Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware attacks Using Apple Bonjour !


  • Please log in to reply

#1
sub101uk

sub101uk

    Member

  • Member
  • PipPip
  • 39 posts

Just come across this site in the hope I can find some help to remove some Malware from my computer , O/S 7 Pro Service pack one . Location Thailand internet provider TOT 13 Gb , Router is a Forth  . One thing I did notice about this router is its open access you dont need a password to gain access , Yes you can change the password to what ever you want but any body can gain access with the default password of TOT . Please Note you can only use a TOT router with TOT internet . I might also add that this lap top is only used for work and not for down loading music or videos so I have no idea how Apple Bonjour came to be installed .

 

The problems started about a month ago with my Blue Tooth Mouse started doing strange things and the screen kept on locking up and the only way to unfree the screen was Ctrl + Aft + Delete and go into Task Manager and click on End Task and the screen would unfree its self . At the time I was running Avast and would give it a full scan finding nothing . I deleted Avast and installed ESET Security and started to find many threats but the more threats I deleted the more unstable to computer got .

 

2 x Blue Tooth mouse would be uncontrollable my wireless mouse stopped working so the only way to use cursor was to use the touch pad .

When I went to do a cold boot the computer would only boot up in low Res 1024 x 768 if you re booted the computer 4 or 5 times it might boot up in 1920 x 1080 .

 

Both Firefox and Chrome browsers with the mouse would just do there own thing clicking on strange sites .

 

Every week I make a back of my data on a 2TB Seagate I checked that the other day only to find no back ups , You can see on the amount of data on the drive its there but if you run the Seagate Dashboard and click on restore there are no back ups

 

Its clear someone has access to my computer and we need to remove the way there getting in which I think is Bonjour , I ran my Registry cleaning tool " Max Registry Cleaner " and found Apple Bonjour but as soon as I deleted the invalid entries it returned again I did contact Max Reg and they did a 3 hour remote access to my computer and said like me were unable to remove threat . I have tried many other programs and very few can find the problem let alone delete it . I ran AdwCleaner and found C:ProgramData\SecTaskMan  + C:\ProgramData Data\TaskMan which I deleted but my problem still remains . But its very clear to me unless I can remove Bonjour please have direct access to my computer , I have checked my IP and its changed every day I have even forced a IP change by unplugging the fibre from the router and restarting the router up .

 

When all my problems started I did what most people would do change out all drivers with new it was not until I removed the internet that the problems stopped . I might also add that what ever Mal ware is installed on my computer is very aggressive I tried to install Malwarebytes and after 6 attempts I got it installed only to find that most of the real time protection was turned off , The only way to get this program to run was offline but after it ran nothing was found so we need to close the access other wises the attacks will continue . If any one would like to see a copy of my log please let me know .Other wise I will get a replacement drive and do a total rebuild .

 

Many Thanks    

 

 

Attached Thumbnails

  • Every 5 - 10 minutes Apple Bonj.JPG
  • Items Found 03.01.2017.JPG

Attached Files


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP
Please do not attach the logs unless they are too big to copy & paste.  Multiple Replies are OK and are probably easier since there is less chance of losing a log.  We don't use Hijackthis as it has not been updated in years.
Also do not use any registry cleaners until after we are done.  (Don't really like the things anyway.)
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    •  
     
  • Get FRST from
  • You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
     
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Check the Addition.txt box
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     

     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    You appear to be missing some 
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
     
     
    Copy the next two lines:

    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 

    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
     

    • 0

    #3
    sub101uk

    sub101uk

      Member

    • Topic Starter
    • Member
    • PipPip
    • 39 posts

    Many Thanks for your reply I already have a copy of ADWCleaner on my desk Top , In the past its found " Task Man file " , " mystart.incredibar.com/mb118 and uk.ask.com " in the past I have deleted these files but they seem to return . If its to large I can send it in files .

    Many Thanks for all your time and help .

     

    # AdwCleaner v6.041 - Logfile created 04/01/2017 at 09:49:06
    # Updated on 16/12/2016 by Malwarebytes
    # Database : 2017-01-03.1 [Local]
    # Operating System : Windows 7 Professional Service Pack 1 (X64)
    # Username : Owner - OWNER-PC
    # Running from : C:\Users\Owner\Desktop\adwcleaner_6.041.exe
    # Mode: Clean
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****



    ***** [ Folders ] *****



    ***** [ Files ] *****



    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****



    ***** [ Web browsers ] *****

    [-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: mystart.incredibar.com/mb118
    [-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [2094 Bytes] - [21/12/2016 10:22:42]
    C:\AdwCleaner\AdwCleaner[C2].txt - [1213 Bytes] - [21/12/2016 14:33:04]
    C:\AdwCleaner\AdwCleaner[C3].txt - [1754 Bytes] - [28/12/2016 10:39:45]
    C:\AdwCleaner\AdwCleaner[C4].txt - [1973 Bytes] - [28/12/2016 22:51:09]
    C:\AdwCleaner\AdwCleaner[C5].txt - [2192 Bytes] - [31/12/2016 10:22:26]
    C:\AdwCleaner\AdwCleaner[C6].txt - [2287 Bytes] - [01/01/2017 19:24:58]
    C:\AdwCleaner\AdwCleaner[C7].txt - [2755 Bytes] - [03/01/2017 11:57:39]
    C:\AdwCleaner\AdwCleaner[C8].txt - [3272 Bytes] - [03/01/2017 23:44:23]
    C:\AdwCleaner\AdwCleaner[C9].txt - [1602 Bytes] - [04/01/2017 09:49:06]
    C:\AdwCleaner\AdwCleaner[S0].txt - [2102 Bytes] - [21/12/2016 10:22:32]
    C:\AdwCleaner\AdwCleaner[S10].txt - [2259 Bytes] - [31/12/2016 11:53:03]
    C:\AdwCleaner\AdwCleaner[S11].txt - [2406 Bytes] - [01/01/2017 19:24:17]
    C:\AdwCleaner\AdwCleaner[S12].txt - [2553 Bytes] - [03/01/2017 11:11:59]
    C:\AdwCleaner\AdwCleaner[S13].txt - [2806 Bytes] - [03/01/2017 11:40:32]
    C:\AdwCleaner\AdwCleaner[S14].txt - [2701 Bytes] - [03/01/2017 12:10:11]
    C:\AdwCleaner\AdwCleaner[S15].txt - [2775 Bytes] - [03/01/2017 12:31:21]
    C:\AdwCleaner\AdwCleaner[S16].txt - [2849 Bytes] - [03/01/2017 12:45:28]
    C:\AdwCleaner\AdwCleaner[S17].txt - [2923 Bytes] - [03/01/2017 13:10:23]
    C:\AdwCleaner\AdwCleaner[S18].txt - [2997 Bytes] - [03/01/2017 14:33:36]
    C:\AdwCleaner\AdwCleaner[S19].txt - [3323 Bytes] - [03/01/2017 23:43:45]
    C:\AdwCleaner\AdwCleaner[S1].txt - [1308 Bytes] - [21/12/2016 14:06:07]
    C:\AdwCleaner\AdwCleaner[S20].txt - [3219 Bytes] - [04/01/2017 00:12:13]
    C:\AdwCleaner\AdwCleaner[S21].txt - [3292 Bytes] - [04/01/2017 07:08:35]
    C:\AdwCleaner\AdwCleaner[S22].txt - [3366 Bytes] - [04/01/2017 07:55:31]
    C:\AdwCleaner\AdwCleaner[S23].txt - [3440 Bytes] - [04/01/2017 09:26:24]
    C:\AdwCleaner\AdwCleaner[S24].txt - [3508 Bytes] - [04/01/2017 09:38:54]
    C:\AdwCleaner\AdwCleaner[S25].txt - [3588 Bytes] - [04/01/2017 09:41:17]
    C:\AdwCleaner\AdwCleaner[S26].txt - [3842 Bytes] - [04/01/2017 09:48:19]
    C:\AdwCleaner\AdwCleaner[S2].txt - [1381 Bytes] - [21/12/2016 14:31:52]
    C:\AdwCleaner\AdwCleaner[S3].txt - [1527 Bytes] - [22/12/2016 21:35:34]
    C:\AdwCleaner\AdwCleaner[S4].txt - [1781 Bytes] - [24/12/2016 11:47:57]
    C:\AdwCleaner\AdwCleaner[S5].txt - [1853 Bytes] - [28/12/2016 10:39:26]
    C:\AdwCleaner\AdwCleaner[S6].txt - [1820 Bytes] - [28/12/2016 11:08:04]
    C:\AdwCleaner\AdwCleaner[S7].txt - [2072 Bytes] - [28/12/2016 22:50:57]
    C:\AdwCleaner\AdwCleaner[S8].txt - [2039 Bytes] - [30/12/2016 10:43:49]
    C:\AdwCleaner\AdwCleaner[S9].txt - [2291 Bytes] - [31/12/2016 10:22:08]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C9].txt - [3663 Bytes] ##########

     

    Junkware-Removal-Tool

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Junkware Removal Tool (JRT) by Malwarebytes

    Version: 8.1.0 (12.05.2016)

    Operating System: Windows 7 Professional x64

    Ran by Owner (Administrator) on 04/01/2017 at 10:15:19.85

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

     

     

     

    File System: 0

     

     

     

     

    Registry: 0

     

     

     

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Scan was completed on 04/01/2017 at 10:17:01.81

    End of JRT log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

     

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017

    Ran by Owner (administrator) on OWNER-PC (04-01-2017 10:29:09)

    Running from C:\Users\Owner\Desktop

    Loaded Profiles: Owner (Available Profiles: Owner)

    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)

    Internet Explorer Version 11 (Default browser: FF)

    Boot Mode: Normal

    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

     

    ==================== Processes (Whitelisted) =================

     

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

     

    (ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe

    (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

    (Microsoft Corporation) C:\Windows\System32\wlanext.exe

    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

    (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe

    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe

    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe

    (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe

    (Max Secure Software) C:\Program Files\Max Registry Cleaner\RCVistaService.exe

    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe

    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe

    () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe

    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

    (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

    (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe

    (SparkLabs) C:\Program Files\WiTopia\WiTopiaService.exe

    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe

    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

    (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe

    (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe

    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

    (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

    (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe

    (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe

    () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe

    (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe

    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

    () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe

    () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe

    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe

    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

    (Microsoft Corporation) C:\Windows\splwow64.exe

    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

     

    ==================== Registry (Whitelisted) ====================

     

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

     

    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-04-10] (Intel Corporation)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-06-03] (Realtek Semiconductor)

    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3011312 2013-04-08] (Synaptics Incorporated)

    HKLM\...\Run: [] => [X]

    HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [14056 2014-10-30] (Alienware)

    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp

    HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

    HKLM\...\Run: [RCAutoLiveUpdate] => C:\Program Files\Max Registry Cleaner\MaxLURC.exe [1819176 2014-12-24] (Max Secure Software)

    HKLM\...\Run: [Bluetooth Connection Assistant] => LBTWIZ.EXE -silent

    HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [243216 2008-12-18] (Logitech, Inc.)

    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)

    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-24] (Intel Corporation)

    HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [4434224 2013-08-21] ()

    HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-28] (ArcSoft Inc.)

    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

    HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2016-04-05] (Seagate Technology LLC)

    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

     

    ==================== Internet (Whitelisted) ====================

     

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

     

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    Tcpip\..\Interfaces\{742E9E9D-C325-4860-8B9E-37AF8EE072A7}: [DhcpNameServer] 10.118.0.1

    Tcpip\..\Interfaces\{A9883C7F-E971-4335-BC1A-A1D52F0A5D58}: [DhcpNameServer] 192.168.1.254

     

    Internet Explorer:

    ==================

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

    HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/

    HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com

    SearchScopes: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000 -> {3F03010E-69A6-4E9E-9B2F-7E94FF5B51BE} URL = hxxps://th.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default

    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File

    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)

    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-21] (Oracle Corporation)

    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)

    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-09] (Microsoft Corporation)

    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-21] (Oracle Corporation)

     

    FireFox:

    ========

    FF ProfilePath: C:\Users\Owner\AppData\Roaming\TomTom\HOME\Profiles\bq1l63w1.default [2016-03-14]

    FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [2016-02-17] [not signed]

    FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6i4yverv.default-1469598597873 [2017-01-04]

    FF NewTab: Mozilla\Firefox\Profiles\6i4yverv.default-1469598597873 -> about:newtab

    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\6i4yverv.default-1469598597873 -> Avast Search

    FF DefaultSearchUrl: Mozilla\Firefox\Profiles\6i4yverv.default-1469598597873 -> hxxps://search.avast.com/AV772/search/web?q={searchTerms}

    FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\6i4yverv.default-1469598597873 -> Avast Search

    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\6i4yverv.default-1469598597873 -> Avast Search

    FF Homepage: Mozilla\Firefox\Profiles\6i4yverv.default-1469598597873 -> hxxps://www.google.co.uk/

    FF Keyword.URL: Mozilla\Firefox\Profiles\6i4yverv.default-1469598597873 -> hxxps://search.avast.com/AV772/search/web?q={searchTerms}

    FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6i4yverv.default-1469598597873\Extensions\[email protected] [2017-01-01]

    FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]

    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-15] ()

    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)

    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-15] ()

    FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-05-18] (Foxit Corporation)

    FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-05-18] (Foxit Corporation)

    FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-05-18] (Foxit Corporation)

    FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-05-18] (Foxit Corporation)

    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)

    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-13] (Intel Corporation)

    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-13] (Intel Corporation)

    FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-21] (Oracle Corporation)

    FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-21] (Oracle Corporation)

    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)

    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-12] (NVIDIA Corporation)

    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-12] (NVIDIA Corporation)

    FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2014-11-28] ()

    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

    FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2016-02-01] ()

     

    Chrome:

    =======

    CHR HomePage: Default -> hxxp://www.google.co.uk/

    CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"

    CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2017-01-04]

    CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-23]

    CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-23]

    CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-23]

    CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-23]

    CHR Extension: (Foxit PDF Creator) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2016-12-23]

    CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-23]

    CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-23]

    CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-23]

    CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-23]

    CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-23]

    CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-12-31]

    CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\\plugins\Creator\ChromeAddin\ChromeAddin.crx [2016-06-23]

    CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\\plugins\Creator\ChromeAddin\ChromeAddin.crx [2016-06-23]

     

    ==================== Services (Whitelisted) ====================

     

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

     

    R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

    S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)

    R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2770312 2016-12-27] (ESET)

    S2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] ()

    R2 FoxitPhantomService; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.)

    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-10] (Intel Corporation)

    R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [172784 2016-07-23] (Intel Corporation)

    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

    R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]

    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)

    S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)

    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-13] (Intel Corporation)

    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)

    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-05-03] ()

    R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-13] (NVIDIA Corporation)

    S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-13] (NVIDIA Corporation)

    R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-13] (NVIDIA Corporation)

    S2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2016-12-13] (NVIDIA Corporation)

    R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [341504 2013-06-08] (Qualcomm Atheros) [File not signed]

    R2 RCVistaSvc; C:\Program Files\Max Registry Cleaner\RCVistaService.exe [2306088 2014-12-24] (Max Secure Software)

    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)

    R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2016-04-05] (Seagate Technology LLC)

    R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2016-04-05] (Seagate Technology LLC)

    R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [118424 2016-03-09] ()

    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)

    R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe [145984 2012-01-18] (ArcSoft, Inc.)

    S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] ()

    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    R2 WiTopiaService; C:\Program Files\WiTopia\WiTopiaService.exe [106696 2016-10-07] (SparkLabs)

    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-05-03] (Intel® Corporation)

     

    ===================== Drivers (Whitelisted) ======================

     

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

     

    R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2008-04-24] (ArcSoft, Inc.)

    R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)

    S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141800 2015-10-13] (Motorola Solutions, Inc.)

    R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1545704 2016-04-27] (Motorola Solutions, Inc.)

    R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-12-27] (ESET)

    R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-12-27] (ESET)

    R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [153216 2016-12-27] (ESET)

    R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [208520 2016-12-27] (ESET)

    R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61568 2016-12-27] (ESET)

    R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84616 2016-12-27] (ESET)

    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()

    R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-10] (Intel Corporation)

    R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [355080 2016-07-31] (Intel Corporation)

    R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)

    R1 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-03] (Malwarebytes)

    R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-04] (Malwarebytes)

    R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-04] (Malwarebytes)

    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-04] (Malwarebytes)

    R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-01-04] (Malwarebytes)

    R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3426576 2016-05-03] (Intel Corporation)

    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-13] (NVIDIA Corporation)

    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-12-13] (NVIDIA Corporation)

    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2014-05-06] (BlackBerry Limited)

    R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)

    R1 RsProxy; C:\Windows\system32\drivers\RsProxy.sys [15976 2015-03-19] ()

    S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-03-09] ()

    R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32496 2013-04-08] (Synaptics Incorporated)

    R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [87776 2013-04-11] (STMicroelectronics)

    S3 visctap0901; C:\Windows\System32\DRIVERS\visctap0901.sys [50416 2016-08-11] (The OpenVPN Project)

    R3 XtuAcpiDriver; C:\Windows\System32\DRIVERS\XtuAcpiDriver.sys [54344 2016-11-22] (Intel Corporation)

    U0 aswVmm; no ImagePath

     

    ==================== NetSvcs (Whitelisted) ===================

     

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

     

     

    ==================== One Month Created files and folders ========

     

    (If an entry is included in the fixlist, the file/folder will be moved.)

     

    2017-01-04 10:14 - 2017-01-04 10:17 - 00000554 _____ C:\Users\Owner\Desktop\JRT.txt

    2017-01-04 10:11 - 2017-01-04 10:11 - 01663040 _____ (Malwarebytes) C:\Users\Owner\Desktop\JRT.exe

    2017-01-04 10:09 - 2017-01-04 10:09 - 00000000 ____D C:\Users\Owner\Desktop\New folder

    2017-01-04 09:35 - 2017-01-04 09:36 - 03977168 _____ C:\Users\Owner\Desktop\AdwCleaner.exe

    2017-01-03 12:33 - 2017-01-03 12:33 - 00224968 _____ (ESET) C:\Users\Owner\Desktop\ESETPoweliksCleaner(1).exe

    2017-01-03 12:32 - 2017-01-03 12:32 - 00224968 _____ (ESET) C:\Users\Owner\Downloads\ESETPoweliksCleaner.exe

    2017-01-03 12:00 - 2017-01-04 10:29 - 00024096 _____ C:\Users\Owner\Desktop\FRST.txt

    2017-01-03 12:00 - 2017-01-03 12:15 - 00040044 _____ C:\Users\Owner\Desktop\Addition.txt

    2017-01-03 11:59 - 2017-01-04 10:29 - 00000000 ____D C:\FRST

    2017-01-03 11:54 - 2017-01-03 11:54 - 02418176 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe

    2017-01-03 11:31 - 2017-01-04 09:53 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys

    2017-01-03 11:31 - 2017-01-04 09:52 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys

    2017-01-03 11:31 - 2017-01-04 09:52 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

    2017-01-03 11:31 - 2017-01-03 11:31 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys

    2017-01-03 11:26 - 2017-01-04 09:52 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

    2017-01-03 11:25 - 2017-01-03 11:25 - 00001828 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

    2017-01-03 11:25 - 2017-01-03 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

    2017-01-03 11:25 - 2017-01-03 11:25 - 00000000 ____D C:\Program Files\Malwarebytes

    2017-01-03 11:25 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys

    2017-01-03 11:16 - 2017-01-03 11:17 - 54199488 _____ (Malwarebytes ) C:\Users\Owner\Desktop\mb3-setup-consumer-3.0.5.1299.exe

    2017-01-02 15:36 - 2017-01-02 15:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

    2017-01-02 15:01 - 2017-01-02 15:01 - 00000000 ____D C:\NPE

    2017-01-02 15:00 - 2016-12-31 10:39 - 00000118 _____ C:\Windows\ntbtlog.txt

    2017-01-02 14:59 - 2017-01-02 15:12 - 00000000 ____D C:\Users\Owner\AppData\Local\NPE

    2017-01-02 14:59 - 2017-01-02 14:59 - 00000000 ____D C:\ProgramData\Norton

    2017-01-01 09:23 - 2017-01-01 09:23 - 00001152 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk

    2017-01-01 09:23 - 2017-01-01 09:23 - 00001140 _____ C:\Users\Public\Desktop\Security Task Manager.lnk

    2017-01-01 09:23 - 2017-01-01 09:23 - 00000000 ____D C:\Program Files (x86)\Security Task Manager

    2017-01-01 09:22 - 2017-01-01 09:22 - 02840616 _____ C:\Users\Owner\Downloads\SecurityTaskManager_Setup.exe

    2016-12-31 12:06 - 2017-01-04 09:49 - 03212857 ____H C:\Users\Owner\AppData\Local\IconCache.db

    2016-12-31 11:21 - 2016-12-31 11:21 - 00003704 _____ C:\Windows\System32\Tasks\Owner

    2016-12-31 10:48 - 2017-01-04 10:09 - 00355014 _____ C:\Windows\WindowsUpdate.log

    2016-12-31 10:46 - 2016-12-31 10:46 - 00069456 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT

    2016-12-31 10:40 - 2017-01-04 09:52 - 00001546 _____ C:\Windows\setupact.log

    2016-12-31 10:40 - 2016-12-31 10:40 - 00000000 _____ C:\Windows\setuperr.log

    2016-12-31 10:39 - 2017-01-03 23:45 - 00002650 _____ C:\Windows\PFRO.log

    2016-12-31 10:39 - 2016-12-31 10:40 - 00317368 _____ C:\Windows\system32\FNTCACHE.DAT

    2016-12-31 10:17 - 2016-12-31 10:17 - 00000000 ____D C:\Program Files (x86)\VulkanRT

    2016-12-31 10:17 - 2016-12-12 01:23 - 00134712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

    2016-12-31 10:17 - 2016-09-10 01:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll

    2016-12-31 10:17 - 2016-09-10 01:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll

    2016-12-31 10:17 - 2016-09-10 01:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe

    2016-12-31 10:17 - 2016-09-10 01:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe

    2016-12-31 10:16 - 2016-12-12 09:37 - 00041334 _____ C:\Windows\system32\nvinfo.pb

    2016-12-31 08:05 - 2016-12-31 08:05 - 00108702 _____ C:\Users\Owner\Desktop\Desk Top Icons.JPG

    2016-12-30 23:15 - 2017-01-03 16:05 - 00000000 ____D C:\Users\Owner\Desktop\Max Registry Cleaner

    2016-12-30 12:21 - 2016-12-30 12:21 - 00003120 _____ C:\Windows\System32\Tasks\{A2C39715-CC36-4DBA-B963-4961EFD84C41}

    2016-12-30 09:41 - 2016-12-30 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech

    2016-12-30 09:40 - 2016-12-30 09:41 - 00000000 ____D C:\Program Files\Common Files\Logishrd

    2016-12-30 09:40 - 2016-12-30 09:40 - 00000000 ____D C:\Program Files\Logitech

    2016-12-28 18:22 - 2016-12-28 18:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ESET

    2016-12-28 18:20 - 2017-01-04 10:18 - 00524288 ___SH C:\Windows\system32\config\components{2418c57f-ccef-11e6-ab8f-a0a8cde36c96}.TMContainer00000000000000000001.regtrans-ms

    2016-12-28 18:20 - 2017-01-04 10:18 - 00065536 ___SH C:\Windows\system32\config\components{2418c57f-ccef-11e6-ab8f-a0a8cde36c96}.TM.blf

    2016-12-28 18:20 - 2016-12-28 18:30 - 00524288 ___SH C:\Windows\system32\config\components{2418c57f-ccef-11e6-ab8f-a0a8cde36c96}.TMContainer00000000000000000002.regtrans-ms

    2016-12-27 17:32 - 2016-12-27 17:32 - 00153216 _____ (ESET) C:\Windows\system32\Drivers\ekbdflt.sys

    2016-12-27 17:29 - 2016-12-27 17:29 - 00000000 ____D C:\Users\Owner\AppData\Local\ESET

    2016-12-27 17:28 - 2016-12-27 17:28 - 00001988 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk

    2016-12-27 17:28 - 2016-12-27 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET

    2016-12-27 17:28 - 2016-12-27 17:28 - 00000000 ____D C:\ProgramData\ESET

    2016-12-27 17:28 - 2016-12-27 17:28 - 00000000 ____D C:\Program Files\ESET

    2016-12-27 16:57 - 2016-12-31 06:46 - 00000000 ____D C:\Program Files (x86)\TeamViewer

    2016-12-27 16:57 - 2016-12-27 16:57 - 00001048 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk

    2016-12-27 16:57 - 2016-12-27 16:57 - 00001036 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk

    2016-12-27 14:46 - 2016-12-27 14:46 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ICCWDT_01009.Wdf

    2016-12-27 07:50 - 2016-12-31 11:20 - 00003492 _____ C:\Windows\System32\Tasks\Owner DBAgent 2 0

    2016-12-26 13:31 - 2016-12-28 11:01 - 00001064 _____ C:\Users\Public\Desktop\Max Registry Cleaner.lnk

    2016-12-26 13:31 - 2016-12-26 13:31 - 00000000 ____D C:\Windows\MaxSecureBackup

    2016-12-26 13:31 - 2016-12-26 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Registry Cleaner

    2016-12-24 16:42 - 2016-12-24 21:58 - 00003836 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

    2016-12-24 16:42 - 2016-12-24 21:58 - 00003832 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

    2016-12-24 16:42 - 2016-12-24 21:58 - 00003832 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

    2016-12-24 16:42 - 2016-12-24 21:58 - 00003824 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

    2016-12-24 16:42 - 2016-12-24 21:58 - 00003648 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

    2016-12-24 16:42 - 2016-12-24 21:58 - 00003588 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

    2016-12-24 16:42 - 2016-12-12 01:47 - 00001951 _____ C:\Windows\NvContainerRecovery.bat

    2016-12-24 09:10 - 2016-12-24 09:11 - 00000000 ____D C:\Users\Owner\AppData\Local\AvastSupport

    2016-12-24 06:18 - 2016-12-24 06:18 - 00000000 ____D C:\Users\Owner\AppData\Roaming\NVIDIA

    2016-12-23 11:22 - 2017-01-03 16:10 - 00016024 _____ C:\Users\Owner\Desktop\hijackthis 03.01.2017.log

    2016-12-23 11:16 - 2016-12-23 11:16 - 00388608 _____ (Trend Micro Inc.) C:\Users\Owner\Desktop\HijackThis.exe

    2016-12-23 05:58 - 2016-12-23 05:58 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

    2016-12-23 05:58 - 2016-12-23 05:58 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk

    2016-12-21 19:52 - 2016-12-21 23:32 - 00000000 ____D C:\Users\Owner\Desktop\forth Router

    2016-12-21 13:57 - 2016-07-20 02:19 - 00715424 _____ (Sysinternals - www.sysinternals.com) C:\Users\Owner\Desktop\Autoruns.exe

    2016-12-21 13:57 - 2006-06-26 04:05 - 00442368 _____ (Steven R. Gould) C:\Users\Owner\Desktop\Cleanup.exe

    2016-12-21 13:45 - 2016-12-19 15:19 - 03977168 _____ C:\Users\Owner\Desktop\adwcleaner_6.041.exe

    2016-12-21 10:35 - 2016-12-21 13:29 - 00000000 ___RD C:\Program Files (x86)\Skype

    2016-12-21 10:35 - 2016-12-21 10:35 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk

    2016-12-21 10:35 - 2016-12-21 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

    2016-12-21 10:18 - 2017-01-04 09:49 - 00000000 ____D C:\AdwCleaner

    2016-12-21 09:53 - 2016-12-27 16:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TeamViewer

    2016-12-21 08:56 - 2016-12-28 11:57 - 00524288 ___SH C:\Windows\system32\config\components{3ff5b424-c720-11e6-b8cc-d823ae52fd8d}.TMContainer00000000000000000001.regtrans-ms

    2016-12-21 08:56 - 2016-12-28 11:57 - 00065536 ___SH C:\Windows\system32\config\components{3ff5b424-c720-11e6-b8cc-d823ae52fd8d}.TM.blf

    2016-12-21 08:56 - 2016-12-21 08:56 - 00524288 ___SH C:\Windows\system32\config\components{3ff5b424-c720-11e6-b8cc-d823ae52fd8d}.TMContainer00000000000000000002.regtrans-ms

    2016-12-20 01:38 - 2017-01-04 09:52 - 4218486784 ___SH C:\pagefile.sys

    2016-12-19 19:37 - 2016-12-19 19:37 - 00000000 ____D C:\Program Files (x86)\Windows Installer Clean Up

    2016-12-19 19:36 - 2016-12-19 19:36 - 00003114 _____ C:\Windows\System32\Tasks\{62D5BDD0-602B-4C6C-AAB8-469CB87A0460}

    2016-12-19 19:36 - 2016-12-19 19:36 - 00000000 ____D C:\Program Files (x86)\MSECACHE

    2016-12-19 07:18 - 2016-12-12 09:37 - 40125496 _____ C:\Windows\system32\nvcompiler.dll

    2016-12-19 07:18 - 2016-12-12 09:37 - 35222976 _____ C:\Windows\SysWOW64\nvcompiler.dll

    2016-12-19 07:18 - 2016-12-12 09:37 - 34703416 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

    2016-12-19 07:18 - 2016-12-12 09:37 - 28138432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

    2016-12-19 07:18 - 2016-12-12 09:37 - 14073400 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

    2016-12-19 07:18 - 2016-12-12 09:37 - 10912744 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll

    2016-12-19 07:18 - 2016-12-12 09:37 - 10795312 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

    2016-12-19 07:18 - 2016-12-12 09:37 - 10345696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

    2016-12-19 07:18 - 2016-12-12 09:37 - 09151216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

    2016-12-19 07:18 - 2016-12-12 09:37 - 08913328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll

    2016-12-19 07:18 - 2016-12-12 09:37 - 08753832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

    2016-12-19 07:18 - 2016-12-12 09:37 - 03640376 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

    2016-12-19 07:18 - 2016-12-12 09:37 - 03206080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

    2016-12-19 07:18 - 2016-12-12 09:37 - 01953336 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437633.dll

    2016-12-19 07:18 - 2016-12-12 09:37 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437633.dll

    2016-12-19 07:18 - 2016-12-12 09:37 - 01036224 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

    2016-12-19 07:18 - 2016-12-12 09:37 - 00975416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

    2016-12-19 07:18 - 2016-12-12 09:37 - 00944184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

    2016-12-19 07:18 - 2016-12-12 09:37 - 00896056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

    2016-12-19 07:18 - 2016-12-12 09:37 - 00683640 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll

    2016-12-19 07:18 - 2016-12-12 09:37 - 00572888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll

    2016-12-19 07:18 - 2016-12-12 09:37 - 00521096 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll

    2016-12-19 07:18 - 2016-12-12 09:37 - 00438208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll

    2016-12-19 07:18 - 2016-12-12 09:37 - 00435904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll

    2016-12-19 07:18 - 2016-12-12 09:37 - 00388544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll

    2016-12-19 06:27 - 2016-12-24 21:58 - 00001417 _____ C:\Users\Public\Desktop\GeForce Experience.lnk

    2016-12-19 06:27 - 2016-12-12 21:36 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat

    2016-12-18 07:56 - 2016-12-18 09:01 - 00524288 ___SH C:\Users\Owner\ntuser.dat{1f2ac3cd-c4bc-11e6-bced-ab41cb59da8c}.TMContainer00000000000000000002.regtrans-ms

    2016-12-18 07:56 - 2016-12-18 09:01 - 00524288 ___SH C:\Users\Owner\ntuser.dat{1f2ac3cd-c4bc-11e6-bced-ab41cb59da8c}.TMContainer00000000000000000001.regtrans-ms

    2016-12-18 07:56 - 2016-12-18 09:01 - 00065536 ___SH C:\Users\Owner\ntuser.dat{1f2ac3cd-c4bc-11e6-bced-ab41cb59da8c}.TM.blf

    2016-12-17 17:47 - 2017-01-04 09:52 - 00003320 _____ C:\ProgramData\NvTelemetryContainer.log

    2016-12-17 17:47 - 2017-01-04 09:51 - 00003320 _____ C:\ProgramData\NvTelemetryContainer.log_backup1

    2016-12-17 17:47 - 2016-12-17 17:47 - 00000000 ____D C:\Users\Owner\AppData\Local\Chromium

    2016-12-17 17:46 - 2016-12-13 06:30 - 00156096 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll

    2016-12-17 17:46 - 2016-12-13 06:30 - 00123840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

    2016-12-17 17:46 - 2016-12-13 06:30 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

    2016-12-15 07:04 - 2016-12-15 07:04 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_XtuAcpiDriver_01011.Wdf

    2016-12-15 07:03 - 2016-11-22 01:16 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

    2016-12-15 07:03 - 2016-11-22 01:16 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

    2016-12-15 07:03 - 2016-11-22 01:12 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

    2016-12-15 07:03 - 2016-11-22 01:12 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

    2016-12-15 07:03 - 2016-11-22 01:12 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

    2016-12-15 07:03 - 2016-11-22 01:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

    2016-12-15 07:03 - 2016-11-22 01:12 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

    2016-12-15 07:03 - 2016-11-22 01:12 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

    2016-12-15 07:03 - 2016-11-22 01:12 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

    2016-12-15 07:03 - 2016-11-22 01:12 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

    2016-12-15 07:03 - 2016-11-22 01:12 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

    2016-12-15 07:03 - 2016-11-22 01:12 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll

    2016-12-15 07:03 - 2016-11-22 01:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

    2016-12-15 07:03 - 2016-11-22 01:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

    2016-12-15 07:03 - 2016-11-22 01:12 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll

    2016-12-15 07:03 - 2016-11-22 01:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll

    2016-12-15 07:03 - 2016-11-22 01:12 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

    2016-12-15 07:03 - 2016-11-22 01:12 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

    2016-12-15 07:03 - 2016-11-22 01:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

    2016-12-15 07:03 - 2016-11-22 01:12 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

    2016-12-15 07:03 - 2016-11-22 01:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

    2016-12-15 07:03 - 2016-11-22 01:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

    2016-12-15 07:03 - 2016-11-20 23:20 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

    2016-12-15 07:03 - 2016-11-20 23:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

    2016-12-15 07:03 - 2016-11-20 23:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

    2016-12-15 07:03 - 2016-11-20 23:20 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll

    2016-12-15 07:03 - 2016-11-20 23:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

    2016-12-15 07:03 - 2016-11-20 23:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

    2016-12-15 07:03 - 2016-11-20 23:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

    2016-12-15 07:03 - 2016-11-20 23:19 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

    2016-12-15 07:03 - 2016-11-20 23:19 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

    2016-12-15 07:03 - 2016-11-20 23:19 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

    2016-12-15 07:03 - 2016-11-20 23:19 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

    2016-12-15 07:03 - 2016-11-20 23:19 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

    2016-12-15 07:03 - 2016-11-20 23:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll

    2016-12-15 07:03 - 2016-11-20 23:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll

    2016-12-15 07:03 - 2016-11-20 23:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

    2016-12-15 07:03 - 2016-11-20 23:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

    2016-12-15 07:03 - 2016-11-20 23:19 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

    2016-12-15 07:03 - 2016-11-20 23:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

    2016-12-15 07:03 - 2016-11-20 22:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

    2016-12-15 07:03 - 2016-11-20 22:57 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

    2016-12-15 07:03 - 2016-11-20 22:57 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

    2016-12-15 07:03 - 2016-11-20 22:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

    2016-12-15 07:03 - 2016-11-20 22:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

    2016-12-15 07:03 - 2016-11-20 22:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

    2016-12-15 07:03 - 2016-11-20 21:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

    2016-12-15 07:03 - 2016-11-17 23:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys

    2016-12-15 07:03 - 2016-11-15 06:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

    2016-12-15 07:03 - 2016-11-15 05:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

    2016-12-15 07:03 - 2016-11-13 02:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

    2016-12-15 07:03 - 2016-11-13 02:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

    2016-12-15 07:03 - 2016-11-13 02:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

    2016-12-15 07:03 - 2016-11-13 02:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

    2016-12-15 07:03 - 2016-11-13 02:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

    2016-12-15 07:03 - 2016-11-13 02:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

    2016-12-15 07:03 - 2016-11-13 02:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

    2016-12-15 07:03 - 2016-11-13 02:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

    2016-12-15 07:03 - 2016-11-13 02:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

    2016-12-15 07:03 - 2016-11-13 02:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

    2016-12-15 07:03 - 2016-11-13 02:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

    2016-12-15 07:03 - 2016-11-13 02:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

    2016-12-15 07:03 - 2016-11-13 02:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

    2016-12-15 07:03 - 2016-11-13 02:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

    2016-12-15 07:03 - 2016-11-13 02:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

    2016-12-15 07:03 - 2016-11-13 02:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

    2016-12-15 07:03 - 2016-11-13 01:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

    2016-12-15 07:03 - 2016-11-13 01:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

    2016-12-15 07:03 - 2016-11-13 01:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

    2016-12-15 07:03 - 2016-11-13 01:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

    2016-12-15 07:03 - 2016-11-13 01:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

    2016-12-15 07:03 - 2016-11-13 01:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

    2016-12-15 07:03 - 2016-11-13 01:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

    2016-12-15 07:03 - 2016-11-13 01:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

    2016-12-15 07:03 - 2016-11-13 01:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

    2016-12-15 07:03 - 2016-11-13 01:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

    2016-12-15 07:03 - 2016-11-13 01:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

    2016-12-15 07:03 - 2016-11-13 01:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

    2016-12-15 07:03 - 2016-11-13 01:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

    2016-12-15 07:03 - 2016-11-13 01:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

    2016-12-15 07:03 - 2016-11-13 01:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

    2016-12-15 07:03 - 2016-11-13 01:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

    2016-12-15 07:03 - 2016-11-13 01:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

    2016-12-15 07:03 - 2016-11-13 01:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

    2016-12-15 07:03 - 2016-11-13 01:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

    2016-12-15 07:03 - 2016-11-13 01:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

    2016-12-15 07:03 - 2016-11-13 01:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

    2016-12-15 07:03 - 2016-11-13 01:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

    2016-12-15 07:03 - 2016-11-13 01:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

    2016-12-15 07:03 - 2016-11-13 01:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

    2016-12-15 07:03 - 2016-11-13 01:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

    2016-12-15 07:03 - 2016-11-13 01:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

    2016-12-15 07:03 - 2016-11-13 01:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

    2016-12-15 07:03 - 2016-11-13 01:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

    2016-12-15 07:03 - 2016-11-13 01:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

    2016-12-15 07:03 - 2016-11-13 00:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

    2016-12-15 07:03 - 2016-11-13 00:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

    2016-12-15 07:03 - 2016-11-13 00:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

    2016-12-15 07:03 - 2016-11-13 00:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

    2016-12-15 07:03 - 2016-11-13 00:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

    2016-12-15 07:03 - 2016-11-13 00:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

    2016-12-15 07:03 - 2016-11-13 00:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

    2016-12-15 07:03 - 2016-11-13 00:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

    2016-12-15 07:03 - 2016-11-13 00:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

    2016-12-15 07:03 - 2016-11-13 00:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

    2016-12-15 07:03 - 2016-11-13 00:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

    2016-12-15 07:03 - 2016-11-13 00:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

    2016-12-15 07:03 - 2016-11-13 00:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

    2016-12-15 07:03 - 2016-11-13 00:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

    2016-12-15 07:03 - 2016-11-13 00:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

    2016-12-15 07:03 - 2016-11-13 00:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

    2016-12-15 07:03 - 2016-11-13 00:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

    2016-12-15 07:03 - 2016-11-13 00:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

    2016-12-15 07:03 - 2016-11-13 00:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

    2016-12-15 07:03 - 2016-11-10 23:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll

    2016-12-15 07:03 - 2016-11-10 23:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll

    2016-12-15 07:03 - 2016-11-09 23:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

    2016-12-15 07:03 - 2016-11-09 23:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

    2016-12-15 07:03 - 2016-11-09 23:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

    2016-12-15 07:03 - 2016-11-09 23:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

    2016-12-15 07:03 - 2016-11-09 23:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

    2016-12-15 07:03 - 2016-11-09 23:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll

    2016-12-15 07:03 - 2016-11-09 23:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

    2016-12-15 07:03 - 2016-11-09 23:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

    2016-12-15 07:03 - 2016-11-09 23:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

    2016-12-15 07:03 - 2016-11-09 23:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

    2016-12-15 07:03 - 2016-11-09 23:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll

    2016-12-15 07:03 - 2016-11-09 23:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

    2016-12-15 07:03 - 2016-11-09 23:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe

    2016-12-15 07:03 - 2016-11-09 22:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe

    2016-12-15 07:03 - 2016-11-06 23:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

    2016-12-15 07:03 - 2016-11-06 23:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

    2016-12-15 07:03 - 2016-11-06 23:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

    2016-12-15 07:03 - 2016-10-27 22:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

    2016-12-15 07:03 - 2016-10-27 22:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll

    2016-12-14 20:10 - 2016-12-15 23:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

    2016-12-14 10:10 - 2016-12-14 10:10 - 00010054 _____ C:\Windows\SysWOW64\test.bmp

    2016-12-14 06:43 - 2016-12-14 06:48 - 00524288 ___SH C:\Users\Owner\ntuser.dat{beb5abc2-c185-11e6-b5ff-e4d146d3197f}.TMContainer00000000000000000002.regtrans-ms

    2016-12-14 06:43 - 2016-12-14 06:48 - 00524288 ___SH C:\Users\Owner\ntuser.dat{beb5abc2-c185-11e6-b5ff-e4d146d3197f}.TMContainer00000000000000000001.regtrans-ms

    2016-12-14 06:43 - 2016-12-14 06:48 - 00065536 ___SH C:\Users\Owner\ntuser.dat{beb5abc2-c185-11e6-b5ff-e4d146d3197f}.TM.blf

    2016-12-13 10:12 - 2016-12-14 06:43 - 00000000 ____D C:\Program Files (x86)\Innovative Solutions

    2016-12-12 15:18 - 2016-12-12 09:37 - 17376896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

    2016-12-12 15:18 - 2016-12-12 09:37 - 14410472 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

    2016-12-12 15:18 - 2016-12-03 03:42 - 00212936 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys

    2016-12-12 15:18 - 2016-12-03 03:42 - 00046024 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll

    2016-12-12 15:18 - 2016-12-02 02:52 - 01951680 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437619.dll

    2016-12-12 15:18 - 2016-12-02 02:52 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437619.dll

    2016-12-12 15:18 - 2016-12-02 02:52 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json

    2016-12-12 15:18 - 2016-12-02 02:52 - 00000669 _____ C:\Windows\system32\nv-vk64.json

    2016-12-12 14:55 - 2016-12-21 08:44 - 00524288 ___SH C:\Windows\system32\config\components{e0733e4a-c036-11e6-b068-d4b2c5db6a7a}.TMContainer00000000000000000001.regtrans-ms

    2016-12-12 14:55 - 2016-12-21 08:44 - 00065536 ___SH C:\Windows\system32\config\components{e0733e4a-c036-11e6-b068-d4b2c5db6a7a}.TM.blf

    2016-12-12 14:55 - 2016-12-12 14:56 - 00524288 ___SH C:\Windows\system32\config\components{e0733e4a-c036-11e6-b068-d4b2c5db6a7a}.TMContainer00000000000000000002.regtrans-ms

    2016-12-12 12:46 - 2016-12-12 13:46 - 00524288 ___SH C:\Users\Owner\ntuser.dat{b14be9c5-c02c-11e6-a112-a0a8cde36c96}.TMContainer00000000000000000002.regtrans-ms

    2016-12-12 12:46 - 2016-12-12 13:46 - 00524288 ___SH C:\Users\Owner\ntuser.dat{b14be9c5-c02c-11e6-a112-a0a8cde36c96}.TMContainer00000000000000000001.regtrans-ms

    2016-12-12 12:46 - 2016-12-12 13:46 - 00065536 ___SH C:\Users\Owner\ntuser.dat{b14be9c5-c02c-11e6-a112-a0a8cde36c96}.TM.blf

    2016-12-12 12:35 - 2016-12-12 12:44 - 00524288 ___SH C:\Users\Owner\ntuser.dat{9d057f09-c027-11e6-9c74-87b9a3541b26}.TMContainer00000000000000000002.regtrans-ms

    2016-12-12 12:35 - 2016-12-12 12:44 - 00524288 ___SH C:\Users\Owner\ntuser.dat{9d057f09-c027-11e6-9c74-87b9a3541b26}.TMContainer00000000000000000001.regtrans-ms

    2016-12-12 12:35 - 2016-12-12 12:44 - 00065536 ___SH C:\Users\Owner\ntuser.dat{9d057f09-c027-11e6-9c74-87b9a3541b26}.TM.blf

    2016-12-10 23:48 - 2016-12-10 23:48 - 00000000 ____D C:\ProgramData\VS Revo Group

    2016-12-10 22:10 - 2016-12-12 11:19 - 00524288 ___SH C:\Windows\system32\config\components{4f6dfd67-beea-11e6-8b9a-8f0855889368}.TMContainer00000000000000000001.regtrans-ms

    2016-12-10 22:10 - 2016-12-12 11:19 - 00065536 ___SH C:\Windows\system32\config\components{4f6dfd67-beea-11e6-8b9a-8f0855889368}.TM.blf

    2016-12-10 22:10 - 2016-12-10 22:20 - 00524288 ___SH C:\Windows\system32\config\components{4f6dfd67-beea-11e6-8b9a-8f0855889368}.TMContainer00000000000000000002.regtrans-ms

    2016-12-10 21:56 - 2016-12-10 21:56 - 00000000 ____D C:\Program Files\Intel Driver Update Utility

     

    ==================== One Month Modified files and folders ========

     

    (If an entry is included in the fixlist, the file/folder will be moved.)

     

    2017-01-04 10:27 - 2015-02-20 23:21 - 00000000 ____D C:\Users\Owner\Desktop\Winword

    2017-01-04 10:25 - 2016-11-19 07:53 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla

    2017-01-04 10:15 - 2015-02-12 19:42 - 00000000 ____D C:\ProgramData\NVIDIA

    2017-01-04 10:00 - 2009-07-14 11:45 - 00026928 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    2017-01-04 10:00 - 2009-07-14 11:45 - 00026928 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    2017-01-04 09:52 - 2009-07-14 12:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

    2017-01-04 09:44 - 2015-02-20 18:12 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype

    2017-01-04 07:46 - 2015-02-20 17:58 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{049A4847-1101-44F8-B703-1DAD425BE0FA}

    2017-01-04 07:06 - 2016-07-04 18:26 - 00000000 ____D C:\ProgramData\Foxit Software

    2017-01-02 15:36 - 2015-04-12 00:19 - 00000000 ____D C:\ProgramData\Malwarebytes

    2017-01-02 11:29 - 2015-03-19 21:56 - 00000000 ____D C:\Users\Owner\Desktop\ROV

    2017-01-02 05:42 - 2016-03-10 16:45 - 00000000 ____D C:\Users\Owner\Desktop\2016 - 2017 O2 Phone Bill

    2017-01-02 05:33 - 2009-07-14 12:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT

    2017-01-01 18:14 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\inf

    2016-12-31 17:27 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\LogFiles

    2016-12-31 10:58 - 2015-04-02 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

    2016-12-31 10:56 - 2015-08-12 21:44 - 00004235 _____ C:\Users\Owner\AppData\Roaming\Rim.DesktopHelper.Exception.log

    2016-12-31 10:56 - 2015-08-12 21:44 - 00004081 _____ C:\Users\Owner\AppData\Roaming\Rim.Desktop.Exception.log

    2016-12-31 10:54 - 2016-04-11 09:00 - 00000000 ____D C:\Users\Owner\Desktop\Bike Lift

    2016-12-31 10:48 - 2015-02-10 16:41 - 00000000 ____D C:\Windows\SoftwareDistribution

    2016-12-31 10:44 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\System32

    2016-12-31 10:43 - 2009-07-14 11:45 - 00012288 _____ C:\Windows\system32\umstartup.etl

    2016-12-31 10:18 - 2015-08-22 07:24 - 00000000 ____D C:\temp

    2016-12-31 10:18 - 2015-02-12 19:42 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

    2016-12-31 10:18 - 2015-02-12 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

    2016-12-31 10:17 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\SysWOW64

    2016-12-31 10:17 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\DriverStore

    2016-12-31 10:16 - 2015-02-19 17:08 - 00000442 ___SH C:\Users\Owner\Desktop\desktop.ini

    2016-12-31 10:16 - 2009-07-14 11:54 - 00000174 ___SH C:\Users\Public\Desktop\desktop.ini

    2016-12-31 10:16 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\catroot2

    2016-12-31 10:04 - 2009-07-14 11:45 - 00021504 _____ C:\Windows\system32\umstartup000.etl

    2016-12-31 08:56 - 2015-03-19 05:06 - 00000000 ___RD C:\Users\Owner\Desktop\Downloads

    2016-12-31 08:32 - 2015-03-20 16:53 - 00000000 ____D C:\Users\Owner\Desktop\mis

    2016-12-30 12:29 - 2016-06-27 01:09 - 00000000 ____D C:\Windows\pss

    2016-12-30 12:29 - 2015-02-19 17:08 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

    2016-12-30 12:29 - 2009-07-14 10:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

    2016-12-30 09:42 - 2015-11-11 11:52 - 00000000 __SHD C:\Config.Msi

    2016-12-30 09:42 - 2015-02-10 16:43 - 00000000 __SHD C:\Windows\Installer

    2016-12-30 09:41 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\winsxs

    2016-12-30 09:40 - 2015-11-13 12:14 - 00000000 ____D C:\ProgramData\Logitech

    2016-12-30 09:40 - 2015-02-10 16:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

    2016-12-30 09:40 - 2009-07-14 10:20 - 00000000 ____D C:\Program Files\Common Files

    2016-12-30 09:34 - 2015-11-13 12:11 - 00000000 ____D C:\ProgramData\Logishrd

    2016-12-29 22:43 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\NDF

    2016-12-29 07:02 - 2009-07-14 12:13 - 00784286 _____ C:\Windows\system32\PerfStringBackup.INI

    2016-12-29 07:02 - 2009-07-14 09:36 - 00668134 _____ C:\Windows\system32\perfh009.dat

    2016-12-29 07:02 - 2009-07-14 09:36 - 00127276 _____ C:\Windows\system32\perfc009.dat

    2016-12-28 18:49 - 2015-11-13 12:14 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys

    2016-12-28 18:22 - 2015-02-19 17:08 - 00000000 ____D C:\Users\Owner\AppData\Roaming

    2016-12-28 18:12 - 2015-11-13 10:27 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Logishrd

    2016-12-28 10:55 - 2015-02-19 17:08 - 00000000 ___RD C:\Users\Owner\Pictures

    2016-12-28 10:11 - 2009-07-14 12:32 - 00000000 ____D C:\Windows\SysWOW64\LogFiles

    2016-12-27 17:32 - 2016-06-23 14:31 - 00262792 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys

    2016-12-27 17:32 - 2016-06-23 14:31 - 00208520 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys

    2016-12-27 17:32 - 2016-06-23 14:31 - 00197248 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys

    2016-12-27 17:32 - 2016-06-23 14:31 - 00084616 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys

    2016-12-27 17:32 - 2016-06-23 14:31 - 00061568 _____ (ESET) C:\Windows\system32\Drivers\EpfwLWF.sys

    2016-12-27 17:29 - 2009-07-14 11:45 - 00000000 ___SD C:\Windows\system32\Microsoft

    2016-12-27 17:23 - 2015-02-28 03:46 - 00000966 _____ C:\Users\Owner\Documents\2FBA5EFE-0000002F.eml

    2016-12-27 17:13 - 2015-02-20 17:48 - 00000000 ____D C:\ProgramData\AVAST Software

    2016-12-27 16:57 - 2009-07-14 10:20 - 00000000 __RSD C:\Windows\Fonts

    2016-12-26 13:31 - 2016-11-07 08:42 - 00000000 ____D C:\Program Files\Max Registry Cleaner

    2016-12-24 21:58 - 2015-02-12 19:42 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

    2016-12-24 21:58 - 2015-02-12 19:41 - 00000000 ____D C:\Program Files\NVIDIA Corporation

    2016-12-24 13:37 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\config\RegBack

    2016-12-23 05:58 - 2015-02-12 19:34 - 00000000 ____D C:\Program Files (x86)\Google

    2016-12-22 09:38 - 2016-08-16 06:48 - 00011866 _____ C:\Windows\SysWOW64\swhealthex.log

    2016-12-21 14:03 - 2016-06-24 13:03 - 00000000 ____D C:\Windows\System32\Tasks\Intel

    2016-12-21 14:03 - 2015-12-03 22:17 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software

    2016-12-21 14:03 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\Tasks

    2016-12-21 13:29 - 2015-02-20 18:12 - 00000000 ____D C:\ProgramData\Skype

    2016-12-21 10:22 - 2015-02-19 17:08 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

    2016-12-19 07:18 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\catroot

    2016-12-19 06:27 - 2015-02-19 17:08 - 00000000 ____D C:\Users\Owner\AppData\Local\NVIDIA Corporation

    2016-12-19 06:27 - 2015-02-10 16:56 - 00000000 ____D C:\ProgramData\Package Cache

    2016-12-18 09:39 - 2015-03-19 23:04 - 00000000 ____D C:\Users\Owner\AppData\Local\Diagnostics

    2016-12-18 07:56 - 2015-02-19 17:08 - 00000000 ____D C:\Users\Owner\AppData\Local\NVIDIA

    2016-12-18 07:55 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\wfp

    2016-12-18 07:55 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\wbem

    2016-12-18 07:55 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\config\TxR

    2016-12-18 07:54 - 2015-02-10 16:57 - 00000000 ___HD C:\Windows\system32\WLANProfiles

    2016-12-18 07:54 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\config\systemprofile

    2016-12-18 07:54 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\security

    2016-12-18 07:54 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\registration

    2016-12-18 07:54 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\Help

    2016-12-17 17:10 - 2015-04-02 22:22 - 00000801 _____ C:\Users\Owner\Desktop\CCleaner.lnk

    2016-12-17 11:43 - 2016-06-26 00:16 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files

    2016-12-15 23:08 - 2015-02-20 04:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

    2016-12-15 13:42 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\rescache

    2016-12-15 07:57 - 2015-02-28 05:46 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

    2016-12-15 07:57 - 2015-02-28 05:46 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

    2016-12-15 07:57 - 2015-02-28 05:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed

    2016-12-15 07:57 - 2015-02-28 05:46 - 00000000 ____D C:\Windows\system32\Macromed

    2016-12-15 07:42 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\Microsoft.NET

    2016-12-15 07:41 - 2009-07-14 10:20 - 00000000 __RSD C:\Windows\assembly

    2016-12-15 07:22 - 2009-07-14 11:45 - 00000000 ____D C:\Windows\debug

    2016-12-15 07:09 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\SysWOW64\en-US

    2016-12-15 07:09 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\en-US

    2016-12-15 07:09 - 2009-07-14 10:20 - 00000000 ____D C:\Program Files\Internet Explorer

    2016-12-15 07:09 - 2009-07-14 10:20 - 00000000 ____D C:\Program Files (x86)\Internet Explorer

    2016-12-15 07:08 - 2015-02-20 21:41 - 00000000 ____D C:\ProgramData\Microsoft Help

    2016-12-15 07:08 - 2015-02-19 17:35 - 00000000 ____D C:\Windows\system32\MRT

    2016-12-15 07:07 - 2015-02-19 17:35 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

    2016-12-15 07:05 - 2015-02-10 16:46 - 00768596 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

    2016-12-15 07:02 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\Logs

    2016-12-14 06:43 - 2016-06-27 07:41 - 00000000 ____D C:\ProgramData\Innovative Solutions

    2016-12-14 06:43 - 2015-03-19 04:32 - 00000000 ____D C:\Program Files (x86)\HP Button Manager

    2016-12-13 06:30 - 2016-10-07 19:25 - 01853376 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

    2016-12-13 06:30 - 2016-10-07 19:25 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll

    2016-12-13 06:30 - 2016-10-07 19:25 - 01452480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll

    2016-12-13 06:30 - 2016-10-07 19:25 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll

    2016-12-13 06:30 - 2016-10-07 19:25 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll

    2016-12-12 12:45 - 2016-06-24 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility

    2016-12-12 12:45 - 2016-06-24 13:03 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility

    2016-12-12 12:45 - 2015-03-19 03:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ArcSoft

    2016-12-12 12:45 - 2015-02-21 01:06 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Google

    2016-12-12 12:45 - 2015-02-20 21:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Eusing

    2016-12-12 12:45 - 2015-02-10 16:43 - 00000000 ____D C:\ProgramData\Intel

    2016-12-12 12:45 - 2015-02-10 16:43 - 00000000 ____D C:\Program Files\Intel

    2016-12-12 12:45 - 2015-02-10 16:43 - 00000000 ____D C:\Program Files (x86)\Intel

    2016-12-12 12:45 - 2009-07-14 10:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

    2016-12-12 09:37 - 2015-08-22 07:23 - 17436808 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

    2016-12-12 09:37 - 2015-03-31 19:15 - 03479744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

    2016-12-12 09:37 - 2015-02-12 19:41 - 19947472 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll

    2016-12-12 09:37 - 2015-02-12 19:41 - 03941536 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

    2016-12-12 01:47 - 2016-09-22 23:03 - 00548408 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll

    2016-12-12 01:47 - 2016-09-22 23:03 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll

    2016-12-12 01:47 - 2015-02-12 19:42 - 06384576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

    2016-12-12 01:47 - 2015-02-12 19:42 - 02475968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll

    2016-12-12 01:47 - 2015-02-12 19:42 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll

    2016-12-12 01:47 - 2015-02-12 19:42 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

    2016-12-12 01:47 - 2015-02-12 19:42 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

    2016-12-10 21:54 - 2016-09-23 07:39 - 00524288 ___SH C:\Windows\system32\config\components{bd139d52-8125-11e6-8974-a0a8cde36c9a}.TMContainer00000000000000000002.regtrans-ms

    2016-12-10 21:54 - 2016-09-23 07:39 - 00065536 ___SH C:\Windows\system32\config\components{bd139d52-8125-11e6-8974-a0a8cde36c9a}.TM.blf

    2016-12-09 15:52 - 2015-02-12 19:42 - 07639617 _____ C:\Windows\system32\nvcoproc.bin

    2016-12-05 13:58 - 2016-02-01 10:31 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps

     

    ==================== Files in the root of some directories =======

     

    2015-08-12 21:44 - 2016-12-31 10:56 - 0004081 _____ () C:\Users\Owner\AppData\Roaming\Rim.Desktop.Exception.log

    2015-08-12 21:43 - 2015-08-12 21:43 - 0001153 _____ () C:\Users\Owner\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

    2015-08-12 21:44 - 2016-12-31 10:56 - 0004235 _____ () C:\Users\Owner\AppData\Roaming\Rim.DesktopHelper.Exception.log

    2016-06-11 07:41 - 2016-06-26 23:20 - 0007606 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg

    2015-06-25 11:34 - 2015-06-25 11:34 - 0000057 _____ () C:\ProgramData\Ament.ini

    2015-02-10 16:49 - 2015-02-10 16:49 - 0000000 ___HC () C:\ProgramData\DP45977C.lfl

    2016-12-17 17:47 - 2017-01-04 09:52 - 0003320 _____ () C:\ProgramData\NvTelemetryContainer.log

    2016-12-17 17:47 - 2017-01-04 09:51 - 0003320 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

     

    Some files in TEMP:

    ====================

    C:\Users\Owner\AppData\Local\Temp\libeay32.dll

    C:\Users\Owner\AppData\Local\Temp\msvcr120.dll

    C:\Users\Owner\AppData\Local\Temp\sqlite3.dll

     

     

    ==================== Bamital & volsnap ======================

     

    (There is no automatic fix for files that do not pass verification.)

     

    C:\Windows\system32\winlogon.exe => File is digitally signed

    C:\Windows\system32\wininit.exe => File is digitally signed

    C:\Windows\SysWOW64\wininit.exe => File is digitally signed

    C:\Windows\explorer.exe => File is digitally signed

    C:\Windows\SysWOW64\explorer.exe => File is digitally signed

    C:\Windows\system32\svchost.exe => File is digitally signed

    C:\Windows\SysWOW64\svchost.exe => File is digitally signed

    C:\Windows\system32\services.exe => File is digitally signed

    C:\Windows\system32\User32.dll => File is digitally signed

    C:\Windows\SysWOW64\User32.dll => File is digitally signed

    C:\Windows\system32\userinit.exe => File is digitally signed

    C:\Windows\SysWOW64\userinit.exe => File is digitally signed

    C:\Windows\system32\rpcss.dll => File is digitally signed

    C:\Windows\system32\dnsapi.dll => File is digitally signed

    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

     

    LastRegBack: 2016-12-24 13:37

     

    ==================== End of FRST.txt ============================

     

     

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017

    Ran by Owner (04-01-2017 10:29:28)

    Running from C:\Users\Owner\Desktop

    Windows 7 Professional Service Pack 1 (X64) (2015-02-19 10:08:16)

    Boot Mode: Normal

    ==========================================================

     

     

    ==================== Accounts: =============================

     

    Administrator (S-1-5-21-3090456578-2289362299-1625809071-500 - Administrator - Disabled)

    Guest (S-1-5-21-3090456578-2289362299-1625809071-501 - Limited - Disabled)

    Owner (S-1-5-21-3090456578-2289362299-1625809071-1000 - Administrator - Enabled) => C:\Users\Owner

     

    ==================== Security Center ========================

     

    (If an entry is included in the fixlist, it will be removed.)

     

    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

    AV: ESET Smart Security 9.0.408.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}

    AS: ESET Smart Security 9.0.408.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}

    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}

    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

     

    ==================== Installed Programs ======================

     

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

     

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)

    Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)

    Alienware Command Center (HKLM-x32\...\InstallShield_{5DBA5090-EAB9-4E1C-8F92-C71A1423F14C}) (Version: 3.6.4.0 - Alienware Corp.)

    Alienware Command Center (Version: 3.6.4.0 - Alienware Corp.) Hidden

    Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.33.0.10C - )

    Alienware On-Screen Display (x32 Version: 0.33.0.10C - ) Hidden

    Ansel (Version: 376.33 - NVIDIA Corporation) Hidden

    BBC iPlayer Downloads (HKLM-x32\...\{148784F3-3B6E-4DFA-B7A1-3400B277DAF3}) (Version: 1.14.2 - BBC)

    BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)

    BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden

    BlackBerry Device Software Updater (HKLM-x32\...\{E755A98B-F45F-4008-A1A5-FC4CB4D2177A}) (Version: 8.0.0.66 - Research In Motion Ltd)

    BlackBerry Device Software v7.1.0 for the BlackBerry 9900 smartphone (HKLM-x32\...\{5E68751C-4CB6-485F-B2AB-3210FADC019F}) (Version: 7.1.0.1033 (Platform 5.1.0.692) - Research In Motion Ltd.)

    CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)

    CDDRV_Installer (Version: 4.60 - Logitech) Hidden

    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)

    Dell System Detect - 1  (HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell)

    Dell System Detect (HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\73f463568823ebbe) (Version: 5.14.0.9 - Dell)

    EMSC (x32 Version: 0.0.0.25 - Compal Electronics, Inc.) Hidden

    erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden

    ESET Smart Security (HKLM\...\{C20E6525-879A-47C3-BBC4-6B8096D3F53D}) (Version: 9.0.386.0 - ESET, spol. s r.o.)

    Foxit PhantomPDF Standard (HKLM-x32\...\{EA576878-3D17-11E6-B85F-000C2992F709}) (Version: 8.0.1.628 - Foxit Software Inc.)

    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)

    Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)

    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden

    HP Button Manager (HKLM-x32\...\{465D6ACC-CAB9-40CD-ADAC-A91B071FA30E}) (Version: 3.5.00 - Hewlett-Packard)

    HP Deskjet 5520 series Basic Device Software (HKLM\...\{014A59C8-DDA5-4788-906D-1F5CBA8A583D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

    HP Deskjet 5520 series Help (HKLM-x32\...\{6346CC3B-9816-4C8F-B614-976ECEE7900F}) (Version: 27.0.0 - Hewlett Packard)

    HP Deskjet 5520 series Product Improvement Study (HKLM\...\{29E392C4-E0C3-4E96-85B6-03B8E3963310}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)

    HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)

    HP Webcam Software Suite (HKLM-x32\...\{D10FE2E3-B2DE-4B0E-ACBD-F87A566B9649}) (Version: 1.1.1.13889 - Hewlett-Packard)

    Intel® Driver Update Utility 2.5 (x32 Version: 2.5.0.22 - Intel) Hidden

    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)

    Intel® Product Improvement Program (x32 Version: 2.1.27.3 - Intel) Hidden

    Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.7.1002 - Intel Corporation)

    Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)

    Intel® Wireless Bluetooth®(patch version 19.0.1629.3590) (HKLM\...\{302600C1-6BDF-4FD1-1603-148929CC1385}) (Version: 19.0.1603.0650 - Intel Corporation)

    Intel® Driver Update Utility (HKLM-x32\...\{aa1dec3b-dc4b-4db0-8c18-9157457eff1f}) (Version: 2.5.0.22 - Intel)

    Intel® PROSet/Wireless Software (HKLM-x32\...\{bc883058-299e-461f-8e52-4f1dbb355f86}) (Version: 19.0.1 - Intel Corporation)

    Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)

    Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)

    Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)

    Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)

    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    KhalInstallWrapper (Version: 4.72.40 - Logitech) Hidden

    Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.72 - Logitech)

    Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)

    Max Registry Cleaner (HKLM\...\{8D815D9B-4DD9-437E-BFE2-E7374D3E7025}_is1) (Version: 6.0.0.065 - MaxSecure Software)

    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)

    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)

    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

    Mozilla Firefox 50.1.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-GB)) (Version: 50.1.0 - Mozilla)

    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)

    Nemo PDF To Word (HKLM-x32\...\{6CA8C09B-FA99-49FE-9664-1CE823FAD510}_is1) (Version:  - )

    NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)

    NVIDIA 3D Vision Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.33 - NVIDIA Corporation)

    NVIDIA GeForce Experience 3.2.0.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.0.96 - NVIDIA Corporation)

    NVIDIA Graphics Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation)

    NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)

    NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)

    NvNodejs (Version: 3.2.0.96 - NVIDIA Corporation) Hidden

    NvTelemetry (Version: 2.0.0.0 - NVIDIA Corporation) Hidden

    Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.23.1036 - Qualcomm Atheros) Hidden

    Qualcomm Atheros Killer E220x Drivers (Version: 1.0.23.1036 - Qualcomm Atheros) Hidden

    Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{1A258050-DBDF-48E6-B9B1-E404FF5903F7}) (Version: 1.0.23.1036 - Qualcomm Atheros)

    Qualcomm Atheros Network Manager (Version: 1.0.23.1036 - Qualcomm Atheros) Hidden

    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7260 - Realtek Semiconductor Corp.)

    Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.28134 - Realtek Semiconductor Corp.)

    Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.4.1902.0 - Seagate)

    Security Task Manager 2.1h (HKLM-x32\...\Security Task Manager) (Version: 2.1h - Neuber Software)

    SHIELD Streaming (Version: 7.1.0350 - NVIDIA Corporation) Hidden

    SHIELD Wireless Controller Driver (Version: 3.2.0.96 - NVIDIA Corporation) Hidden

    Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)

    ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.12.0040 - ST Microelectronics)

    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.8.62 - Synaptics Incorporated)

    TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)

    TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - TomTom)

    TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)

    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

    Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)

    VuRoom (HKLM-x32\...\Edison) (Version:  - )

    Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version:  - )

    Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)

    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

    WiTopia (HKLM\...\{9F59FA4D-E431-45FA-889F-EC68D998C7D2}_is1) (Version: 2.3.10.243 - WiTopia)

     

    ==================== Custom CLSID (Whitelisted): ==========================

     

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

     

     

    ==================== Scheduled Tasks (Whitelisted) =============

     

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

     

    Task: {1912DF20-8B66-416B-8086-76CD8EB5412F} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-13] (NVIDIA Corporation)

    Task: {343A192B-B2A1-47E6-9F33-7DBAA273D505} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-13] (NVIDIA Corporation)

    Task: {592B51E9-5995-472F-A68F-C9BE997620FC} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-12-13] (NVIDIA Corporation)

    Task: {5C3A7076-5954-43D0-BB8B-C31E6387E322} - System32\Tasks\{62D5BDD0-602B-4C6C-AAB8-469CB87A0460} => pcalua.exe -a C:\Users\Owner\Desktop\msicuu2.exe -d C:\Users\Owner\Desktop

    Task: {69EDFDEA-3100-400F-A125-A06D8B9D374E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-13] (NVIDIA Corporation)

    Task: {A53B5451-2821-4714-BF3A-493727BD872F} - System32\Tasks\Owner => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-04-05] (Seagate Technology LLC)

    Task: {B9DCE284-A6C9-44D7-A5CF-375A9893A187} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-13] (NVIDIA Corporation)

    Task: {C09A8DD0-C5EA-485B-A027-1B4DFA19A8A3} - System32\Tasks\Owner DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2016-04-05] (Seagate Technology LLC)

    Task: {C620F59E-C26B-47E0-AA2E-0F0B99218B5D} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-12-13] (NVIDIA Corporation)

    Task: {CA3AD195-DF4D-4625-BAFA-D31E0899C45C} - System32\Tasks\{A2C39715-CC36-4DBA-B963-4961EFD84C41} => pcalua.exe -a C:\Users\Owner\Desktop\HijackThis.exe -d C:\Users\Owner\Desktop

     

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

     

     

    ==================== Shortcuts =============================

     

    (The entries could be listed to be restored or removed.)

     

    ==================== Loaded Modules (Whitelisted) ==============

     

    2016-04-07 23:38 - 2012-12-06 19:52 - 00136704 _____ () C:\Windows\System32\zlhp2600.dll

    2016-03-09 20:43 - 2016-03-09 20:43 - 00118424 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe

    2017-01-03 11:25 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll

    2017-01-03 11:25 - 2016-12-14 12:55 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll

    2017-01-03 11:25 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll

    2016-10-07 19:25 - 2016-12-13 06:30 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll

    2016-10-07 19:25 - 2016-12-13 06:30 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll

    2016-06-24 13:03 - 2016-03-09 20:43 - 00460952 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe

    2016-06-24 13:03 - 2016-03-09 20:43 - 00709272 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll

    2016-06-24 13:03 - 2016-03-09 20:43 - 00188568 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\foreground_window_input.dll

    2016-10-07 19:25 - 2016-12-13 06:30 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

    2016-10-07 19:25 - 2016-12-13 06:30 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

    2016-10-07 19:25 - 2016-12-13 06:30 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll

    2015-11-11 03:41 - 2015-11-11 03:41 - 00756376 ____C () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

     

    ==================== Alternate Data Streams (Whitelisted) =========

     

    (If an entry is included in the fixlist, only the ADS will be removed.)

     

    AlternateDataStreams: C:\ProgramData\TEMP:430C6D84 [127]

    AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [109]

     

    ==================== Safe Mode (Whitelisted) ===================

     

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

     

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

     

    ==================== Association (Whitelisted) ===============

     

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

     

     

    ==================== Internet Explorer trusted/restricted ===============

     

    (If an entry is included in the fixlist, it will be removed from the registry.)

     

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com

    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com

    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com

    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com

    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com

    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com

    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com

    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com

    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com

    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com

    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com

    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com

    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com

    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net

    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net

    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info

    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com

    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com

    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

     

    There are 7871 more sites.

     

    IE trusted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\dell.com -> dell.com

    IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\007guard.com -> install.007guard.com

    IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\008i.com -> 008i.com

    IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\008k.com -> www.008k.com

    IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\00hq.com -> www.00hq.com

    IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\010402.com -> 010402.com

    IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

    IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\0scan.com -> www.0scan.com

    IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\1-2005-search.com -> www.1-2005-search.com

    IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com

    IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\1000gratisproben.com -> www.1000gratisproben.com

    IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\1001namen.com -> www.1001namen.com

    IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\100888290cs.com -> mir.100888290cs.com

    IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\100sexlinks.com -> www.100sexlinks.com

    IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\10sek.com -> www.10sek.com

    IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\12-26.net -> user1.12-26.net

    IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\12-27.net -> user1.12-27.net

    IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\123fporn.info -> www.123fporn.info

    IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com

    IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\123moviedownload.com -> www.123moviedownload.com

    IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\123simsen.com -> www.123simsen.com

     

    There are 7871 more sites.

     

     

    ==================== Hosts content: ==========================

     

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

     

    2009-07-14 09:34 - 2016-08-21 10:25 - 00450954 ____R C:\Windows\system32\Drivers\etc\hosts

     

    127.0.0.1                                                                                                       www.007guard.com

    127.0.0.1                                                                                                       007guard.com

    127.0.0.1                                                                                                       008i.com

    127.0.0.1                                                                                                       www.008k.com

    127.0.0.1                                                                                                       008k.com

    127.0.0.1                                                                                                       www.00hq.com

    127.0.0.1                                                                                                       00hq.com

    127.0.0.1                                                                                                       010402.com

    127.0.0.1                                                                                                       www.032439.com

    127.0.0.1                                                                                                       032439.com

    127.0.0.1                                                                                                       www.0scan.com

    127.0.0.1                                                                                                       0scan.com

    127.0.0.1                                                                                                       1000gratisproben.com

    127.0.0.1                                                                                                       www.1000gratisproben.com

    127.0.0.1                                                                                                       1001namen.com

    127.0.0.1                                                                                                       www.1001namen.com

    127.0.0.1                                                                                                       100888290cs.com

    127.0.0.1                                                                                                       www.100888290cs.com

    127.0.0.1                                                                                                       www.100sexlinks.com

    127.0.0.1                                                                                                       100sexlinks.com

    127.0.0.1                                                                                                       10sek.com

    127.0.0.1                                                                                                       www.10sek.com

    127.0.0.1                                                                                                       www.1-2005-search.com

    127.0.0.1                                                                                                       1-2005-search.com

    127.0.0.1                                                                                                       123fporn.info

    127.0.0.1                                                                                                       www.123fporn.info

    127.0.0.1                                                                                                       123haustiereundmehr.com

    127.0.0.1                                                                                                       www.123haustiereundmehr.com

    127.0.0.1                                                                                                       123moviedownload.com

    127.0.0.1                                                                                                       www.123moviedownload.com

     

    There are 15470 more lines.

     

     

    ==================== Other Areas ============================

     

    (Currently there is no automatic fix for this section.)

     

    HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

    DNS Servers: 192.168.1.254

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

    Windows Firewall is enabled.

     

    ==================== MSCONFIG/TASK MANAGER disabled items ==

     

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Button Manager.lnk => C:\Windows\pss\HP Button Manager.lnk.CommonStartup

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Killer Network Manager.lnk => C:\Windows\pss\Killer Network Manager.lnk.CommonStartup

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk => C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup

    MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup

    MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 5520 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 5520 series.lnk.Startup

    MSCONFIG\startupreg: DBAgent => "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart

    MSCONFIG\startupreg: EvtMgr6 =>

    MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

    MSCONFIG\startupreg: RCAutoLiveUpdate => C:\Program Files\Max Registry Cleaner\MaxLURC.exe -AUTO

    MSCONFIG\startupreg: RCSystemTray => C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe

    MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

    MSCONFIG\startupreg: Uploader => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe

     

    ==================== FirewallRules (Whitelisted) ===============

     

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

     

    FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe

    FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe

    FirewallRules: [{A6E61A36-FA86-4890-B2AA-CAE382FE656A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    FirewallRules: [{CD0C55D2-8338-4583-8B63-4EDFBF732150}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    FirewallRules: [{9B1B944D-9DB1-420E-BA11-5A07E7B05EB7}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

    FirewallRules: [{45BEBF8C-1A39-4C69-AF57-E0E20108F4C6}] => LPort=2869

    FirewallRules: [{E8EC789D-D8C4-480E-940F-B18A100EAE20}] => LPort=1900

    FirewallRules: [{6A81004E-DE23-4FF4-A004-1D481661BFD6}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

    FirewallRules: [{073D0EE9-FC55-456C-9AD1-D2B6C2C8542A}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

    FirewallRules: [TCP Query User{1950CD7B-5DE8-436A-9AA3-BB537FB4DCBA}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe

    FirewallRules: [UDP Query User{AB1A9DF9-53AF-406C-953F-09DEC1829156}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe

    FirewallRules: [{429AF49D-E621-4768-B7A4-0201CFD6924A}] => C:\Program Files\HP\HP Deskjet 5520 series\Bin\DeviceSetup.exe

    FirewallRules: [{337964D4-EAE7-489C-8342-BB4E8A90184F}] => C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicator.exe

    FirewallRules: [{905EEBC8-5226-4AA3-A1A3-3D1F12719587}] => C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe

    FirewallRules: [{259BF059-7259-47B7-95EB-25BC16E59DB8}] => C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe

    FirewallRules: [{0191D10C-CAA8-4192-872E-D2CC7063B7B7}] => C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe

    FirewallRules: [{A766E8A5-0A07-42BE-BCF6-EFBDF7265106}] => LPort=4481

    FirewallRules: [{90855935-7ED8-47F1-A404-AF71BE684132}] => LPort=4481

    FirewallRules: [{49F4EE23-2727-408F-A8D3-467C70A4A29B}] => LPort=4482

    FirewallRules: [{06C0F06E-B972-4E9D-A2F9-7ED75FBCEDD8}] => LPort=4482

    FirewallRules: [{EC44A7DD-22CB-4904-A371-9391E6B87C24}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    FirewallRules: [{019731B2-4FB2-4E43-B087-56E4CE8DB225}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    FirewallRules: [{4829ECFA-9670-4549-BFF3-CDA801EE625A}] => LPort=8888

    FirewallRules: [{87BF5A19-0909-4738-B061-CCAF92BA6E86}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

    FirewallRules: [{169834CD-AEBC-4179-8395-E6AB8CB6B95A}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe

    FirewallRules: [{01FC2988-6DC4-48E5-854D-0F55AE0A3687}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

    FirewallRules: [{687BF526-21D4-4A0B-B4C2-DB64783C94F9}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

    FirewallRules: [{14BBC720-D73D-45A6-8694-AECF6022151B}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

    FirewallRules: [{7EC8112C-70A2-462F-91E7-8F6E9EBF9B85}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe

    FirewallRules: [{F3E78FF9-113C-4F4E-BA07-48BA01F990DE}] => C:\Program Files (x86)\Skype\Phone\Skype.exe

    FirewallRules: [{3FF07573-5F93-4871-BE22-03BD44DDDCBC}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    FirewallRules: [{C6DF765F-9258-4736-803E-CE16D99BE296}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe

    FirewallRules: [{8F315FF8-4DFF-4257-BEF0-3D19466F1827}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe

    FirewallRules: [{904F5007-41A9-4C35-9B5B-92744DC62E25}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

    FirewallRules: [{9E586F9C-21B4-4BF0-B6F4-30778CA6418A}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

     

    ==================== Restore Points =========================

     

    31-12-2016 20:03:37 Scheduled Checkpoint

    02-01-2017 15:03:28 Norton_Power_Eraser_20170102150325338

    04-01-2017 10:12:56 JRT Pre-Junkware Removal

    04-01-2017 10:15:19 JRT Pre-Junkware Removal

     

    ==================== Faulty Device Manager Devices =============

     

    Name: Viscosity Virtual Adapter V9.1

    Description: Viscosity Virtual Adapter V9.1

    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

    Manufacturer: SparkLabs Pty Ltd

    Service: visctap0901

    Problem: : This device is disabled. (Code 22)

    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

     

     

    ==================== Event log errors: =========================

     

    Application errors:

    ==================

     

    System errors:

    =============

    Error: (01/04/2017 10:29:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

    Description: The Energy Server Service WILLAMETTE service terminated with the following error:

    %%268439557

     

    Error: (01/04/2017 10:29:24 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

    Description: The Energy Server Service WILLAMETTE service terminated with the following error:

    %%268439557

     

    Error: (01/04/2017 10:26:07 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

    Description: The Energy Server Service WILLAMETTE service terminated with the following error:

    %%268439557

     

    Error: (01/04/2017 10:25:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

    Description: The Energy Server Service WILLAMETTE service terminated with the following error:

    %%268439557

     

    Error: (01/04/2017 10:22:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

    Description: The Energy Server Service WILLAMETTE service terminated with the following error:

    %%268439557

     

    Error: (01/04/2017 10:22:33 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

    Description: The Energy Server Service WILLAMETTE service terminated with the following error:

    %%268439557

     

    Error: (01/04/2017 10:19:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

    Description: The Energy Server Service WILLAMETTE service terminated with the following error:

    %%268439557

     

    Error: (01/04/2017 10:19:09 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

    Description: The Energy Server Service WILLAMETTE service terminated with the following error:

    %%268439557

     

    Error: (01/04/2017 10:15:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

    Description: The Energy Server Service WILLAMETTE service terminated with the following error:

    %%268439557

     

    Error: (01/04/2017 10:15:45 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

    Description: The Energy Server Service WILLAMETTE service terminated with the following error:

    %%268439557

     

     

    CodeIntegrity:

    ===================================

      Date: 2017-01-04 09:52:04.746

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmaux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2017-01-04 09:52:04.730

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmaux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2017-01-04 09:51:05.245

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmaux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2017-01-04 09:51:05.229

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmaux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2017-01-04 09:50:04.682

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmaux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2017-01-04 09:50:04.650

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmaux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2017-01-04 07:06:09.758

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmaux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2017-01-04 07:06:09.738

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmaux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2017-01-03 23:45:18.334

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmaux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2017-01-03 23:45:18.314

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmaux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

     

    ==================== Memory info ===========================

     

    Processor: Intel® Core™ i7-4910MQ CPU @ 2.90GHz

    Percentage of memory in use: 12%

    Total physical RAM: 32695.06 MB

    Available physical RAM: 28604.82 MB

    Total Virtual: 65388.31 MB

    Available Virtual: 61087.4 MB

     

    ==================== Drives ================================

     

    Drive c: © (Fixed) (Total:232.79 GB) (Free:61.48 GB) NTFS

    Drive e: (DATA1) (Fixed) (Total:931.51 GB) (Free:751 GB) NTFS

    Drive f: (DATA2) (Fixed) (Total:74.4 GB) (Free:38.17 GB) NTFS

     

    ==================== MBR & Partition Table ==================

     

    ========================================================

    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BACA22BC)

    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

    Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

     

    ========================================================

    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A5B70F2B)

    Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

     

    ========================================================

    Disk: 2 (Size: 74.5 GB) (Disk ID: 66F95844)

     

    Partition: GPT.

     

    ==================== End of Addition.txt ===========================

     

     

    Vino's Event Viewer v01c run on Windows 2008 in English

    Report run at 04/01/2017 10:53:57

     

    Note: All dates below are in the format dd/mm/yyyy

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    'System' Log - Critical Type

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    'System' Log - Error Type

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Log: 'System' Date/Time: 04/01/2017 03:53:22

    Type: Error Category: 0

    Event: 7023 Source: Service Control Manager

    The event description cannot be found.

     

    Log: 'System' Date/Time: 04/01/2017 03:53:12

    Type: Error Category: 0

    Event: 7023 Source: Service Control Manager

    The event description cannot be found.

     

    Log: 'System' Date/Time: 04/01/2017 03:49:58

    Type: Error Category: 0

    Event: 7023 Source: Service Control Manager

    The event description cannot be found.

     

    Log: 'System' Date/Time: 04/01/2017 03:49:48

    Type: Error Category: 0

    Event: 7023 Source: Service Control Manager

    The event description cannot be found.

     

    Log: 'System' Date/Time: 04/01/2017 03:46:34

    Type: Error Category: 0

    Event: 7023 Source: Service Control Manager

    The event description cannot be found.

     

    Log: 'System' Date/Time: 04/01/2017 03:46:24

    Type: Error Category: 0

    Event: 7023 Source: Service Control Manager

    The event description cannot be found.

     

    Log: 'System' Date/Time: 04/01/2017 03:43:10

    Type: Error Category: 0

    Event: 7023 Source: Service Control Manager

    The event description cannot be found.

     

    Log: 'System' Date/Time: 04/01/2017 03:43:00

    Type: Error Category: 0

    Event: 7023 Source: Service Control Manager

    The event description cannot be found.

     

    Log: 'System' Date/Time: 04/01/2017 03:39:46

    Type: Error Category: 0

    Event: 7023 Source: Service Control Manager

    The event description cannot be found.

     

    Log: 'System' Date/Time: 04/01/2017 03:39:36

    Type: Error Category: 0

    Event: 7023 Source: Service Control Manager

    The event description cannot be found.

     

    Log: 'System' Date/Time: 04/01/2017 03:36:22

    Type: Error Category: 0

    Event: 7023 Source: Service Control Manager

    The event description cannot be found.

     

    Log: 'System' Date/Time: 04/01/2017 03:36:12

    Type: Error Category: 0

    Event: 7023 Source: Service Control Manager

    The event description cannot be found.

     

    Log: 'System' Date/Time: 04/01/2017 03:32:58

    Type: Error Category: 0

    Event: 7023 Source: Service Control Manager

    The event description cannot be found.

     

    Log: 'System' Date/Time: 04/01/2017 03:32:48

    Type: Error Category: 0

    Event: 7023 Source: Service Control Manager

    The event description cannot be found.

     

    Log: 'System' Date/Time: 04/01/2017 03:29:34

    Type: Error Category: 0

    Event: 7023 Source: Service Control Manager

    The event description cannot be found.

     

    Log: 'System' Date/Time: 04/01/2017 03:29:24

    Type: Error Category: 0

    Event: 7023 Source: Service Control Manager

    The event description cannot be found.

     

    Log: 'System' Date/Time: 04/01/2017 03:26:07

    Type: Error Category: 0

    Event: 7023 Source: Service Control Manager

    The event description cannot be found.

     

    Log: 'System' Date/Time: 04/01/2017 03:25:57

    Type: Error Category: 0

    Event: 7023 Source: Service Control Manager

    The event description cannot be found.

     

    Log: 'System' Date/Time: 04/01/2017 03:22:43

    Type: Error Category: 0

    Event: 7023 Source: Service Control Manager

    The event description cannot be found.

     

    Log: 'System' Date/Time: 04/01/2017 03:22:33

    Type: Error Category: 0

    Event: 7023 Source: Service Control Manager

    The event description cannot be found.

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    'System' Log - Warning Type

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Log: 'System' Date/Time: 04/01/2017 02:52:04

    Type: Warning Category: 212

    Event: 219 Source: Microsoft-Windows-Kernel-PnP

    The driver \Driver\btmaux failed to load for the device BTHENUM\{f0b2dd71-fb14-4e30-a62d-931874bf282f}_LOCALMFG&0000\8&a49ecb&0&000000000000_00000000.

     

    Log: 'System' Date/Time: 04/01/2017 02:51:05

    Type: Warning Category: 212

    Event: 219 Source: Microsoft-Windows-Kernel-PnP

    The driver \Driver\btmaux failed to load for the device BTHENUM\{f0b2dd71-fb14-4e30-a62d-931874bf282f}_LOCALMFG&0000\8&a49ecb&0&000000000000_00000000.

     

    Log: 'System' Date/Time: 04/01/2017 02:50:04

    Type: Warning Category: 212

    Event: 219 Source: Microsoft-Windows-Kernel-PnP

    The driver \Driver\btmaux failed to load for the device BTHENUM\{f0b2dd71-fb14-4e30-a62d-931874bf282f}_LOCALMFG&0000\8&a49ecb&0&000000000000_00000000.

     

    Log: 'System' Date/Time: 04/01/2017 02:11:32

    Type: Warning Category: 0

    Event: 1014 Source: Microsoft-Windows-DNS-Client

    Name resolution for the name ps1.pubnub.com timed out after none of the configured DNS servers responded.

     

    Log: 'System' Date/Time: 04/01/2017 00:49:42

    Type: Warning Category: 0

    Event: 1014 Source: Microsoft-Windows-DNS-Client

    Name resolution for the name config.connectedpdf.com timed out after none of the configured DNS servers responded.

     

    Log: 'System' Date/Time: 04/01/2017 00:46:00

    Type: Warning Category: 0

    Event: 1014 Source: Microsoft-Windows-DNS-Client

    Name resolution for the name config.connectedpdf.com timed out after none of the configured DNS servers responded.

     

    Log: 'System' Date/Time: 04/01/2017 00:07:28

    Type: Warning Category: 0

    Event: 2 Source: HidBth

    Bluetooth HID device (7c:1e:52:6f:db:8b) either went out of range or became unresponsive.

     

    Log: 'System' Date/Time: 04/01/2017 00:06:09

    Type: Warning Category: 212

    Event: 219 Source: Microsoft-Windows-Kernel-PnP

    The driver \Driver\btmaux failed to load for the device BTHENUM\{f0b2dd71-fb14-4e30-a62d-931874bf282f}_LOCALMFG&0000\8&a49ecb&0&000000000000_00000000.

     

    Log: 'System' Date/Time: 03/01/2017 17:16:42

    Type: Warning Category: 0

    Event: 2 Source: HidBth

    Bluetooth HID device (00:1f:20:14:41:a5) either went out of range or became unresponsive.

     

    Log: 'System' Date/Time: 03/01/2017 16:47:58

    Type: Warning Category: 7

    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power

    The speed of processor 6 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 39 seconds since the last report.

     

    Log: 'System' Date/Time: 03/01/2017 16:47:58

    Type: Warning Category: 7

    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power

    The speed of processor 7 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 39 seconds since the last report.

     

    Log: 'System' Date/Time: 03/01/2017 16:47:58

    Type: Warning Category: 7

    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power

    The speed of processor 5 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 39 seconds since the last report.

     

    Log: 'System' Date/Time: 03/01/2017 16:47:58

    Type: Warning Category: 7

    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power

    The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 39 seconds since the last report.

     

    Log: 'System' Date/Time: 03/01/2017 16:47:58

    Type: Warning Category: 7

    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power

    The speed of processor 4 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 39 seconds since the last report.

     

    Log: 'System' Date/Time: 03/01/2017 16:47:58

    Type: Warning Category: 7

    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power

    The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 39 seconds since the last report.

     

    Log: 'System' Date/Time: 03/01/2017 16:47:58

    Type: Warning Category: 7

    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power

    The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 39 seconds since the last report.

     

    Log: 'System' Date/Time: 03/01/2017 16:47:58

    Type: Warning Category: 7

    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power

    The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 39 seconds since the last report.

     

    Log: 'System' Date/Time: 03/01/2017 16:45:18

    Type: Warning Category: 212

    Event: 219 Source: Microsoft-Windows-Kernel-PnP

    The driver \Driver\btmaux failed to load for the device BTHENUM\{f0b2dd71-fb14-4e30-a62d-931874bf282f}_LOCALMFG&0000\8&a49ecb&0&000000000000_00000000.

     

    Log: 'System' Date/Time: 03/01/2017 07:00:44

    Type: Warning Category: 0

    Event: 2 Source: HidBth

    Bluetooth HID device (00:1f:20:14:41:a5) either went out of range or became unresponsive.

     

    Log: 'System' Date/Time: 03/01/2017 06:13:06

    Type: Warning Category: 0

    Event: 2 Source: HidBth

    Bluetooth HID device (7c:1e:52:6f:db:8b) either went out of range or became unresponsive.

     

                                                                                                                           

                                                                                                                           

     


    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,017 posts
    • MVP

    VEW logs?  Process Explorer Logs?

     

    From what I can see now you have a problem with your bluetooth software so I would try updating these:

     

    Intel® Wireless Bluetooth®(patch version 19.0.1629.3590) (HKLM\...\{302600C1-6BDF-4FD1-1603-148929CC1385}) (Version: 19.0.1603.0650 - Intel Corporation)

     

    Intel® PROSet/Wireless Software (HKLM-x32\...\{bc883058-299e-461f-8e52-4f1dbb355f86}) (Version: 19.0.1 - Intel Corporation)

     

    I don't see any malware nor any sign that bonjour is active.


    • 0

    #5
    sub101uk

    sub101uk

      Member

    • Topic Starter
    • Member
    • PipPip
    • 39 posts

    Many thanks for having a look , As for bluetooth yes I did change all the drivers over and since the Logitech mouse was getting very unstable I bought MicroSoft 5000 BlueTooth mouse but after that also went unstable but if I turned off the internet within a few minutes it was fine again ok I will reinstall Intel Proset/Wireless software but I have done this many times in the past and within a short time the problem returns again ..

     

    What I have found is the more scanning I do the more unstable the computer gets as when I do a cold boot will will only boot up in low res and maybe after about 5 - 10 boots it then comes up in high resolution  1920 x 1080 or you can just boot it in low res 1024 x 768 then up the Res to 1920 x 1080 but it will not keep high res on a cold boot . From looking at the logs I think there is also a problem with NVIDIA Graphics Drivers .

     

    What did you make of all these errors :-

     

     

    'System' Log - Warning Type

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Log: 'System' Date/Time: 04/01/2017 02:52:04

    Type: Warning Category: 212

    Event: 219 Source: Microsoft-Windows-Kernel-PnP

    The driver \Driver\btmaux failed to load for the device BTHENUM\{f0b2dd71-fb14-4e30-a62d-931874bf282f}_LOCALMFG&0000\8&a49ecb&0&000000000000_00000000.

     

    Log: 'System' Date/Time: 04/01/2017 02:51:05

    Type: Warning Category: 212

    Event: 219 Source: Microsoft-Windows-Kernel-PnP

    The driver \Driver\btmaux failed to load for the device BTHENUM\{f0b2dd71-fb14-4e30-a62d-931874bf282f}_LOCALMFG&0000\8&a49ecb&0&000000000000_00000000.

     

    Log: 'System' Date/Time: 04/01/2017 02:50:04

    Type: Warning Category: 212

    Event: 219 Source: Microsoft-Windows-Kernel-PnP

    The driver \Driver\btmaux failed to load for the device BTHENUM\{f0b2dd71-fb14-4e30-a62d-931874bf282f}_LOCALMFG&0000\8&a49ecb&0&000000000000_00000000.

     

    Log: 'System' Date/Time: 04/01/2017 02:11:32

    Type: Warning Category: 0

    Event: 1014 Source: Microsoft-Windows-DNS-Client

    Name resolution for the name ps1.pubnub.com timed out after none of the configured DNS servers responded.

     

    Log: 'System' Date/Time: 04/01/2017 00:49:42

    Type: Warning Category: 0

    Event: 1014 Source: Microsoft-Windows-DNS-Client

    Name resolution for the name config.connectedpdf.com timed out after none of the configured DNS servers responded.

     

    Log: 'System' Date/Time: 04/01/2017 00:46:00

    Type: Warning Category: 0

    Event: 1014 Source: Microsoft-Windows-DNS-Client

    Name resolution for the name config.connectedpdf.com timed out after none of the configured DNS servers responded.

     

    Log: 'System' Date/Time: 04/01/2017 00:07:28

    Type: Warning Category: 0

    Event: 2 Source: HidBth

    Bluetooth HID device (7c:1e:52:6f:db:8b) either went out of range or became unresponsive.

     

    Log: 'System' Date/Time: 04/01/2017 00:06:09

    Type: Warning Category: 212

    Event: 219 Source: Microsoft-Windows-Kernel-PnP

    The driver \Driver\btmaux failed to load for the device BTHENUM\{f0b2dd71-fb14-4e30-a62d-931874bf282f}_LOCALMFG&0000\8&a49ecb&0&000000000000_00000000.

     

    Log: 'System' Date/Time: 03/01/2017 17:16:42

    Type: Warning Category: 0

    Event: 2 Source: HidBth

    Bluetooth HID device (00:1f:20:14:41:a5) either went out of range or became unresponsive.

     

    Log: 'System' Date/Time: 03/01/2017 16:47:58

    Type: Warning Category: 7

    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power

    The speed of processor 6 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 39 seconds since the last report.

     

    Log: 'System' Date/Time: 03/01/2017 16:47:58

    Type: Warning Category: 7

    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power

    The speed of processor 7 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 39 seconds since the last report.

     

    Log: 'System' Date/Time: 03/01/2017 16:47:58

    Type: Warning Category: 7

    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power

    The speed of processor 5 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 39 seconds since the last report.

     

    Log: 'System' Date/Time: 03/01/2017 16:47:58

    Type: Warning Category: 7

    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power

    The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 39 seconds since the last report.

     

    Log: 'System' Date/Time: 03/01/2017 16:47:58

    Type: Warning Category: 7

    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power

    The speed of processor 4 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 39 seconds since the last report.

     

    Log: 'System' Date/Time: 03/01/2017 16:47:58

    Type: Warning Category: 7

    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power

    The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 39 seconds since the last report.

     

    Log: 'System' Date/Time: 03/01/2017 16:47:58

    Type: Warning Category: 7

    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power

    The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 39 seconds since the last report.

     

    Log: 'System' Date/Time: 03/01/2017 16:47:58

    Type: Warning Category: 7

    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power

    The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 39 seconds since the last report.

     

    Log: 'System' Date/Time: 03/01/2017 16:45:18

    Type: Warning Category: 212

    Event: 219 Source: Microsoft-Windows-Kernel-PnP

    The driver \Driver\btmaux failed to load for the device BTHENUM\{f0b2dd71-fb14-4e30-a62d-931874bf282f}_LOCALMFG&0000\8&a49ecb&0&000000000000_00000000.

     

    Log: 'System' Date/Time: 03/01/2017 07:00:44

    Type: Warning Category: 0

    Event: 2 Source: HidBth

    Bluetooth HID device (00:1f:20:14:41:a5) either went out of range or became unresponsive.

     

    Log: 'System' Date/Time: 03/01/2017 06:13:06

    Type: Warning Category: 0

    Event: 2 Source: HidBth

    Bluetooth HID device (7c:1e:52:6f:db:8b) either went out of range or became unresponsive.

     

    I have searched with all the software available on the internet and have found nothing , The only software that seems to show it is Max registry Cleaner .

    I am fully aware that Apple Bonj is just a harmless program by its self but with it install on your computer any one can gain access without  your IP address . Which is what is happening over here .

     

    If I am not online every is fine : Within a short time of going online things start to happen first logitech blue tooth mouse then Microsoft Blue Tooth the only way to do any thing is with the touch pad but within a short time that also goes unstable , I also have a wireless mouse that wont even work ? So I did change out all the  Intel drivers and all is fine while offline . Within a short time of going online the computer goes very unstable .

     

    Scanning with ADWCleaner I keep finding :   Chrome pref Found:  [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] - mystart.incredibar.com/mb118
    Chrome pref Found:  [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] - uk.ask.com

     

    and

     

    C:\ProgramData\Application data\SecTaskMan

    C:\ProgramData\SecTaskMan

     

    I have found these many times but cannot see them on the log File very strange ? Any way if I cannot sort this problem out the only thing left to do is do a clean install I need to replace C drive any way so now could be a good time .

     

    Thanks again

     


    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,017 posts
    • MVP

    Still waiting on the process explorer log and on VEW Applications log.

     

    Let's also get a Speccy log:

     

    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
    Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
    File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
    (It will be near the top about 10 lines down.) Save the file.  Attach the file to your next post.  (More Reply Options, Choose File, Open, Attach This File)

    • 0

    #7
    sub101uk

    sub101uk

      Member

    • Topic Starter
    • Member
    • PipPip
    • 39 posts

    All ok on the Speccy log yes I will try any thing to try to get to the bottom of this , I will also send Malwarebytes a email letting them know that there software has been compromised I am just using there Malwarebytes Premium 3.0.5 Trial version but I would think that the paid version would be the same . 

     

    Are you sure this is not some type of key logger from reading key loggers are not aggressive but this is very aggressive as any attempt to scan it screws up things on the computer , All the intel drivers have been changed out regarding Blue tooth and wireless mouse problems same goes for the  NVIDIA software .

     

    Regarding my thoughts on a Key Logger if I scan the computer first thing in the morning with the Max Registry Cleaner you see Apple Bonj with 2 records in Windows Application Log if I scan again a few hours later the records have gone up I dont know what Windows Application Log is logging ?

     

    I have down loaded + scanned with Speccy and removed my Serial Number so all is ready to go . I will let you know what feed back I get from Malwarebytes since what ever is on my computer has rendered there software useless .

    Attached Thumbnails

    • Apple Bonj +Windows Application Log.JPG

    Attached Files


    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,017 posts
    • MVP

    Max is just flagging an empty registry entry.  Have you tried going into regedit and looking at the location?  I don't see any apple software installed so you should be able to delete the Apple, Inc key.  If it won't delete there may be pernission problem.  

     

    Still don't see a Process Explorer log.

     

    Get Process Explorer

     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
     
     

    Speccy says Hard drives are good and you are getting updates.  For a desktop it's running a tad hot.  Would not hurt to open it up and make sure the heatsinks, vents and fans are not clogged with dust.  It's OK to remove fans to get to the heatsink (make sure you put them back pointing the same way) but do not remove the heatsink as you will then need to renew the thermal paste.  Don't forget to check your video card heatsinks.  I use a vacuum cleaner hose and a small brush.  Also check the power supply fan.

     

    Let's look at the event logs again now that you have updated the intel drivers::

     

     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
     
     
    2. Right-click VEW.exe and Run As Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
     

     

      Let's look at your connections.  Get 

      tcpview.  http://live.sysinter...com/Tcpview.exe Download, Save and then run it by right clicking and Run As Admin.

    Close all browsers and wait at least 60 seconds then
    Then File, Save As (to your desktop), tcp , OK.  This should createa  file tcp.txt on your desktop.  Attach or copy and paste it to a reply.

    • 0

    #9
    sub101uk

    sub101uk

      Member

    • Topic Starter
    • Member
    • PipPip
    • 39 posts

    Ok seems the whole body of my last message has gone ?

     

    Since this is the case I will reply in separate parts I will attach the TCP log and resend all the other parts .

     

    [System Process]    0    TCP    owner-pc    58341    203.113.80.54    https    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58345    203.113.80.23    https    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58346    203.113.80.23    https    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58343    203.113.80.23    https    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58351    203.113.80.21    https    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58352    203.113.80.58    https    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58353    203.113.80.58    https    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58355    203.113.80.20    https    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58357    203.113.80.55    https    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58358    203.113.80.55    https    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58360    ec2-54-213-123-171.us-west-2.compute.amazonaws.com    https    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58349    203.113.80.23    http    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58380    203.113.80.58    https    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58378    sa-in-f157.1e100.net    https    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58368    104.19.193.102    http    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58374    192.0.73.2    http    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58376    kul06s11-in-f10.1e100.net    http    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58377    192.0.73.2    http    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58379    203.113.80.58    https    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58382    203.113.80.52    http    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58383    203.113.80.52    http    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58387    i1.wp.com    http    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58388    kul01s10-in-f45.1e100.net    https    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58393    104.28.14.88    http    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58340    203.113.80.54    https    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58342    203.113.80.23    http    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58344    203.113.80.23    https    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58347    203.113.80.23    http    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58348    203.113.80.23    http    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58350    203.113.80.21    https    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58354    203.113.80.20    https    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58361    104.28.29.94    http    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    58385    sa-in-f157.1e100.net    https    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    icslap    192.168.1.254    52481    TIME_WAIT                                        
    AlienwareAlienFXController.exe    4568    TCP    Owner-PC    49164    Owner-PC    0    LISTENING                                        
    AlienwareTactXMacroController.exe    5636    TCP    Owner-PC    49166    Owner-PC    0    LISTENING                                        
    AlienwareTactXMacroController.exe    5636    TCP    Owner-PC    49168    Owner-PC    0    LISTENING                                        
    AWCCServiceController.exe    4368    TCP    Owner-PC    45520    Owner-PC    0    LISTENING                                        
    devmonsrv.exe    3904    TCP    Owner-PC    printer    Owner-PC    0    LISTENING                                        
    ekrn.exe    624    UDP    Owner-PC    53302    *    *                                            
    ekrn.exe    624    UDP    Owner-PC    62415    *    *                                            
    esrv.exe    5784    TCP    Owner-PC    49351    Owner-PC    0    LISTENING                                        
    esrv_svc.exe    7068    TCP    Owner-PC    49350    Owner-PC    0    LISTENING                                        
    FoxitConnectedPDFService.exe    2144    TCP    Owner-PC    44440    Owner-PC    0    LISTENING                                        
    Jhi_service.exe    1212    TCPV6    [0:0:0:0:0:0:0:1]    49178    owner-pc    0    LISTENING                                        
    KillerService.exe    2676    TCP    Owner-PC    7790    Owner-PC    0    LISTENING                                        
    lsass.exe    836    TCP    Owner-PC    49157    Owner-PC    0    LISTENING                                        
    lsass.exe    836    TCPV6    owner-pc    49157    owner-pc    0    LISTENING                                        
    MBAMService.exe    3920    TCP    Owner-PC    43227    Owner-PC    0    LISTENING                                        
    MBAMService.exe    3920    TCP    owner-pc    58299    ec2-54-191-148-23.us-west-2.compute.amazonaws.com    https    CLOSE_WAIT                                        
    MobileService.exe    2412    TCP    Owner-PC    8888    Owner-PC    0    LISTENING                                        
    nvcontainer.exe    2440    TCP    Owner-PC    49184    localhost    65001    ESTABLISHED                                        
    nvcontainer.exe    2440    TCP    Owner-PC    65000    Owner-PC    0    LISTENING                                        
    nvcontainer.exe    2440    TCP    Owner-PC    65001    localhost    49184    ESTABLISHED                                        
    nvcontainer.exe    2440    TCP    Owner-PC    65001    Owner-PC    0    LISTENING                                        
    nvcontainer.exe    2440    UDP    owner-pc    5353    *    *                                            
    nvcontainer.exe    2440    UDP    Owner-PC    49152    *    *                                            
    nvcontainer.exe    2440    UDP    Owner-PC    49153    *    *                                            
    nvcontainer.exe    2732    UDP    Owner-PC    49154    *    *                                            
    nvcontainer.exe    2732    UDP    Owner-PC    49155    *    *                                            
    nvcontainer.exe    2440    UDP    Owner-PC    49164    *    *                                            
    nvcontainer.exe    2440    UDP    Owner-PC    65000    *    *                                            
    nvcontainer.exe    2440    UDPV6    [0:0:0:0:0:0:0:1]    5353    *    *                                            
    nvcontainer.exe    2440    UDPV6    owner-pc    49165    *    *                                            
    NVIDIA Web Helper.exe    6632    TCP    Owner-PC    49183    Owner-PC    0    LISTENING                                        
    NVIDIA Web Helper.exe    6632    UDP    Owner-PC    48201    *    *                                            
    NVIDIA Web Helper.exe    6632    UDP    Owner-PC    49160    *    *                                            
    NVIDIA Web Helper.exe    6632    UDP    Owner-PC    49161    *    *                                            
    NVIDIA Web Helper.exe    6632    UDP    Owner-PC    49162    *    *                                            
    NVIDIA Web Helper.exe    6632    UDP    Owner-PC    49163    *    *                                            
    Seagate.Dashboard.Uploader.exe    5292    TCP    Owner-PC    49160    Owner-PC    0    LISTENING                                        
    Seagate.Dashboard.Uploader.exe    5292    TCP    owner-pc    58326    edge-star-mini-shv-01-sit4.facebook.com    https    CLOSE_WAIT                                        
    services.exe    796    TCP    Owner-PC    49159    Owner-PC    0    LISTENING                                        
    services.exe    796    TCPV6    owner-pc    49159    owner-pc    0    LISTENING                                        
    svchost.exe    780    TCP    Owner-PC    epmap    Owner-PC    0    LISTENING                                        
    svchost.exe    916    TCP    Owner-PC    49153    Owner-PC    0    LISTENING                                        
    svchost.exe    1040    TCP    Owner-PC    49154    Owner-PC    0    LISTENING                                        
    svchost.exe    1040    UDP    Owner-PC    isakmp    *    *                                            
    svchost.exe    5720    UDP    Owner-PC    ssdp    *    *                                            
    svchost.exe    5720    UDP    owner-pc    ssdp    *    *                                            
    svchost.exe    1040    UDP    Owner-PC    ipsec-msft    *    *                                            
    svchost.exe    1580    UDP    Owner-PC    llmnr    *    *                                            
    svchost.exe    5720    UDP    owner-pc    55262    *    *                                            
    svchost.exe    5720    UDP    Owner-PC    55263    *    *                                            
    svchost.exe    780    TCPV6    owner-pc    epmap    owner-pc    0    LISTENING                                        
    svchost.exe    916    TCPV6    owner-pc    49153    owner-pc    0    LISTENING                                        
    svchost.exe    1040    TCPV6    owner-pc    49154    owner-pc    0    LISTENING                                        
    svchost.exe    1040    UDPV6    owner-pc    500    *    *                                            
    svchost.exe    5720    UDPV6    [0:0:0:0:0:0:0:1]    1900    *    *                                            
    svchost.exe    5720    UDPV6    owner-pc    1900    *    *                                            
    svchost.exe    1040    UDPV6    owner-pc    4500    *    *                                            
    svchost.exe    1580    UDPV6    owner-pc    5355    *    *                                            
    svchost.exe    5720    UDPV6    owner-pc    55260    *    *                                            
    svchost.exe    5720    UDPV6    [0:0:0:0:0:0:0:1]    55261    *    *                                            
    svchost.exe    916    UDPV6    owner-pc    546    *    *                                            
    svchost.exe    916    UDP    Owner-PC    bootpc    *    *                                            
    System    4    TCP    owner-pc    netbios-ssn    Owner-PC    0    LISTENING                                        
    System    4    TCP    Owner-PC    microsoft-ds    Owner-PC    0    LISTENING                                        
    System    4    TCP    Owner-PC    icslap    Owner-PC    0    LISTENING                                        
    System    4    UDP    owner-pc    netbios-ns    *    *                                            
    System    4    UDP    owner-pc    netbios-dgm    *    *                                            
    System    4    TCPV6    owner-pc    microsoft-ds    owner-pc    0    LISTENING                                        
    System    4    TCPV6    owner-pc    icslap    owner-pc    0    LISTENING                                        
    TeamViewer_Service.exe    3264    TCP    Owner-PC    5939    Owner-PC    0    LISTENING                                        
    TeamViewer_Service.exe    3264    UDP    Owner-PC    5353    *    *                                            
    TeamViewer_Service.exe    3264    UDP    Owner-PC    49156    *    *                                            
    TeamViewer_Service.exe    3264    UDPV6    owner-pc    49157    *    *                                            
    wininit.exe    720    TCP    Owner-PC    49152    Owner-PC    0    LISTENING                                        
    wininit.exe    720    TCPV6    owner-pc    49152    owner-pc    0    LISTENING                                        
     


    • 0

    #10
    sub101uk

    sub101uk

      Member

    • Topic Starter
    • Member
    • PipPip
    • 39 posts

    Ok here is the Processor Log .

     

    Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
    System Idle Process    92.79    0 K    24 K    0            
    procexp(1)64.exe    1.17    47,644 K    59,316 K    7484    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
    IAStorDataMgrSvc.exe    1.09    42,052 K    51,780 K    2900    IAStorDataSvc    Intel Corporation    (Verified) Intel Corporation - Intel® Rapid Storage Technology
    Tcpview.exe    1.08    13,264 K    26,844 K    8332    TCP/UDP endpoint viewer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
    procexp(1)64.exe    0.82    19,452 K    32,820 K    2424    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
    sidebar.exe    0.82    66,808 K    75,120 K    5248    Windows Desktop Gadgets    Microsoft Corporation    (Verified) Microsoft Windows
    KillerService.exe    0.36    8,696 K    13,212 K    2676    Qualcomm Atheros Killer Network Service    Qualcomm Atheros    (No signature was present in the subject) Qualcomm Atheros
    Interrupts    0.30    0 K    0 K    n/a    Hardware Interrupts and DPCs        
    firefox.exe    0.27    221,072 K    236,856 K    8968    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
    svchost.exe    0.25    7,192 K    13,248 K    400    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    dwm.exe    0.20    88,000 K    58,828 K    2632    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
    firefox.exe    0.15    182,616 K    195,188 K    9064    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
    ArcCon.ac    0.14    8,232 K    13,168 K    5840    ArcSoft Connect Notifier    ArcSoft Inc.    (Verified) ArcSoft
    MBAMService.exe    0.13    343,792 K    365,140 K    3920    Malwarebytes Service    Malwarebytes    (Verified) Malwarebytes Corporation
    System    0.10    392 K    14,108 K    4            
    NVIDIA Web Helper.exe    0.08    25,896 K    33,416 K    6632    NVIDIA Web Helper Service    Node.js    (Verified) NVIDIA Corporation
    nvcontainer.exe    0.06    10,944 K    22,004 K    2732    NVIDIA Container    NVIDIA Corporation    (Verified) NVIDIA Corporation
    nvcontainer.exe    0.03    10,088 K    23,492 K    2440    NVIDIA Container    NVIDIA Corporation    (Verified) NVIDIA Corporation
    MaxRegistryCleaner.exe    0.02    20,504 K    35,276 K    7544    Max Secure Software Registry Cleaner    Max Secure Software    (Verified) Max Secure Software India Pvt. Ltd.
    csrss.exe    0.02    4,312 K    13,132 K    732    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe    0.01    54,736 K    73,960 K    1040    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    explorer.exe    0.01    56,976 K    92,200 K    3016    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
    RIconMan.exe    0.01    2,952 K    6,984 K    2272    Realtek Card Reader Patch Tool.    Realsil Microelectronics Inc.    (Verified) Realtek Semiconductor Corp
    FoxitConnectedPDFService.exe    0.01    12,024 K    20,792 K    2144    Foxit PhantomPDF ConnectedPDF Windows Service.    Foxit Software Inc.    (Verified) Foxit Software Incorporated
    AlienwareAlienFXController.exe    0.01    43,108 K    57,200 K    4568    Alienware AlienFX Controller    Alienware    (Verified) Dell Inc.
    svchost.exe    0.01    17,140 K    27,012 K    432    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe    0.01    28,544 K    26,364 K    916    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    iusb3mon.exe    < 0.01    2,404 K    6,308 K    5436    iusb3mon    Intel Corporation    (Verified) Intel Corporation - Software and Firmware Products
    TeamViewer_Service.exe    < 0.01    5,584 K    15,824 K    3264    TeamViewer 12    TeamViewer GmbH    (Verified) TeamViewer GmbH
    esrv.exe    < 0.01    33,652 K    37,812 K    5784    Intel® System Usage Report        (Verified) Intel® Software Development Products
    taskhost.exe    < 0.01    15,184 K    16,948 K    2936    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
    lsass.exe    < 0.01    8,084 K    16,120 K    836    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
    egui.exe    < 0.01    26,684 K    41,588 K    3128    ESET Main GUI    ESET    (Verified) ESET
    ZeroConfigService.exe    < 0.01    6,672 K    15,232 K    3424    Intel® PROSet/Wireless Zero Configure Service    Intel® Corporation    (Verified) Intel Corporation-Wireless Connectivity Solutions
    wlanext.exe    < 0.01    7,872 K    17,752 K    1680    Windows Wireless LAN 802.11 Extensibility Framework    Microsoft Corporation    (Verified) Microsoft Windows
    EvtEng.exe    < 0.01    8,264 K    14,848 K    2012    Intel® PROSet/Wireless Event Log Service    Intel® Corporation    (Verified) Intel Corporation-Wireless Connectivity Solutions
    MobileService.exe    < 0.01    29,512 K    38,488 K    2412    Seagate Dashboard    Seagate Technology LLC    (Verified) Seagate Technology LLC
    Seagate.Dashboard.Uploader.exe    < 0.01    30,280 K    45,328 K    5292    Seagate Dashboard    Seagate Technology LLC    (Verified) Seagate Technology LLC
    svchost.exe    < 0.01    48,440 K    51,828 K    1580    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    ekrn.exe    < 0.01    205,984 K    223,376 K    624    ESET Service    ESET    (Verified) ESET
    MaxRCSystemTray.exe    < 0.01    4,180 K    10,120 K    5136    Max Secure Software RCSystemTray    Max Secure Software    (Verified) Max Secure Software India Pvt. Ltd.
    conhost.exe    < 0.01    2,056 K    4,484 K    5164    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
    SurSvc.exe    < 0.01    84,172 K    94,736 K    3068    Intel® System Usage Report        (Verified) Intel® Software Development Products
    esrv_svc.exe    < 0.01    66,172 K    71,868 K    7068    Intel® System Usage Report        (Verified) Intel® Software Development Products
    wmpnetwk.exe    < 0.01    5,756 K    7,040 K    8856    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe    < 0.01    19,136 K    30,636 K    976    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    SearchIndexer.exe    < 0.01    54,596 K    44,736 K    4612    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
    AlienwareTactXMacroController.exe    < 0.01    35,364 K    41,988 K    5636    AlienLabs.Keypad.Controller    Alienware    (Verified) Dell Inc.
    csrss.exe    < 0.01    3,428 K    5,740 K    576    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
    firefox.exe    < 0.01    11,596 K    14,320 K    7072    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
    svchost.exe    < 0.01    6,836 K    13,524 K    5720    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    SynTPEnh.exe    < 0.01    10,892 K    14,828 K    4660    Synaptics TouchPad Enhancements    Synaptics Incorporated    (Verified) Synaptics Incorporated
    WmiPrvSE.exe    < 0.01    13,300 K    21,292 K    3936    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
    AWCCServiceController.exe    < 0.01    47,584 K    54,868 K    4368    Remoting Service Controller    Alienware    (Verified) Dell Inc.
    WmiPrvSE.exe        18,608 K    27,124 K    3872    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
    WLIDSVCM.EXE        2,056 K    4,292 K    3416    Microsoft® Windows Live ID Service Monitor    Microsoft Corp.    (Verified) Microsoft Corporation
    WLIDSVC.EXE        5,496 K    12,304 K    4028    Microsoft® Windows Live ID Service    Microsoft Corp.    (Verified) Microsoft Corporation
    WiTopiaService.exe        25,280 K    22,900 K    3700    WiTopiaService    SparkLabs    (Verified) SparkLabs Pty Ltd
    winlogon.exe        3,956 K    8,556 K    1004    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
    wininit.exe        2,084 K    5,136 K    720    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
    unsecapp.exe        2,444 K    6,104 K    3840    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
    uCamMonitor.exe        2,276 K    5,520 K    3472    CamMonitor    ArcSoft, Inc.    (Verified) ArcSoft
    TomTomHOMEService.exe        1,304 K    3,496 K    3408    Windows Service for TomTom HOME    TomTom    (Verified) TomTom International BV
    SynTPHelper.exe        2,344 K    4,628 K    2864    Synaptics Pointing Device Helper    Synaptics Incorporated    (Verified) Synaptics Incorporated
    svchost.exe        54,196 K    35,232 K    4100    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        9,624 K    13,984 K    780    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        2,352 K    6,240 K    2640    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        2,896 K    7,532 K    7160    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        11,964 K    17,160 K    1832    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        3,104 K    6,752 K    4936    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        4,724 K    9,124 K    1184    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        2,368 K    5,900 K    4740    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        6,620 K    12,348 K    1560    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    spoolsv.exe        11,084 K    18,304 K    1788    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
    smss.exe        736 K    1,448 K    380    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
    services.exe        7,992 K    14,716 K    796    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
    Seagate.Dashboard.DASWindowsService.exe        28,636 K    38,468 K    2228    Seagate Dashboard    Seagate Technology LLC    (Verified) Seagate Technology LLC
    rundll32.exe        4,836 K    14,332 K    4260    Windows host process (Rundll32)    Microsoft Corporation    (Verified) Microsoft Windows
    RtkNGUI64.exe        14,684 K    11,976 K    3624    Realtek HD Audio Manager    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
    RtkAudioService64.exe        2,656 K    6,108 K    1340    Realtek Audio Service    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
    RegSrvc.exe        2,384 K    7,516 K    2168    Intel® PROSet/Wireless Registry Service    Intel® Corporation    (Verified) Intel Corporation-Wireless Connectivity Solutions
    RCVistaService.exe        5,388 K    10,032 K    2700    Max Secure Software RC Vista Service for Registry Cleaner    Max Secure Software    (Verified) Max Secure Software India Pvt. Ltd.
    RAVBg64.exe        15,492 K    12,144 K    1432    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
    RAVBg64.exe        16,136 K    12,912 K    1508    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
    RAVBg64.exe        16,132 K    12,984 K    1400    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
    RAVBg64.exe        15,544 K    12,316 K    4520    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
    procexp(1).exe        2,628 K    7,980 K    8752    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
    procexp(1).exe        2,644 K    6,484 K    3636    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
    obexsrv.exe        3,604 K    7,940 K    5364    Bluetooth OBEX Service    Motorola Solutions, Inc.    (Verified) Motorola Solutions Inc.
    nvwirelesscontroller.exe        2,840 K    7,576 K    2500    NVIDIA Wireless Controller Service    NVIDIA Corporation    (Verified) NVIDIA Corporation
    mediasrv.exe        5,860 K    9,952 K    6048    Bluetooth Media Service    Motorola Solutions, Inc.    (Verified) Motorola Solutions Inc.
    mbamtray.exe        19,044 K    28,588 K    4484    Malwarebytes Tray Application    Malwarebytes    (Verified) Malwarebytes Corporation
    lsm.exe        3,440 K    5,400 K    844    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
    LBTWiz.exe        3,884 K    7,580 K    4208    Bluetooth Services    Logitech Inc.    (Verified) Logitech
    LBTServ.exe        2,628 K    5,900 K    1312    Logitech Bluetooth Service    Logitech, Inc.    (Verified) Logitech
    Jhi_service.exe        1,800 K    5,268 K    1212    Intel® Dynamic Application Loader Host Interface    Intel Corporation    (Verified) Intel Corporation - Intel® Management Engine Firmware
    ibtsiva.exe        1,888 K    4,884 K    2212    Intel® Wireless Bluetooth® iBtSiva Service    Intel Corporation    (Verified) Intel Corporation-Wireless Connectivity Solutions
    IAStorIcon.exe        24,812 K    33,148 K    6148    IAStorIcon    Intel Corporation    (Verified) Intel Corporation - Intel® Rapid Storage Technology
    HeciServer.exe        2,668 K    6,676 K    2388    Intel® Capability Licensing Service Interface    Intel® Corporation    (No signature was present in the subject) Intel® Corporation
    GoogleUpdate.exe        2,404 K    3,368 K    1412    Google Installer    Google Inc.    (Verified) Google Inc
    devmonsrv.exe        4,088 K    8,888 K    3904    Bluetooth Device Monitor    Motorola Solutions, Inc.    (Verified) Motorola Solutions Inc.
    conhost.exe        2,596 K    5,888 K    6188    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
    conhost.exe        1,468 K    3,416 K    1688    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
    conhost.exe        2,040 K    4,392 K    5888    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
    conhost.exe        2,040 K    4,376 K    5944    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
    AWCCApplicationWatcher64.exe        9,968 K    10,004 K    5876    Hook64 Manager    Alienware    (Verified) Dell Inc.
    AWCCApplicationWatcher32.exe        5,172 K    7,692 K    5792    Hook32 Manager    Alienware    (Verified) Dell Inc.
    armsvc.exe        1,340 K    4,252 K    1996    Adobe Acrobat Update Service    Adobe Systems Incorporated    (Verified) Adobe Systems
    AlienwareOn-ScreenDisplay.exe        7,536 K    17,380 K    5680    Alienware On-Screen Display        (Verified) Compal Electronics
    AlienFusionService.exe        25,300 K    27,544 K    4188    AlienFusionService    Alienware    (Verified) Dell Inc.
    AlienFusionController.exe        10,692 K    14,868 K    5800    AlienFusionController    Alienware    (Verified) Dell Inc.
    AERTSr64.exe        1,972 K    3,808 K    1140    Andrea filters APO access service (64-bit)    Andrea Electronics Corporation    (Verified) Andrea Electronics
    ACService.exe        1,680 K    4,492 K    1936    ArcSoft Connect Service    ArcSoft Inc.    (Verified) ArcSoft
    ACDaemon.exe        4,280 K    9,000 K    5728    ArcSoft Connect Daemon    ArcSoft Inc.    (Verified) ArcSoft
     

     

    End of file I better send this before it goes again .


    • 0

    Advertisements


    #11
    sub101uk

    sub101uk

      Member

    • Topic Starter
    • Member
    • PipPip
    • 39 posts

    Found the Apple File with Regedit and deleted it , But it seems to have left some other files behide are these safe to delete ? Well is this the end I wonder ?

     

    Thanks very much for all your help I hope this is the end of the attacks and I can start getting some work done again .

     

    Cheers

     

     

     

     

    Attached Thumbnails

    • Wow After Apple.JPG
    • Apple.JPG

    • 0

    #12
    sub101uk

    sub101uk

      Member

    • Topic Starter
    • Member
    • PipPip
    • 39 posts

    Well I thought things where going nice and straight forward but it would seem you can delete the Apple file but as soon as you do a reboot its there again any ideas how to remove it for for good ?

     

    The file seems to be in 2 places on the registry , Software and Wow6432Node whats the best way to  permanently remove the 2 entries .

     

    Many Thanks

    Attached Thumbnails

    • Apple Bonj twice  on Registry.JPG

    • 0

    #13
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,017 posts
    • MVP

    Before I forget you should disable Windows Sidebar:  It's a security hole:

     

    https://technet.micr...ty/2719662.aspx

     

    I assume you installed TeamViewer?  This is Remote Control Software so if not installed with a good password it can be hacked and give a hicker control of your PC.

     

    You have several old versions of Java installed.  These should be removed as they are a security risk.  In fact, unless you have a real use for Java it should be removed completely.

     

    Process Explore does not show any strange programs and Tcpview does not show any strange connections with the browser closed.  Open your browser to just your home page and wait 60 seconds then make a new tcpview log and post it.

     
     

     

    Since there is nothing but Bonjour under Apple you can remove Apple, Inc anywhere it appears in the registry.  Looks to me like you are barking up the wrong tree but until Bonjour goes away completely you are not going to believe it.

     

    Run FRST and

     

    put apple

     

    in the search box and then hit Search Registry.  That will take a few minutes then it should give you a file.  Please post that.  

     

    Now repeat the above but press Search Files.  Post that log too.

     

     

    I would attempt to update  Intel® Rapid Storage Technology

     

    https://downloadcent...logy-Intel-RST-

     

    You are running version 12 which seems to be using too much CPU time and they are up to 15.

     

    https://downloadcent...logy-Intel-RST-


    • 0

    #14
    sub101uk

    sub101uk

      Member

    • Topic Starter
    • Member
    • PipPip
    • 39 posts

    Ok I have removed Teamviewer and all the old Java programs , I have found with RegEdit  2 Apple Bonj files both are loaded with files so I still think whoever was linking into me was using Apple Bonjour . But how do I permanently remove the Apple file , I can high Light both Apple Bonjour files but one goes and the other returns .

     

    [System Process]    0    TCP    owner-pc    51527    ec2-54-250-252-60.ap-northeast-1.compute.amazonaws.com    https    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    51808    ec2-54-249-82-176.ap-northeast-1.compute.amazonaws.com    https    TIME_WAIT                                        
    [System Process]    0    TCP    owner-pc    51810    dfw06s49-in-f131.1e100.net    https    TIME_WAIT                                        
    AlienwareAlienFXController.exe    4844    TCP    Owner-PC    49166    Owner-PC    0    LISTENING                                        
    AlienwareTactXMacroController.exe    5500    TCP    Owner-PC    49164    Owner-PC    0    LISTENING                                        
    AlienwareTactXMacroController.exe    5500    TCP    Owner-PC    49168    Owner-PC    0    LISTENING                                        
    AWCCServiceController.exe    3316    TCP    Owner-PC    45520    Owner-PC    0    LISTENING                                        
    chrome.exe    4432    UDP    Owner-PC    5353    *    *                                            
    chrome.exe    4432    UDP    Owner-PC    5353    *    *                                            
    chrome.exe    4432    UDPV6    owner-pc    5353    *    *                                            
    chrome.exe    4432    TCP    owner-pc    51798    sc-in-f188.1e100.net    5228    ESTABLISHED                                        
    chrome.exe    4432    TCP    owner-pc    51806    ec2-54-249-82-176.ap-northeast-1.compute.amazonaws.com    https    ESTABLISHED                                        
    chrome.exe    4432    TCP    owner-pc    51807    ec2-54-249-82-176.ap-northeast-1.compute.amazonaws.com    https    CLOSE_WAIT                                        
    devmonsrv.exe    5572    TCP    Owner-PC    printer    Owner-PC    0    LISTENING                                        
    ekrn.exe    632    UDP    Owner-PC    50462    *    *                                            
    esrv.exe    6948    TCP    Owner-PC    49351    Owner-PC    0    LISTENING                                        
    esrv_svc.exe    3492    TCP    Owner-PC    49350    Owner-PC    0    LISTENING                                        
    firefox.exe    7376    TCP    Owner-PC    49349    localhost    49352    ESTABLISHED                                        
    firefox.exe    7376    TCP    Owner-PC    49352    localhost    49349    ESTABLISHED                                        
    firefox.exe    6036    TCP    Owner-PC    49353    localhost    49354    ESTABLISHED                                        
    firefox.exe    6036    TCP    Owner-PC    49354    localhost    49353    ESTABLISHED                                        
    firefox.exe    7376    TCP    owner-pc    51363    wj-in-f189.1e100.net    https    ESTABLISHED                                        
    firefox.exe    7376    TCP    owner-pc    51805    203.113.80.20    https    ESTABLISHED                                        
    firefox.exe    7376    TCP    owner-pc    51809    dfw06s49-in-f131.1e100.net    https    ESTABLISHED                                        
    firefox.exe    7376    TCP    owner-pc    51811    kul06s14-in-f5.1e100.net    https    ESTABLISHED                                        
    FoxitConnectedPDFService.exe    2152    TCP    Owner-PC    44440    Owner-PC    0    LISTENING                                        
    Jhi_service.exe    1472    TCPV6    [0:0:0:0:0:0:0:1]    49171    owner-pc    0    LISTENING                                        
    KillerService.exe    2696    TCP    Owner-PC    7790    Owner-PC    0    LISTENING                                        
    lsass.exe    784    TCP    Owner-PC    49158    Owner-PC    0    LISTENING                                        
    lsass.exe    784    TCPV6    owner-pc    49158    owner-pc    0    LISTENING                                        
    MBAMService.exe    4216    TCP    Owner-PC    43227    Owner-PC    0    LISTENING                                        
    MBAMService.exe    4216    TCP    owner-pc    50231    ec2-54-191-148-23.us-west-2.compute.amazonaws.com    https    CLOSE_WAIT                                        
    MobileService.exe    3260    TCP    Owner-PC    8888    Owner-PC    0    LISTENING                                        
    nvcontainer.exe    2464    TCP    Owner-PC    49177    localhost    65001    ESTABLISHED                                        
    nvcontainer.exe    2464    TCP    Owner-PC    65000    Owner-PC    0    LISTENING                                        
    nvcontainer.exe    2464    TCP    Owner-PC    65001    localhost    49177    ESTABLISHED                                        
    nvcontainer.exe    2464    TCP    Owner-PC    65001    Owner-PC    0    LISTENING                                        
    nvcontainer.exe    2464    UDP    owner-pc    5353    *    *                                            
    nvcontainer.exe    2464    UDP    Owner-PC    49152    *    *                                            
    nvcontainer.exe    2464    UDP    Owner-PC    49153    *    *                                            
    nvcontainer.exe    1684    UDP    Owner-PC    49154    *    *                                            
    nvcontainer.exe    1684    UDP    Owner-PC    49155    *    *                                            
    nvcontainer.exe    2464    UDP    Owner-PC    49164    *    *                                            
    nvcontainer.exe    2464    UDP    Owner-PC    65000    *    *                                            
    nvcontainer.exe    2464    UDPV6    [0:0:0:0:0:0:0:1]    5353    *    *                                            
    nvcontainer.exe    2464    UDPV6    owner-pc    49165    *    *                                            
    NVIDIA Web Helper.exe    5400    TCP    Owner-PC    49176    Owner-PC    0    LISTENING                                        
    NVIDIA Web Helper.exe    5400    UDP    Owner-PC    48201    *    *                                            
    NVIDIA Web Helper.exe    5400    UDP    Owner-PC    49160    *    *                                            
    NVIDIA Web Helper.exe    5400    UDP    Owner-PC    49161    *    *                                            
    NVIDIA Web Helper.exe    5400    UDP    Owner-PC    49162    *    *                                            
    NVIDIA Web Helper.exe    5400    UDP    Owner-PC    49163    *    *                                            
    Seagate.Dashboard.Uploader.exe    5180    TCP    Owner-PC    49160    Owner-PC    0    LISTENING                                        
    services.exe    776    TCP    Owner-PC    49159    Owner-PC    0    LISTENING                                        
    services.exe    776    TCPV6    owner-pc    49159    owner-pc    0    LISTENING                                        
    Skype.exe    6732    TCP    Owner-PC    http    Owner-PC    0    LISTENING                                        
    Skype.exe    6732    TCP    Owner-PC    https    Owner-PC    0    LISTENING                                        
    Skype.exe    6732    TCP    owner-pc    49489    23.99.201.39    https    ESTABLISHED                                        
    Skype.exe    6732    TCP    owner-pc    49500    91.190.217.44    https    ESTABLISHED                                        
    Skype.exe    6732    TCP    owner-pc    49513    65.55.252.167    https    ESTABLISHED                                        
    Skype.exe    6732    TCP    Owner-PC    50975    Owner-PC    0    LISTENING                                        
    Skype.exe    6732    TCP    owner-pc    51364    111.221.77.158    https    ESTABLISHED                                        
    Skype.exe    6732    UDP    Owner-PC    https    *    *                                            
    Skype.exe    6732    UDP    Owner-PC    50975    *    *                                            
    Skype.exe    6732    UDP    Owner-PC    64573    *    *                                            
    Skype.exe    6732    UDP    Owner-PC    50081    *    *                                            
    Skype.exe    6732    UDPV6    owner-pc    50081    *    *                                            
    Skype.exe    6732    TCP    owner-pc    51782    bay406-m.hotmail.com    https    ESTABLISHED                                        
    svchost.exe    412    TCP    Owner-PC    epmap    Owner-PC    0    LISTENING                                        
    svchost.exe    428    TCP    Owner-PC    49153    Owner-PC    0    LISTENING                                        
    svchost.exe    1036    TCP    Owner-PC    49154    Owner-PC    0    LISTENING                                        
    svchost.exe    1036    UDP    Owner-PC    isakmp    *    *                                            
    svchost.exe    1376    UDP    Owner-PC    ssdp    *    *                                            
    svchost.exe    1376    UDP    owner-pc    ssdp    *    *                                            
    svchost.exe    1036    UDP    Owner-PC    ipsec-msft    *    *                                            
    svchost.exe    1568    UDP    Owner-PC    llmnr    *    *                                            
    svchost.exe    1376    UDP    owner-pc    63265    *    *                                            
    svchost.exe    1376    UDP    Owner-PC    63266    *    *                                            
    svchost.exe    412    TCPV6    owner-pc    epmap    owner-pc    0    LISTENING                                        
    svchost.exe    428    TCPV6    owner-pc    49153    owner-pc    0    LISTENING                                        
    svchost.exe    1036    TCPV6    owner-pc    49154    owner-pc    0    LISTENING                                        
    svchost.exe    1036    UDPV6    owner-pc    500    *    *                                            
    svchost.exe    1376    UDPV6    [0:0:0:0:0:0:0:1]    1900    *    *                                            
    svchost.exe    1376    UDPV6    owner-pc    1900    *    *                                            
    svchost.exe    1036    UDPV6    owner-pc    4500    *    *                                            
    svchost.exe    1568    UDPV6    owner-pc    5355    *    *                                            
    svchost.exe    1376    UDPV6    owner-pc    63263    *    *                                            
    svchost.exe    1376    UDPV6    [0:0:0:0:0:0:0:1]    63264    *    *                                            
    System    4    TCP    owner-pc    netbios-ssn    Owner-PC    0    LISTENING                                        
    System    4    TCP    Owner-PC    microsoft-ds    Owner-PC    0    LISTENING                                        
    System    4    UDP    owner-pc    netbios-ns    *    *                                            
    System    4    UDP    owner-pc    netbios-dgm    *    *                                            
    System    4    TCPV6    owner-pc    microsoft-ds    owner-pc    0    LISTENING                                        
    wininit.exe    724    TCP    Owner-PC    49152    Owner-PC    0    LISTENING                                        
    wininit.exe    724    TCPV6    owner-pc    49152    owner-pc    0    LISTENING  

     

     

     

    -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

                                         
    FRST Log is + Apple Search is attached

     

    The rest I will do tomorrow as its getting late over here thanks again for all your help .Good Night .

     

     

    Attached Files


    • 0

    #15
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,017 posts
    • MVP

    You are showing some hardware errors this time:

     

    Error: (01/06/2017 06:12:42 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT AUTHORITY)
    Description: A fatal hardware error has occurred.
     
    Reported by component: Processor Core
    Error Source: 3
    Error Type: 9
    Processor ID: 0
     
    The details view of this entry contains further information.
     
    Error: (01/06/2017 06:12:42 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT AUTHORITY)
    Description: A fatal hardware error has occurred.
     
    Reported by component: Processor Core
    Error Source: 3
    Error Type: 9
    Processor ID: 0
     

     

     

     

    This is often caused by bad RAM

     

    https://social.techn...hea-logger.aspx

     

    so run the builtin Memory test;

     

    http://www.howtogeek...m-for-problems/

     

    If it passes then to be really sure you should download and run MemTest86 in Option 2 of the above page.

     

     

    I have made up a fixlist for you to remove your apple registry entries 

     

     
    Download the attached fixlist.txt to the same location as FRST
     
    Attached File  fixlist.txt   1.02KB   28 downloads
     
    Run FRST and press Fix
    A fix log will be generated please post that 
     
     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
    Also do the registry search again but put a space after apple so it won't pick up "applet"
     
    You have a program called WiTopia.  Apparently a VPN client.  Are you using it?  If not uninstall it.
     
    You have some stuff turned off in msconfig.  Please go in to msconfig and click Normal Startup  OK.
     
     
     
     
     

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP