3E40-4772-AD4A-40B6171DFB3D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {6D545702-022E-40BA-BAAE-EBA7888F96CF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {6FB4523C-ACD5-4F4A-90F8-997486BC8394} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {934DD81C-CC44-4C29-8346-48DA5803DDE2} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
    Task: {9410CF23-D966-48E9-836D-3B06D0CB2A1B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {9731E9DA-AAC4-40D1-9F55-9E3B7E6ABA10} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
    Task: {B8AFABB6-4269-4CE8-AA98-B111CE4E3094} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {C2D7074D-550B-4CF1-8A13-57F2FADE50EA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {D28D19CB-AEFA-4B8C-9F91-7DC680C30C8E} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\Temp:0B9176C0 [135]
    AlternateDataStreams: C:\ProgramData\Temp:798A3728 [262]
    AlternateDataStreams: C:\ProgramData\Temp:AB689DEA [292]
    AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE [132]
    CMD: ipconfig /flushdns
    EmptyTemp:
    End
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\S-1-5-21-1121932470-416344675-206018667-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
    HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
    "HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}" => key removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
    "HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
    HKU\S-1-5-21-1121932470-416344675-206018667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
    HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
    C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\ygfqz17h.default\user.js => moved successfully
    C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\ygfqz17h.default\user.js => not found.
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com => path removed successfully
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com => path removed successfully
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com => path removed successfully
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com => path removed successfully
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com => path removed successfully
    C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1121932470-416344675-206018667-1000\FireFox\user.js => moved successfully
    C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1121932470-416344675-206018667-1000\FireFox\user.js => not found.
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com => not found.
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com => not found.
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com => not found.
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com => not found.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} => moved successfully
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} => moved successfully
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} => moved successfully
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} => value removed successfully
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru => value removed successfully
    HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2 => key not found.
    C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll => not found.
    HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2 => key not found.
    C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll => not found.
    idsvc => service removed successfully
    C:\Users\Chris\WDMyCloud_win.exe => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AFA2017-3B27-49E0-894A-5F18E7F0F5D7}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AFA2017-3B27-49E0-894A-5F18E7F0F5D7}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F81574A-C5EE-4E6D-B6FE-8D67F42B39D6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F81574A-C5EE-4E6D-B6FE-8D67F42B39D6}" => key removed successfully
    C:\WINDOWS\System32\Tasks\IHUninstallTrackingTASK => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IHUninstallTrackingTASK" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C659BAC-CE4D-4D93-AD8B-B32908E02A6A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C659BAC-CE4D-4D93-AD8B-B32908E02A6A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D743D75-B206-4AA6-859A-6966BB6F38C9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D743D75-B206-4AA6-859A-6966BB6F38C9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3075D965-C9AB-4DCD-8D34-0B3F2AC46798}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3075D965-C9AB-4DCD-8D34-0B3F2AC46798}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C7046B6-10AA-4685-817A-9CABC5387E7A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C7046B6-10AA-4685-817A-9CABC5387E7A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54CD4535-3E40-4772-AD4A-40B6171DFB3D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54CD4535-3E40-4772-AD4A-40B6171DFB3D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D545702-022E-40BA-BAAE-EBA7888F96CF}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D545702-022E-40BA-BAAE-EBA7888F96CF}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FB4523C-ACD5-4F4A-90F8-997486BC8394}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FB4523C-ACD5-4F4A-90F8-997486BC8394}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{934DD81C-CC44-4C29-8346-48DA5803DDE2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{934DD81C-CC44-4C29-8346-48DA5803DDE2}" => key removed successfully
    C:\WINDOWS\System32\Tasks\Java Update Scheduler => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Java Update Scheduler" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9410CF23-D966-48E9-836D-3B06D0CB2A1B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9410CF23-D966-48E9-836D-3B06D0CB2A1B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9731E9DA-AAC4-40D1-9F55-9E3B7E6ABA10}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9731E9DA-AAC4-40D1-9F55-9E3B7E6ABA10}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B8AFABB6-4269-4CE8-AA98-B111CE4E3094}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8AFABB6-4269-4CE8-AA98-B111CE4E3094}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2D7074D-550B-4CF1-8A13-57F2FADE50EA}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2D7074D-550B-4CF1-8A13-57F2FADE50EA}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D28D19CB-AEFA-4B8C-9F91-7DC680C30C8E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D28D19CB-AEFA-4B8C-9F91-7DC680C30C8E}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system => key not found.
    C:\ProgramData\Temp => ":0B9176C0" ADS removed successfully.
    C:\ProgramData\Temp => ":798A3728" ADS removed successfully.
    C:\ProgramData\Temp => ":AB689DEA" ADS removed successfully.
    C:\ProgramData\Temp => ":ABE89FFE" ADS removed successfully.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    =========== EmptyTemp: ==========

    BITS transfer queue => 0 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9154012 B
    Java, Flash, Steam htmlcache => 492 B
    Windows/system/drivers => 14565063 B
    Edge => 94246064 B
    Chrome => 0 B
    Firefox => 7481780 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 41830 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 13440214 B
    NetworkService => 12684 B
    Chris => 183272823 B

    RecycleBin => 141369826 B
    EmptyTemp: => 442.1 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 13:46:55 ====

    Adcleaner

    AdwCleaner v6.030 - Logfile created 30/10/2016 at 14:06:07
    # Updated on 19/10/2016 by Malwarebytes
    # Database : 2016-10-30.1 [Server]
    # Operating System : Windows 10 Home (X64)
    # Username : Chris - CHRIS-PC
    # Running from : C:\Users\Chris\Desktop\AdwCleaner.exe
    # Mode: Clean
    # Support : hxxps://www.malwarebytes.com/support



    ***** [ Services ] *****

    [-] Service deleted: Partner Service


    ***** [ Folders ] *****

    [-] Folder deleted: C:\ProgramData\Partner
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\Partner


    ***** [ Files ] *****



    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [-] Key deleted: HKLM\SOFTWARE\Classes\Applications\iLividSetupV1.exe
    [-] Key deleted: HKLM\SOFTWARE\Classes\kt_bho.KettleBho
    [-] Key deleted: HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\kt_bho.KettleBho
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    [-] Key deleted: HKU\S-1-5-21-1121932470-416344675-206018667-1000\Software\YahooPartnerToolbar
    [#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
    [#] Key deleted on reboot: [x64] HKCU\Software\YahooPartnerToolbar
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
    [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe


    ***** [ Web browsers ] *****



    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [2105 Bytes] - [30/10/2016 14:06:07]
    C:\AdwCleaner\AdwCleaner[S0].txt - [2315 Bytes] - [30/10/2016 13:59:58]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2251 Bytes] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.9 (09.30.2016)
    Operating System: Windows 10 Home x64
    Ran by Chris (Administrator) on 30/10/2016 at 14:15:54.00
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 21

    Successfully deleted: C:\Users\Chris\AppData\Local\{02566EA2-D82A-496E-B3A5-E2AE97C251B6} (Empty Folder)
    Successfully deleted: C:\Users\Chris\AppData\Local\{05379415-5C0C-46B2-B292-C051A9B7FD6D} (Empty Folder)
    Successfully deleted: C:\Users\Chris\AppData\Local\{17C974C1-3993-4207-9F75-C0289909E587} (Empty Folder)
    Successfully deleted: C:\Users\Chris\AppData\Local\{3F8022C3-BD3B-4CDD-A5F2-07014BD48A2E} (Empty Folder)
    Successfully deleted: C:\Users\Chris\AppData\Local\{45035D1A-1380-457C-862F-4159F40C9704} (Empty Folder)
    Successfully deleted: C:\Users\Chris\AppData\Local\{5AC50A64-03F4-44AA-BC6E-F53DA6326B26} (Empty Folder)
    Successfully deleted: C:\Users\Chris\AppData\Local\{701AA8FF-9737-4852-9D72-478D627B8DC9} (Empty Folder)
    Successfully deleted: C:\Users\Chris\AppData\Local\{7F4C5015-D0C8-40EE-9462-1D046860EA59} (Empty Folder)
    Successfully deleted: C:\Users\Chris\AppData\Local\{7FD334FB-2C6B-439B-AFE1-8D22C9C3EF51} (Empty Folder)
    Successfully deleted: C:\Users\Chris\AppData\Local\{8BB2CF07-147D-4732-B298-CE287A809607} (Empty Folder)
    Successfully deleted: C:\Users\Chris\AppData\Local\{991CF934-EB55-447C-8955-1E8745BDBD33} (Empty Folder)
    Successfully deleted: C:\Users\Chris\AppData\Local\{A3EF60D5-BFB5-4474-8D20-78CF319B05D2} (Empty Folder)
    Successfully deleted: C:\Users\Chris\AppData\Local\{A936FA19-C155-448B-9B8C-4FA802C61084} (Empty Folder)
    Successfully deleted: C:\Users\Chris\AppData\Local\{B0CBD0C2-5B96-4844-B0E6-3A0CC590FFAB} (Empty Folder)
    Successfully deleted: C:\Users\Chris\AppData\Local\{BC54BAEB-F647-4BC0-9DD0-9AE56669C380} (Empty Folder)
    Successfully deleted: C:\Users\Chris\AppData\Local\{BF193A21-7249-403D-9B7E-6673FF020D41} (Empty Folder)
    Successfully deleted: C:\Users\Chris\AppData\Local\{C4808517-8E52-47E1-B02F-957B17B4B165} (Empty Folder)
    Successfully deleted: C:\Users\Chris\AppData\Local\{E31E9B56-8FE5-45C4-8B39-EF888273B4A3} (Empty Folder)
    Successfully deleted: C:\Users\Chris\AppData\Local\{EB856929-A5DE-4B77-95B9-A36180EF6E85} (Empty Folder)
    Successfully deleted: C:\Users\Chris\AppData\Local\{EC9512DD-6DF5-434E-BC6E-633CEB652116} (Empty Folder)
    Successfully deleted: C:\WINDOWS\wininit.ini (File)



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 30/10/2016 at 14:28:15.36
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Thanks again for the help.
    Chris

  4. #4
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Hope that helped.

    Let's update and run a scan with Malwarebytes Anti-Malware

    • Open Malwarebytes Anti-Malware
    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
    • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
    • Upon completion of the scan (or after the reboot), click the History tab.
    • Click Application Logs, followed by the first Scan Log.
    • Click Export,followed by Copy to Clipboard. Paste the log in your next reply.


    ~~~~~~~~~~~~~~`

    Please download Emsisoft Emergency Kit and save it to your desktop.
    Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop.
    • Leave all settings as they are and click the Extract button at the bottom.
    • A folder named EEK will be created in the root of the drive (usually c:\).
    • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
    • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates.
    • Please click Yes so that it downloads the latest database updates.
    • When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
    • Click on Scan to be taken to the scan options.
    • If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
    • Click on the Malware Scan button to start the scan.
    • When the scan is completed click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
    • Please save the log in Notepad on your desktop, and copy it to your next reply.
    • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.


    Please post these 2 logs when finished.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Junior Member
    Join Date
    Oct 2016
    Posts
    6

    Default Next logs.

    Thanks again. Here are the logs.

    Emsisoft Emergency Kit - Version 11.9
    Last update: 01/11/2016 10:19:31
    User account: Chris-PC\Chris
    Computer name: CHRIS-PC
    OS version: Windows 10x64

    Scan settings:

    Scan type: Malware Scan
    Objects: Rootkits, Memory, Traces, Files

    Detect PUPs: On
    Scan archives: Off
    ADS Scan: On
    File extension filter: Off
    Advanced caching: On
    Direct disk access: Off

    Scan start: 01/11/2016 10:19:58

    Scanned 78291
    Found 0

    Scan end: 01/11/2016 10:21:55
    Scan time: 0:01:57


    Malware log:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 01/11/2016
    Scan Time: 09:58
    Logfile: Malware Antibytes scan log.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.11.01.04
    Rootkit Database: v2016.10.31.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Chris

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 344086
    Time Elapsed: 14 min, 53 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)



    Thanks,
    Chris.

  6. #6
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Tell me what the computer is doing now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Junior Member
    Join Date
    Oct 2016
    Posts
    6

    Default

    Computer seems to be running fine. Seems quicker. thanks for the assistance cleaning out.

  8. #8
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Let's clean up the tools and quarantine folders we used and send you on your way.

    • Please download DelFix or from Here and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Click the Run button.
    • -- This will remove the specialized tools we used to disinfect your system.
      Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete
      ).

    *****************************


    • AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
    • CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
    • Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
    • Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
    • NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
    • Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
    • Secunia PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
    • SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
    • Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
    • Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Junior Member
    Join Date
    Oct 2016
    Posts
    6

    Default

    Thanks for the time and assistance. Will look through the articles and improve my practise.

    Chris

  10. #10
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    We're glad to help.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •