Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

No Start Menu

Started by wjmccrthy103 , Oct 07 2017 07:13 AM

Please log in to reply

#16
RKinner

Posted 13 October 2017 - 06:54 PM

Malware Expert

Expert
24,625 posts

ternqtxa.sys was mentioned as the problem in your BSODs. It is a randomly named file so probably malware but it appears to be gone now.

If you start up File Explorer (Windows Key + x then choose File Explorer) can you search from its search box?

If you Windows Key + x then choose Search can you type anything?

If you Windows Key + x then choose Run can you type in

services.msc

and hit Enter?

Does it bring up the services window? Scroll down. Is Windows Search Running? If not what error do you get when you try to start it.

#17
wjmccrthy103

Posted 18 October 2017 - 08:08 AM

Member

Topic Starter
Member
11 posts

Sorry for the delay. I did not realize there was a page 2.

I was able to enter services.msc, but Windows Search is running.

The start menu opens, but I am not able to scroll menu options.

The windows search box is grey, and I cannot enter anything.

I don't know what the problem could be.

Thanks for your help.

#18
RKinner

Posted 18 October 2017 - 02:47 PM

Malware Expert

Expert
24,625 posts

See if you can get Windows Repair All In One to work: Follow the instructions from Aura on post #34

https://www.sysnativ...html#post130303

#19
wjmccrthy103

Posted 21 October 2017 - 02:05 PM

Member

Topic Starter
Member
11 posts

I ran GMER, and it found TERQTAXAD.sys not TERQTAXA which you were looking for.

I also came up with MSIDNTFS.

Are these problems causing my slow computer (constant churning)?

#20
RKinner

Posted 21 October 2017 - 06:21 PM

Malware Expert

Expert
24,625 posts

Can you post the log from GMER?

Can you run MBAR? https://www.malwareb...om/antirootkit/

Let's also run Rogue Killer

http://www.adlice.co...iller/#download

Portable 64 bits <=Use this one

Download and Save.

Right click on the downloaded file (RogueKillerX64.exe or RogueKiller.exe) and Run As admin

Start Scan
Start Scan

Will take about 20 minutes to complete.

Open Report
Export TXT (save it to your desktop as rk) Save

Do not let Rogue Killer remove anything until you hear from me. Leave Rogue Killer up (but minimized) so you won't have to rescan.

Open rk.txt and copy and paste it to your next Reply.

#21
wjmccrthy103

Posted 21 October 2017 - 08:17 PM

Member

Topic Starter
Member
11 posts

I am not able to run Rogue Killer or MBAR. Nothing happens after I open them as administrator.

Here is the GMER Log:

GMER 2.2.19882 - http://www.gmer.net

3rd party scan 2017-10-21 22:08:26

Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002f Hitachi_HUA722020ALA331 rev.JKAOA3NH 1863.02GB

Running: v4l1hour.exe; Driver: C:\Users\wjmcc\AppData\Local\Temp\awxdqfog.sys

---- Modules - GMER 2.2 ----

Module \SystemRoot\system32\drivers\tervybei.sys(2017-03-18 20:58:04) fffff802a8cc0000-fffff802a8db1000 (987136 bytes)

Module \SystemRoot\system32\drivers\msidntfs.sys (NetFilter SDK WFP Driver (WPP)/Windows ® Win 7 DDK provider)(2017-10-21 15:16:11) fffff802a9fa0000-fffff802a9fc7000 (159744 bytes)

Module \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS (SASKUTIL64.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com SIGNED)(2011-07-12 21:55:18) fffff802aa820000-fffff802aa82a000 (40960 bytes)

Module \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS (SASDIFSV64.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com SIGNED)(2011-07-22 16:26:56) fffff802aa830000-fffff802aa83a000 (40960 bytes)

Module \SystemRoot\System32\drivers\TeeDriverW8x64.sys (Intel® Management Engine Interface/Intel Corporation SIGNED)(2016-10-23 17:45:20) fffff802aaea0000-fffff802aaed0000 (196608 bytes)

Module \SystemRoot\system32\DRIVERS\IntcDAud.sys (Intel® Display Audio Driver/Intel® Corporation SIGNED)(2016-10-23 17:49:09) fffff802ab350000-fffff802ab3c3000 (471040 bytes)

Module \SystemRoot\System32\Drivers\dump_diskdump.sys fffff802aa8c0000-fffff802aa8cf000 (61440 bytes)

Module \SystemRoot\System32\Drivers\dump_storahci.sys fffff802a9de0000-fffff802a9e07000 (159744 bytes)

Module \SystemRoot\System32\Drivers\dump_dumpfve.sys fffff802a9e30000-fffff802a9e4d000 (118784 bytes)

Module \SystemRoot\System32\Drivers\mbamswissarmy.sys (Malwarebytes SwissArmy/Malwarebytes SIGNED)(2017-10-21 20:26:56) fffff802acc80000-fffff802accc0000 (262144 bytes)

Module \SystemRoot\system32\drivers\N360x64\160A000.055\SYMEFASI64.SYS (Symantec Extended File Attributes/Symantec Corporation SIGNED)(2017-10-21 21:17:40) fffff802accc0000-fffff802ace8d000 (1888256 bytes)

Module \SystemRoot\system32\drivers\N360x64\160A000.055\ccSetx64.sys (Common Client Settings Driver/Symantec Corporation SIGNED)(2017-10-21 21:17:36) fffff802ace90000-fffff802acebf000 (192512 bytes)

Module \SystemRoot\system32\drivers\N360x64\160A000.055\SRTSPX64.SYS (Symantec AutoProtect/Symantec Corporation SIGNED)(2017-10-21 21:17:40) fffff802acec0000-fffff802aced6000 (90112 bytes)

Module \SystemRoot\system32\drivers\N360x64\160A000.055\SYMNETS.SYS (Network Security Driver/Symantec Corporation SIGNED)(2017-10-21 21:17:40) fffff802acee0000-fffff802acf6e000 (581632 bytes)

Module \??\C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS (Symantec Event Library/Symantec Corporation SIGNED)(2017-10-21 21:18:16) fffff802acf70000-fffff802acf93000 (143360 bytes)

Module \SystemRoot\system32\drivers\N360x64\160A000.055\Ironx64.SYS (Iron Driver/Symantec Corporation SIGNED)(2017-10-21 21:17:37) fffff802acfa0000-fffff802acfe7000 (290816 bytes)

Module \SystemRoot\system32\drivers\N360x64\160A000.055\SRTSP64.SYS (Symantec AutoProtect/Symantec Corporation SIGNED)(2017-10-21 21:17:40) fffff802ad800000-fffff802ad8cb000 (831488 bytes)

Module \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Eraser Control Driver/Symantec Corporation SIGNED)(2017-10-21 21:22:16) fffff802ad8d0000-fffff802ad94c000 (507904 bytes)

Module \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11721.sys (Symantec Eraser Utility Driver/Symantec Corporation SIGNED)(2017-10-21 21:18:22) fffff802ad950000-fffff802ad978000 (163840 bytes)

Module \??\C:\Program Files (x86)\Norton Security Suite\Norton 360\NortonData\22.10.0.85\Definitions\IPSDefs\20171020.003\IDSvia64.sys (IDS Core Driver/Symantec Corporation SIGNED)(2017-10-21 22:19:29) fffff802ad990000-fffff802ada95000 (1069056 bytes)

Module \??\C:\Program Files (x86)\Norton Security Suite\Norton 360\NortonData\22.10.0.85\Definitions\BASHDefs\20171018.001\BHDrvx64.sys (BASH Driver/Symantec Corporation SIGNED)(2017-10-18 20:50:04) fffff802adaa0000-fffff802adc6c000 (1884160 bytes)

---- Processes - GMER 2.2 ----

Process C:\Program Files\HitmanPro\hmpsched.exe [2296] (HitmanPro Scheduler/SurfRight B.V. SIGNED)(2017-10-20 01:16:50) 00007ff637420000

Process C:\WINDOWS\System32\spoolsv.exe [2980] (Adobe PDF Port Monitor DLL/Adobe Systems Inc SIGNED)(2012-09-24 00:43:48) 00007ffe4d890000

Library C:\WINDOWS\System32\AdobePDF.dll (Adobe PDF Port Monitor DLL/Adobe Systems Inc SIGNED)(2012-09-24 00:43:48) 00007ffe4d890000

Process C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [3260] (Core Service/SUPERAntiSpyware.com SIGNED)(2014-07-22 23:31:23) 00007ff603d30000

Process C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3272] (Adobe Genuine Software Integrity Service/CA - G2 SIGNED)(2016-03-03 06:59:34) 0000000000fb0000

Process C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [3292] (Adobe Acrobat Update Service/Adobe Systems Incorporated SIGNED)(2017-07-20 03:50:40) 0000000000ec0000

Process C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3532] (Malwarebytes Service/Malwarebytes SIGNED)(2017-10-21 14:15:37) 00007ff600780000

Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll (PoliciesController/Malwarebytes SIGNED)(2017-10-21 14:15:38) 00007ffe3d140000

Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\LicenseControllerImpl.dll (LicenseController/Malwarebytes SIGNED)(2017-10-21 14:15:38) 00007ffe3b3e0000

Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\UpdateControllerImpl.dll (UpdateController/Malwarebytes SIGNED)(2017-10-21 14:15:38) 00007ffe39b40000

Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CloudControllerImpl.dll (CloudController/Malwarebytes SIGNED)(2017-10-21 14:15:38) 00007ffe38b90000

Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\7z.dll (7z Plugin/Igor Pavlov)(2017-10-21 14:15:41) 0000000010000000

Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\TelemetryControllerImpl.dll (TelemetryController/Malwarebytes SIGNED)(2017-10-21 14:15:38) 00007ffe38720000

Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll (CleanController/Malwarebytes SIGNED)(2017-10-21 14:15:38) 00007ffe38180000

Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ScanControllerImpl.dll (ScanController/Malwarebytes SIGNED)(2017-10-21 14:15:38) 00007ffe37ce0000

Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMShim.dll (Classification Engine Shim/Malwarebytes SIGNED)(2017-10-21 14:15:39) 00007ffe37af0000

Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SwissarmyShim.dll (Malwarebytes SwissArmy/Malwarebytes SIGNED)(2017-10-21 14:15:40) 00007ffe37900000

Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\Swissarmy.dll (Malwarebytes SwissArmy/Malwarebytes SIGNED)(2017-10-21 14:15:40) 00007ffe376b0000

Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\RTPControllerImpl.dll (RtpController/Malwarebytes SIGNED)(2017-10-21 14:15:38) 00007ffe373e0000

Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacControllerImpl.dll (MwacController/Malwarebytes SIGNED)(2017-10-21 14:15:38) 00007ffe370a0000

Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ArwControllerImpl.dll (Anti-Ransomware Controller/Malwarebytes SIGNED)(2017-10-21 14:15:37) 00007ffe36d70000

Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\AEControllerImpl.dll (AeController/Malwarebytes SIGNED)(2017-10-21 14:15:38) 00007ffe36aa0000

Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SPControllerImpl.dll (Self-Protection Controller/Malwarebytes SIGNED)(2017-10-21 14:15:39) 00007ffe36840000

Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionShim.dll (Malwarebytes Chameleon/Malwarebytes SIGNED)(2017-10-21 14:15:40) 00007ffe36650000

Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll(2017-10-21 14:15:40) 00007ffe36410000

Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ActionsShim.dll (Clean Actions Shim/Malwarebytes SIGNED)(2017-10-21 14:15:39) 00007ffe35b00000

Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\Actions.dll (Clean Actions/Malwarebytes SIGNED)(2017-10-21 14:15:39) 00007ffe35710000

Process c:\windows\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe [4960] (Microsoft Common Language Runtime Class Library/Microsoft Corporation)(2017-08-09 13:22:25) 00007ffe3dc10000

Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\mscorlib\91643c4e9bf366833e5c6045e685e16c\mscorlib.ni.dll (Microsoft Common Language Runtime Class Library/Microsoft Corporation)(2017-08-09 13:22:25) 00007ffe3dc10000

Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\System\906085223276443a2882aefc69051a04\System.ni.dll (.NET Framework/Microsoft Corporation)(2017-09-12 21:53:43) 00007ffe3c3e0000

Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\7fe22015eaf4ef98bb442826a592702d\System.ServiceProcess.ni.dll (.NET Framework/Microsoft Corporation)(2017-09-12 21:56:28) 00007ffe4c130000

Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\System.Configuration\6787e8ac104c78562a7d0e91f5d85867\System.Configuration.ni.dll (System.Configuration.dll/Microsoft Corporation)(2017-09-12 21:56:17) 00007ffe3c060000

Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\System.Xml\1cc3ff908afa15ebec896c15be695bfb\System.Xml.ni.dll (.NET Framework/Microsoft Corporation)(2017-09-12 21:54:46) 00007ffe3b9b0000

Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\System.Transactions\ddebbe4605a0de27683447c44f8be9fa\System.Transactions.ni.dll (.NET Framework/Microsoft Corporation)(2017-09-12 21:56:28) 00007ffe3b220000

Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\System.Web\6df894ec00614ada9aadbf071e41667b\System.Web.ni.dll (System.Web.dll/Microsoft Corporation)(2017-09-12 21:56:39) 00007ffe39ee0000

Process C:\WINDOWS\Explorer.EXE [6716] (Malwarebytes/Malwarebytes SIGNED)(2017-10-21 14:15:43) 00007ffe4dc50000

Library C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll (Malwarebytes/Malwarebytes SIGNED)(2017-10-21 14:15:43) 00007ffe4dc50000

Library C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL (SUPERAntiSpyware Context Menu Extension/SUPERAntiSpyware.com SIGNED)(2014-06-06 18:40:33) 0000000002d40000

Library C:\Program Files\WinZip\wzshls64.dll (WinZip Shell Extension DLL/WinZip Computing, S.L. SIGNED)(2017-04-20 01:50:00) 00007ffe54e30000

Library C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll (Adobe Acrobat Context Menu/Adobe Systems Inc. SIGNED)(2012-09-24 00:43:36) 00007ffe4d9e0000

Library C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\NavShExt.dll (Norton Security Shell Extension Module/Symantec Corporation SIGNED)(2017-10-21 21:17:39) 0000000059e50000

Library C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\ccVrTrst.dll (Symantec Trust Validation Engine 64 bit/Symantec Corporation SIGNED)(2017-10-21 21:17:36) 000000005d950000

Library C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\ccLib.dll (Symantec Library/Symantec Corporation SIGNED)(2017-10-21 21:17:36) 000000005d980000

Library C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\EFACli64.dll (Symantec Extended File Attributes/Symantec Corporation SIGNED)(2017-10-21 21:17:40) 00007ffe4d5b0000

Library C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\ccSet.dll (Symantec Settings Manager Engine/Symantec Corporation SIGNED)(2017-10-21 21:17:36) 000000005d7c0000

Library C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\csdk.dll (Client SDK/Symantec Corporation SIGNED)(2017-10-21 21:17:36) 00007ffe2f4d0000

Library C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\ccIPC.dll (Symantec ccIPC Engine/Symantec Corporation SIGNED)(2017-10-21 21:17:36) 000000005d8d0000

Library C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\csdkaux.dll (CSDK Client Auxiliary Interface/Symantec Corporation SIGNED)(2017-10-21 21:17:36) 000000005b2b0000

Library C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\buShell.dll (Backup Shell/Symantec Corporation SIGNED)(2017-10-21 21:17:35) 00000000595d0000

Library C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\buComm.dll (Backup Common/Symantec Corporation SIGNED)(2017-10-21 21:17:35) 000000005d2d0000

Process C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [7380] (Malwarebytes Tray Application/Malwarebytes SIGNED)(2017-10-21 14:15:35) 0000000000880000

Library C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:36) 0000000073e90000

Library C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:36) 0000000073960000

Library C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:36) 0000000073510000

Library C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:36) 00000000739a0000

Library C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:36) 0000000072c00000

Library C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:36) 00000000732a0000

Library C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:35) 0000000072e00000

Library C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:36) 0000000072510000

Library C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qdds.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:36) 0000000072360000

Library C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qgif.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:36) 0000000072350000

Library C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qicns.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:36) 0000000072340000

Library C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:36) 0000000072330000

Library C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qjpeg.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:36) 00000000722f0000

Library C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:36) 00000000722e0000

Library C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:36) 00000000722a0000

Library C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtga.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:36) 0000000072290000

Library C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtiff.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:36) 0000000072230000

Library C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwbmp.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:36) 0000000072220000

Library C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwebp.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:36) 00000000721c0000

Library C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:37) 00000000721b0000

Library C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:37) 0000000072100000

Library C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:37) 00000000720e0000

Library C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:37) 00000000720b0000

Library C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:37) 00000000720a0000

Library C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:37) 0000000072090000

Library C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll (C++ application development framework./The Qt Company Ltd)(2017-10-21 14:15:37) 0000000072070000

Process C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe [7340] (AcroTray/Adobe Systems Inc. SIGNED)(2017-07-27 05:29:24) 0000000000bc0000

Process C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2732] (Java Update Scheduler/Oracle Corporation SIGNED)(2017-09-06 00:43:28) 0000000000ef0000

Process C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [4048] (Intuit Update Service/Intuit Inc. SIGNED)(2016-09-07 17:20:18) 0000000000410000

Process C:\Users\wjmcc\AppData\Local\imexfrj\imexfrj.exe [3924](2017-09-29 15:35:24) 0000000000e40000

Process C:\Users\wjmcc\AppData\Local\imexfrj\wudutkh.exe [6404](2017-09-29 15:24:12) 00000000012e0000

Library C:\Users\wjmcc\AppData\Local\imexfrj\libcef.dll(2017-08-03 01:40:34) 0000000065230000

Process C:\Users\wjmcc\AppData\Local\imexfrj\wudutkh.exe [8164](2017-09-29 15:24:12) 00000000012e0000

Library C:\Users\wjmcc\AppData\Local\imexfrj\libcef.dll(2017-08-03 01:40:34) 0000000065230000

Library C:\Users\wjmcc\AppData\Local\imexfrj\libglesv2.dll(2016-05-31 15:43:10) 00000000647a0000

Library C:\Users\wjmcc\AppData\Local\imexfrj\libegl.dll(2016-05-31 15:44:48) 0000000064610000

Process C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\N360.exe [9200] (Norton 360/Symantec Corporation SIGNED)(2017-10-21 21:17:36) 00007ff7815d0000

Process C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\N360.exe [5576] (Norton 360/Symantec Corporation SIGNED)(2017-10-21 21:17:36) 00007ff7815d0000

Library C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\ccLib.dll (Symantec Library/Symantec Corporation SIGNED)(2017-10-21 21:17:36) 000000005d980000

Library C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\EFACli64.dll (Symantec Extended File Attributes/Symantec Corporation SIGNED)(2017-10-21 21:17:40) 00007ffe4d5b0000

Process C:\Users\wjmcc\AppData\Local\imexfrj\wudutkh.exe [6872](2017-09-29 15:24:12) 00000000012e0000

Library C:\Users\wjmcc\AppData\Local\imexfrj\libcef.dll(2017-08-03 01:40:34) 0000000065230000

Library C:\Users\wjmcc\AppData\Local\imexfrj\pepflashplayer.dll(2016-06-15 21:15:24) 00000000627a0000

Process C:\Users\wjmcc\AppData\Local\imexfrj\wudutkh.exe [7480](2017-09-29 15:24:12) 00000000012e0000

Library C:\Users\wjmcc\AppData\Local\imexfrj\libcef.dll(2017-08-03 01:40:34) 0000000065230000

Process C:\Users\wjmcc\AppData\Local\imexfrj\wudutkh.exe [436](2017-09-29 15:24:12) 00000000012e0000

Library C:\Users\wjmcc\AppData\Local\imexfrj\libcef.dll(2017-08-03 01:40:34) 0000000065230000

Process C:\Users\wjmcc\AppData\Local\imexfrj\wudutkh.exe [9568](2017-09-29 15:24:12) 00000000012e0000

Library C:\Users\wjmcc\AppData\Local\imexfrj\libcef.dll(2017-08-03 01:40:34) 0000000065230000

Process C:\Users\wjmcc\Desktop\v4l1hour.exe [9340](2017-10-21 19:32:49) 0000000000400000

---- Services - GMER 2.2 ----

Service C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Core Service/SUPERAntiSpyware.com SIGNED)(2014-07-22 23:31:23) [AUTO] !SASCORE

Service C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Acrobat Update Service/Adobe Systems Incorporated SIGNED)(2017-07-20 03:50:40) [AUTO] AdobeARMservice

Service C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe® Flash® Player Update Service 27.0 r0/Adobe Systems Incorporated SIGNED)(2017-09-03 22:57:22) [MANUAL] AdobeFlashPlayerUpdateSvc

Service ADOVMPPackage

Service C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Genuine Software Integrity Service/CA - G2 SIGNED)(2016-03-03 06:59:34) [AUTO] AGSService

Service avguniva

Service CoreUI

Service ESRV_QUEENCREEK

Service C:\Program Files\HitmanPro\hmpsched.exe (HitmanPro Scheduler/SurfRight B.V. SIGNED)(2017-10-20 01:16:50) [AUTO] HitmanProScheduler

Service InetInfo

Service C:\WINDOWS\system32\DRIVERS\IntcDAud.sys (Intel® Display Audio Driver/Intel® Corporation SIGNED)(2016-10-23 17:49:09) [MANUAL] IntcDAud

Service C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Update Service/Intuit Inc. SIGNED)(2016-09-07 17:20:18) [AUTO] IntuitUpdateServiceV4

Service C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe (Malwarebytes Service/Malwarebytes SIGNED)(2017-10-21 14:15:37) [AUTO] MBAMService

Service C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys (Intel® Management Engine Interface/Intel Corporation SIGNED)(2016-10-23 17:45:20) [MANUAL] MEIx64

Service napagent

Service NetbiosSmb

Service netvscvfpp

Service RDMANDK

Service RDPUDD

Service RegFilter

Service C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS (SASDIFSV64.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com SIGNED)(2011-07-22 16:26:56) [SYSTEM] SASDIFSV

Service C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS (SASKUTIL64.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com SIGNED)(2011-07-12 21:55:18) [SYSTEM] SASKUTIL

Service C:\WINDOWS\system32\drivers\semav6msr64.sys(2017-10-01 13:56:54) [MANUAL] semav6msr64

Service SNMP

Service C:\WINDOWS\system32\drivers\tervybei.sys (*** hidden *** ) [BOOT] tauxo <-- ROOTKIT !!!

Service C:\Windows\System32\drivers\TrueSight.sys (*** hidden *** ) [MANUAL] TrueSight <-- ROOTKIT !!!

Service workerdd

---- Registry - GMER 2.2 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\Adobe PDF Port Monitor@Driver C:\WINDOWS\system32\AdobePDF.dll (Adobe PDF Port Monitor DLL/Adobe Systems Inc SIGNED)(2012-09-24 00:43:48)

Reg HKLM\SYSTEM\CurrentControlSet\Services\!SASCORE@ImagePath C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Core Service/SUPERAntiSpyware.com SIGNED)(2014-07-22 23:31:23)

Reg HKLM\SYSTEM\CurrentControlSet\Services\AdobeARMservice@ImagePath C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Acrobat Update Service/Adobe Systems Incorporated SIGNED)(2017-07-20 03:50:40)

Reg HKLM\SYSTEM\CurrentControlSet\Services\AdobeFlashPlayerUpdateSvc@ImagePath C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe® Flash® Player Update Service 27.0 r0/Adobe Systems Incorporated SIGNED)(2017-09-03 22:57:22)

Reg HKLM\SYSTEM\CurrentControlSet\Services\AGSService@ImagePath C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Genuine Software Integrity Service/CA - G2 SIGNED)(2016-03-03 06:59:34)

Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Chrome@CategoryMessageFile C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.79\eventlog_provider.dll (Google Chrome/Google Inc. SIGNED)(2017-09-09 13:33:18)

Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\MBAMService@EventMessageFile C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe (Malwarebytes Service/Malwarebytes SIGNED)(2017-10-21 14:15:37)

Reg HKLM\SYSTEM\CurrentControlSet\Services\hitmanpro37@ImagePath C:\WINDOWS\system32\drivers\hitmanpro37.sys(2017-10-20 01:16:53)

Reg HKLM\SYSTEM\CurrentControlSet\Services\HitmanProScheduler@ImagePath C:\Program Files\HitmanPro\hmpsched.exe (HitmanPro Scheduler/SurfRight B.V. SIGNED)(2017-10-20 01:16:50)

Reg HKLM\SYSTEM\CurrentControlSet\Services\IntcDAud@ImagePath C:\WINDOWS\system32\DRIVERS\IntcDAud.sys (Intel® Display Audio Driver/Intel® Corporation SIGNED)(2016-10-23 17:49:09)

Reg HKLM\SYSTEM\CurrentControlSet\Services\IntuitUpdateServiceV4@ImagePath C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Update Service/Intuit Inc. SIGNED)(2016-09-07 17:20:18)

Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMService@ImagePath C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe (Malwarebytes Service/Malwarebytes SIGNED)(2017-10-21 14:15:37)

Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@ImagePath C:\WINDOWS\System32\Drivers\mbamswissarmy.sys (Malwarebytes SwissArmy/Malwarebytes SIGNED)(2017-10-21 20:26:56)

Reg HKLM\SYSTEM\CurrentControlSet\Services\MEIx64@ImagePath C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys (Intel® Management Engine Interface/Intel Corporation SIGNED)(2016-10-23 17:45:20)

Reg HKLM\SYSTEM\CurrentControlSet\Services\SASDIFSV@ImagePath C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS (SASDIFSV64.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com SIGNED)(2011-07-22 16:26:56)

Reg HKLM\SYSTEM\CurrentControlSet\Services\SASKUTIL@ImagePath C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS (SASKUTIL64.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com SIGNED)(2011-07-12 21:55:18)

Reg HKLM\SYSTEM\CurrentControlSet\Services\semav6msr64@ImagePath C:\WINDOWS\system32\drivers\semav6msr64.sys(2017-10-01 13:56:54)

Reg HKLM\SYSTEM\CurrentControlSet\Services\tauxo@ImagePath C:\WINDOWS\system32\drivers\tervybei.sys(2017-03-18 20:58:04)

Reg HKLM\SYSTEM\CurrentControlSet\Services\TrueSight@ImagePath C:\Windows\System32\drivers\TrueSight.sys(2017-09-07 02:35:13)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Acrobat.exe@ C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe (Adobe Acrobat /Adobe Systems Incorporated SIGNED)(2017-08-17 23:22:38)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AcrobatInfo.exe@ C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AcrobatInfo.exe (Adobe Acrobat /CA - G2 SIGNED)(2017-03-28 17:24:44)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AcroDist.exe@ C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrodist.exe (Acrobat Distiller/CA SIGNED)(2016-04-23 11:32:44)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AcroRd32.exe@ C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Reader /Adobe Systems Incorporated SIGNED)(2017-07-27 05:29:22)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe@ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc. SIGNED)(2017-09-04 21:40:15)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaws.exe@ C:\Program Files (x86)\Java\jre1.8.0_151\bin\javaws.exe (Java™ Web Start Launcher/Oracle Corporation SIGNED)(2017-10-20 00:31:43)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MCUI32.exe@ C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\MCUI32.exe (Symantec Security History Launcher/Symantec Corporation SIGNED)(2017-10-21 21:17:37)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\NAVW32.EXE@ C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\Navw32.exe (Norton Security Scanner Module/Symantec Corporation SIGNED)(2017-10-21 21:17:37)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\winzip.exe@ C:\Program Files\WinZip\winzip64.exe (WinZip/WinZip Computing, S.L. SIGNED)(2017-04-20 01:50:00)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\VLCPlayCDAudioOnArrival@DefaultIcon C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VLC media player/VideoLAN SIGNED)(2017-05-24 11:22:36)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\WinZip@DefaultIcon C:\Program Files\WinZip\wzwia64.dll (WinZip Image Acquisition Wrapper/WinZip Computing, S.L. SIGNED)(2017-04-20 01:50:00)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{0579E89F-E364-4a3d-A9CB-90262B2B7E1C}@Removal Message C:\Program Files (x86)\Norton Security Suite\Norton 360\Branding\muis.dll (Shortcut MUI Resource/Symantec Corporation SIGNED)(2017-10-21 21:17:54)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Updater Startup Utility/CA - G2 SIGNED)(2016-01-08 00:33:48)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@WinZip PreLoader C:\Program Files\WinZip\WzPreloader.exe (WinZip Preloader/WinZip Computing, S.L. SIGNED)(2017-04-20 01:50:00)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemRoot%/system32/DRIVERS/IntcDAud.sys@Source C:\WINDOWS\System32\DriverStore\FileRepository\intcdaud.inf_amd64_e094d70d4df6855c\IntcDAud.sys (Intel® Display Audio Driver/Intel® Corporation SIGNED)(2016-10-23 17:49:09)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemRoot%/System32/drivers/TeeDriverW8x64.sys@Source C:\WINDOWS\System32\DriverStore\FileRepository\heci.inf_amd64_82b6b79bb97b30fb\x64\TeeDriverW8x64.sys (Intel® Management Engine Interface/Intel Corporation SIGNED)(2016-10-23 17:45:20)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8461-7759-5462-8226@UninstallString C:\Program Files\Vuze\uninstall.exe (Vuze/Azureus Software, Inc. SIGNED)(2016-11-24 14:12:47)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HitmanPro37@DisplayIcon C:\Program Files\HitmanPro\HitmanPro.exe (HitmanPro 3.7/SurfRight B.V. SIGNED)(2017-10-20 01:16:49)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sevinst@QuietUninstallString C:\Program Files\Common Files\Symantec Shared\SEVINST64x86.EXE (Symantec Symevent Installer/Symantec Corporation SIGNED)(2017-10-21 21:18:16)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player@UninstallString C:\Program Files\VideoLAN\VLC\uninstall.exe(2017-09-03 22:58:06)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player@DisplayIcon C:\Program Files\VideoLAN\VLC\vlc.exe (VLC media player/VideoLAN SIGNED)(2017-05-24 12:03:22)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1@DisplayIcon C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes/Malwarebytes SIGNED)(2017-10-21 14:15:35)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1@UninstallString C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe(2017-10-21 14:15:35)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1@DisplayIcon C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe (Revo Uninstaller/VS Revo Group SIGNED)(2017-10-21 13:37:22)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1@UninstallString C:\Program Files\VS Revo Group\Revo Uninstaller\unins000.exe(2017-10-21 13:37:22)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410F}@DisplayIcon C:\Program Files\WinZip\WINZIP64.EXE (WinZip/WinZip Computing, S.L. SIGNED)(2017-04-20 01:50:00)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}@DisplayIcon C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware Application/SUPERAntiSpyware SIGNED)(2016-10-18 19:09:20)

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}@UninstallString C:\Program Files\SUPERAntiSpyware\Uninstall.exe (SUPERSetup Uninstaller/SUPERAdBlocker.com SIGNED)(2014-07-30 23:42:52)

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\Oracle_JavaAccessBridge@StartExe C:\Program Files (x86)\Java\jre1.8.0_151\bin\jabswitch.exe (Java™ Platform SE binary/Oracle Corporation SIGNED)(2017-10-20 00:31:43)

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant@ExecutablesToExclude c:\program files (x86)\nortoninstaller\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360\75206954\22.10.0.85\inststub.exe (Norton 360/Symantec Corporation SIGNED)(2017-10-21 21:17:23)

Reg HKLM\SOFTWARE\Classes\AAM\shell\open\command@ C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\AdobeApplicationManager(URIHandler).exe (AdobeApplicationManager(URIHandler)/CA SIGNED)(2015-07-29 10:30:24)

Reg HKLM\SOFTWARE\Classes\acrobat\shell\open\command@ C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Reader /Adobe Systems Incorporated SIGNED)(2017-07-27 05:29:22)

Reg HKLM\SOFTWARE\Classes\Acrobat.aaui\shell\Open\command@ C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe (Adobe Acrobat /Adobe Systems Incorporated SIGNED)(2017-08-17 23:22:38)

Reg HKLM\SOFTWARE\Classes\AcroDist\shell\Open\command@ C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AcroDist.exe (Acrobat Distiller/CA SIGNED)(2016-04-23 11:32:44)

Reg HKLM\SOFTWARE\Classes\AcroExch.acrobatsecuritysettings.1\shell\Open\command@ C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Reader /Adobe Systems Incorporated SIGNED)(2017-07-27 05:29:22)

Reg HKLM\SOFTWARE\Classes\AcroExch.Document\shell\open\command@ C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe (Adobe Acrobat /Adobe Systems Incorporated SIGNED)(2017-08-17 23:22:38)

Reg HKLM\SOFTWARE\Classes\AcroExch.Document.11\protocol\StdFileEditing\server@ C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Reader /Adobe Systems Incorporated SIGNED)(2017-07-27 05:29:22)

Reg HKLM\SOFTWARE\Classes\AcroExch.Document.11\shell\Print\command@ C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe (Adobe Acrobat /Adobe Systems Incorporated SIGNED)(2017-08-17 23:22:38)

Reg HKLM\SOFTWARE\Classes\AcroExch.Document.11\shell\Read\command@ C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Reader /Adobe Systems Incorporated SIGNED)(2017-07-27 05:29:22)

Reg HKLM\SOFTWARE\Classes\AcroExch.Document.7\shell\Open\command@ C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe (Adobe Acrobat /Adobe Systems Incorporated SIGNED)(2017-08-17 23:22:38)

Reg HKLM\SOFTWARE\Classes\AcroExch.Document.7\shell\read\Command@ C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Reader /Adobe Systems Incorporated SIGNED)(2017-07-27 05:29:22)

Reg HKLM\SOFTWARE\Classes\Applications\Acrobat.exe\shell\Open\command@ C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe (Adobe Acrobat /Adobe Systems Incorporated SIGNED)(2017-08-17 23:22:38)

Reg HKLM\SOFTWARE\Classes\Applications\AcroRD32.exe\shell\Read\command@ C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Reader /Adobe Systems Incorporated SIGNED)(2017-07-27 05:29:22)

Reg HKLM\SOFTWARE\Classes\Applications\N360.exe@TaskbarGroupIcon C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\Settings.dll (Norton Settings User Interface/Symantec Corporation SIGNED)(2017-10-21 21:17:38)

Reg HKLM\SOFTWARE\Classes\Applications\vlc.exe\shell\Open\command@ C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VLC media player/VideoLAN SIGNED)(2017-05-24 11:22:36)

Reg HKLM\SOFTWARE\Classes\ChromeHTML\Application@ApplicationIcon C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc. SIGNED)(2017-09-04 21:40:15)

Reg HKLM\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe (Malwarebytes Service/Malwarebytes SIGNED)(2017-10-21 14:15:37)

Reg HKLM\SOFTWARE\Classes\CLSID\{0579E89F-E364-4a3d-A9CB-90262B2B7E1C}@InfoTip C:\Program Files (x86)\Norton Security Suite\Norton 360\Branding\muis.dll (Shortcut MUI Resource/Symantec Corporation SIGNED)(2017-10-21 21:17:54)

Reg HKLM\SOFTWARE\Classes\CLSID\{0579E89F-E364-4a3d-A9CB-90262B2B7E1C}\InprocServer32@ C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\buShell.dll (Backup Shell/Symantec Corporation SIGNED)(2017-10-21 21:17:35)

Reg HKLM\SOFTWARE\Classes\CLSID\{058D42F2-DBB1-11D6-B856-00C04FC06913}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\X64\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\CLSID\{0B5DB071-ABF4-49D4-B67A-3956DDEFFAFB}\InprocServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\X64\PDFMakerAPI.dll (PDFMakerAPI Module/CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\CLSID\{0CD1257A-50DD-48C4-BCB0-74B52EB054CF}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\X64\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe (Malwarebytes Service/Malwarebytes SIGNED)(2017-10-21 14:15:37)

Reg HKLM\SOFTWARE\Classes\CLSID\{178687A2-ABF5-43EE-AEF6-B380D8A9FD7C}\InprocServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\X64\PDFMakerAPI.dll (PDFMakerAPI Module/CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe (Malwarebytes Service/Malwarebytes SIGNED)(2017-10-21 14:15:37)

Reg HKLM\SOFTWARE\Classes\CLSID\{1A348363-F970-4871-9E43-AA777D4A5488}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\X64\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\CLSID\{2272AE7A-0C30-48E1-91DF-F9E666276C0C}\InprocServer32@ C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\MsouPlug.dll (AntiSpam MS Outlook Plugin/Symantec Corporation SIGNED)(2017-10-21 21:17:35)

Reg HKLM\SOFTWARE\Classes\CLSID\{231e1b19-4085-441e-8265-3353beee68f8}\InprocServer32@ C:\Windows\System32\indexeddbserver.dll (IndexedDb host/Microsoft Corporation)(2017-05-11 09:34:43)

Reg HKLM\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe (Malwarebytes Service/Malwarebytes SIGNED)(2017-10-21 14:15:37)

Reg HKLM\SOFTWARE\Classes\CLSID\{29405572-43FB-11D2-9758-0060979C3633}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\X64\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe (Malwarebytes Service/Malwarebytes SIGNED)(2017-10-21 14:15:37)

Reg HKLM\SOFTWARE\Classes\CLSID\{36C3DCDD-2525-40C6-BAE9-6507DD3DA8C2}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\X64\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe (Malwarebytes Service/Malwarebytes SIGNED)(2017-10-21 14:15:37)

Reg HKLM\SOFTWARE\Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}\InprocServer32@ C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\buShell.dll (Backup Shell/Symantec Corporation SIGNED)(2017-10-21 21:17:35)

Reg HKLM\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\InprocServer32@ C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe PDF Toolbar for Internet Explorer/CA - G2 SIGNED)(2016-04-23 08:32:52)

Reg HKLM\SOFTWARE\Classes\CLSID\{545B74BF-B996-43CF-9C88-111D55E6E610}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\X64\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\CLSID\{5789D319-A0E6-4788-8120-B0D3D1AB9797}\InprocServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Office\x64\PDFMOfficeAddin.dll (PDFMOfficeAddin Module/CA - G2 SIGNED)(2016-04-23 11:32:50)

Reg HKLM\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32@ C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll (Malwarebytes/Malwarebytes SIGNED)(2017-10-21 14:15:43)

Reg HKLM\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe (Malwarebytes Service/Malwarebytes SIGNED)(2017-10-21 14:15:37)

Reg HKLM\SOFTWARE\Classes\CLSID\{5F2F8074-C34B-4AFF-B218-6C69399F6CDC}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\X64\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\InprocServer32@ C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\coIEPlg.dll (coIEPlugIn/Symantec Corporation SIGNED)(2017-10-21 21:17:38)

Reg HKLM\SOFTWARE\Classes\CLSID\{66BD7D2F-1227-47D3-B613-C3968AAABC56}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\X64\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\CLSID\{753C67E2-43A5-4753-8264-C47BD47544D7}\InprocServer32@ C:\WINDOWS\system32\WiFiDiscoveryPlugin.dll (WiFi Discovery Plugin/Microsoft Corporation)(2016-07-16 11:42:06)

Reg HKLM\SOFTWARE\Classes\CLSID\{784C04A3-2E5A-4E7C-A7F7-7D97E27859AD}\LocalServer32@ C:\Program Files\WinZip\WINZIP64.EXE (WinZip/WinZip Computing, S.L. SIGNED)(2017-04-20 01:50:00)

Reg HKLM\SOFTWARE\Classes\CLSID\{7C4D2F80-790E-11D6-82C7-00C04FCFC84E}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\X64\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\CLSID\{7f38c2ab-5136-428f-a8aa-40877f61dd05}\InProcServer32@ C:\WINDOWS\system32\indexeddbserver.dll (IndexedDb host/Microsoft Corporation)(2017-05-11 09:34:43)

Reg HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\InprocServer32@ C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\coIEPlg.dll (coIEPlugIn/Symantec Corporation SIGNED)(2017-10-21 21:17:38)

Reg HKLM\SOFTWARE\Classes\CLSID\{838186E3-56E1-11D2-9758-0060979C3633}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\X64\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\CLSID\{85183dd5-755d-4952-aa8f-c02e5c4f0651}\InprocServer32@ C:\Windows\System32\InkAnalysisLegacyCom.dll (InkAnalysisLegacyCom DLL/Microsoft Corporation)(2016-07-16 11:43:18)

Reg HKLM\SOFTWARE\Classes\CLSID\{897D7B50-2CB6-4E43-B07C-768B2F2B9457}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\X64\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\CLSID\{8AD0743E-113B-4E26-BA21-1E9A71098F41}\InprocServer32@ C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe PDF Toolbar for Internet Explorer/CA - G2 SIGNED)(2016-04-23 08:32:52)

Reg HKLM\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe (Malwarebytes Service/Malwarebytes SIGNED)(2017-10-21 14:15:37)

Reg HKLM\SOFTWARE\Classes\CLSID\{9177B23F-7D46-11D6-B816-00C04FC06913}\InprocServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Mail\Outlook\x64\PDFMOutlookAddin.dll (PDFMOutlook Addin Module/CA - G2 SIGNED)(2016-04-23 11:32:50)

Reg HKLM\SOFTWARE\Classes\CLSID\{9BE31822-FDAD-461B-AD51-BE1D1C159921}\InprocServer32@ C:\Program Files\VideoLAN\VLC\axvlc.dll (VLC media player (Activex Plugin)/VideoLAN SIGNED)(2017-05-24 12:03:20)

Reg HKLM\SOFTWARE\Classes\CLSID\{9CA9DBE8-C0B1-42c9-B6C7-856BE5756855}\LocalServer32@ C:\Program Files\WinZip\WzBGTComServer64.exe (WinZip Background Tool/WinZip Computing, S.L. SIGNED)(2017-04-20 01:50:00)

Reg HKLM\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe (Malwarebytes Service/Malwarebytes SIGNED)(2017-10-21 14:15:37)

Reg HKLM\SOFTWARE\Classes\CLSID\{9FB78BEE-4BCB-4627-8672-86B64B8AED5A}\InprocServer32@ C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavCore.dll (Adobe PDF Toolbar for Internet Explorer/CA - G2 SIGNED)(2017-03-28 14:24:52)

Reg HKLM\SOFTWARE\Classes\CLSID\{A6595CD1-BF77-430A-A452-18696685F7C7}\InprocServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll (Adobe Acrobat Context Menu/Adobe Systems Inc. SIGNED)(2012-09-24 00:43:36)

Reg HKLM\SOFTWARE\Classes\CLSID\{AE7CD045-E861-484f-8273-0445EE161910}\InprocServer32@ C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe PDF Toolbar for Internet Explorer/CA - G2 SIGNED)(2016-04-23 08:32:52)

Reg HKLM\SOFTWARE\Classes\CLSID\{b28b6e84-1729-4097-9db1-c7a65433aa33}\InProcServer32@ C:\WINDOWS\system32\indexeddbserver.dll (IndexedDb host/Microsoft Corporation)(2017-05-11 09:34:43)

Reg HKLM\SOFTWARE\Classes\CLSID\{B59987EA-25FE-44B4-8802-E4DE67073D8C}\InprocServer32@ C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\buShell.dll (Backup Shell/Symantec Corporation SIGNED)(2017-10-21 21:17:35)

Reg HKLM\SOFTWARE\Classes\CLSID\{B7529C11-7480-4DF7-A341-388411521F94}\InprocServer32@ C:\WINDOWS\system32\WiFiOnboardingPlugin.dll (WiFi Onboarding Plugin/Microsoft Corporation)(2016-07-16 11:42:06)

Reg HKLM\SOFTWARE\Classes\CLSID\{BAAB3B02-59D7-4C24-A44A-D9A0A24E6BED}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\X64\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe (Malwarebytes Service/Malwarebytes SIGNED)(2017-10-21 14:15:37)

Reg HKLM\SOFTWARE\Classes\CLSID\{BF8230FC-439A-4CDA-857B-7118F27BD396}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\X64\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\CLSID\{CA8A9780-280D-11CF-A24D-444553540000}\InprocServer32@ C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF64.dll (PDF Browser Control/Adobe Systems, Inc. SIGNED)(2017-07-27 02:29:24)

Reg HKLM\SOFTWARE\Classes\CLSID\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\InprocServer32@ C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL (SUPERAntiSpyware Context Menu Extension/SUPERAntiSpyware.com SIGNED)(2014-06-06 18:40:33)

Reg HKLM\SOFTWARE\Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32@ C:\Program Files\WinZip\adxloader64.dll(2017-04-20 01:50:00)

Reg HKLM\SOFTWARE\Classes\CLSID\{CF8187B6-14B1-49E3-A4AB-000B944FA0A2}\InprocServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\X64\PDFMakerAPI.dll (PDFMakerAPI Module/CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\CLSID\{D1530EB4-BAAA-43D1-9007-FC9FA29C6212}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\X64\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\CLSID\{D4164BB7-872D-4C66-83D8-8A3583B1CE25}\InprocServer32@ C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavCore.dll (Adobe PDF Toolbar for Internet Explorer/CA - G2 SIGNED)(2017-03-28 14:24:52)

Reg HKLM\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe (Malwarebytes Service/Malwarebytes SIGNED)(2017-10-21 14:15:37)

Reg HKLM\SOFTWARE\Classes\CLSID\{DC6A2437-8992-4E85-8081-DC92C93C0075}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\X64\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe (Malwarebytes Service/Malwarebytes SIGNED)(2017-10-21 14:15:37)

Reg HKLM\SOFTWARE\Classes\CLSID\{E0D79304-84BE-11CE-9641-444553540000}\InProcServer32@ C:\Program Files\WinZip\wzshls64.dll (WinZip Shell Extension DLL/WinZip Computing, S.L. SIGNED)(2017-04-20 01:50:00)

Reg HKLM\SOFTWARE\Classes\CLSID\{E0D7930A-84BE-11CE-9641-444553540002}@DisplayName C:\Program Files\WinZip\WzPreviewer64.exe (WinZip Previewer (64-bit)/WinZip Computing, S.L. SIGNED)(2017-04-20 01:50:00)

Reg HKLM\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe (Malwarebytes Service/Malwarebytes SIGNED)(2017-10-21 14:15:37)

Reg HKLM\SOFTWARE\Classes\CLSID\{E69CBA0B-3B2B-4657-8835-92BCAF53EE17}\InprocServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\X64\PDFMakerAPI.dll (PDFMakerAPI Module/CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\CLSID\{E6BE6A45-8093-462C-AF3B-8E77BA265A36}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\X64\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32@ C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (A plugin to detect whether the Adobe Application Manager is installed on this machine./CA SIGNED)(2015-07-29 09:31:42)

Reg HKLM\SOFTWARE\Classes\CLSID\{E9D5EFC8-AD7B-48F5-98D3-15A5FDF857F2}\InprocServer32@ C:\WINDOWS\system32\AllJoynDiscoveryPlugin.dll (AllJoyn Discovery Plugin/Microsoft Corporation)(2016-07-16 11:42:06)

Reg HKLM\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe (Malwarebytes Service/Malwarebytes SIGNED)(2017-10-21 14:15:37)

Reg HKLM\SOFTWARE\Classes\CLSID\{EEA07F81-E5A5-11D6-B85A-00C04FC06913}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\X64\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\CLSID\{F0B4F6AD-5E09-4CB1-B763-EC390CBDE51D}\InprocServer32@ C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDFImpl64.dll (PDF Browser Control/CA SIGNED)(2017-07-27 02:29:24)

Reg HKLM\SOFTWARE\Classes\CLSID\{F13C7C55-93E5-48ca-A5E5-E6564089CAB0}\LocalServer32@ C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\SymDgnHc.exe (Firewall Diagnostic NDF Helper/Symantec Corporation SIGNED)(2017-10-21 21:17:40)

Reg HKLM\SOFTWARE\Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}\InprocServer32@ C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\buShell.dll (Backup Shell/Symantec Corporation SIGNED)(2017-10-21 21:17:35)

Reg HKLM\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe (Malwarebytes Service/Malwarebytes SIGNED)(2017-10-21 14:15:37)

Reg HKLM\SOFTWARE\Classes\CLSID\{F4971EE7-DAA0-4053-9964-665D8EE6A077}\InprocServer32@ C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe PDF Toolbar for Internet Explorer/CA - G2 SIGNED)(2016-04-23 08:32:52)

Reg HKLM\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe (Malwarebytes Service/Malwarebytes SIGNED)(2017-10-21 14:15:37)

Reg HKLM\SOFTWARE\Classes\CLSID\{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB}\InprocServer32@ C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\buShell.dll (Backup Shell/Symantec Corporation SIGNED)(2017-10-21 21:17:35)

Reg HKLM\SOFTWARE\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}\InprocServer32@ C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.0.85\NavShExt.dll (Norton Security Shell Extension Module/Symantec Corporation SIGNED)(2017-10-21 21:17:39)

Reg HKLM\SOFTWARE\Classes\Directory\shell\AddToPlaylistVLC\command@ C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VLC media player/VideoLAN SIGNED)(2017-05-24 11:22:36)

Reg HKLM\SOFTWARE\Classes\FormsCentral.fcdt\shell\Open\command@ C:\Program Files (x86)\Adobe\Acrobat 11.0\FormsCentral\FormsCentralForAcrobat.exe (CA SIGNED)(2017-07-27 05:29:32)

Reg HKLM\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2238110150F@ProductIcon C:\Program Files (x86)\Java\jre1.8.0_151\bin\javaws.exe (Java™ Web Start Launcher/Oracle Corporation SIGNED)(2017-10-20 00:31:43)

Reg HKLM\SOFTWARE\Classes\Installer\Products\711E928B270DAE14696089623AD8431C@ProductIcon C:\WINDOWS\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe (InstallShield/Macrovision Corporation)(2017-10-20 01:24:56)

Reg HKLM\SOFTWARE\Classes\jarfile\shell\open\command@ C:\Program Files (x86)\Java\jre1.8.0_151\bin\javaw.exe (Java™ Platform SE binary/Oracle Corporation SIGNED)(2017-10-20 00:31:43)

Reg HKLM\SOFTWARE\Classes\jnlp\Shell\Open\Command@ C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2launcher.exe (Java™ Web Launcher/Oracle Corporation SIGNED)(2017-10-20 00:31:44)

Reg HKLM\SOFTWARE\Classes\JNLPFile\Shell\Open\Command@ C:\Program Files (x86)\Java\jre1.8.0_151\bin\javaws.exe (Java™ Web Start Launcher/Oracle Corporation SIGNED)(2017-10-20 00:31:43)

Reg HKLM\SOFTWARE\Classes\jnlps\Shell\Open\Command@ C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2launcher.exe (Java™ Web Launcher/Oracle Corporation SIGNED)(2017-10-20 00:31:44)

Reg HKLM\SOFTWARE\Classes\malwarebytes\shell\open\command@ C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe (Malwarebytes Assistant/Malwarebytes SIGNED)(2017-10-21 14:15:35)

Reg HKLM\SOFTWARE\Classes\PDXFileType\shell\Read\command@ C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Reader /Adobe Systems Incorporated SIGNED)(2017-07-27 05:29:22)

Reg HKLM\SOFTWARE\Classes\SOFTWARE\Adobe\Acrobat\Distiller@Exe C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AcroDistDLL.dll (Acrobat Distiller/Adobe Systems Incorporated. SIGNED)(2017-07-27 05:29:24)

Reg HKLM\SOFTWARE\Classes\SOFTWARE\Adobe\Acrobat\Exe@ C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Reader /Adobe Systems Incorporated SIGNED)(2017-07-27 05:29:22)

Reg HKLM\SOFTWARE\Classes\TTAX16.Document\shell\open\command@ C:\Program Files (x86)\TurboTax\Deluxe 2016\32bit\TurboTax.exe (TurboTax/Intuit SIGNED)(2017-08-09 11:00:42)

Reg HKLM\SOFTWARE\Classes\VLC.3g2\shell\AddToPlaylistVLC\command@ C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VLC media player/VideoLAN SIGNED)(2017-05-24 11:22:36)

Reg HKLM\SOFTWARE\Classes\WinZip\shell\open\command@ C:\Program Files\WinZip\WINZIP64.EXE (WinZip/WinZip Computing, S.L. SIGNED)(2017-04-20 01:50:00)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{00460182-9E5E-11d5-B7C8-B8269041DD57}\InprocServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\ActiveX\SelectPageRange.ocx (Select Page Range Framer Control/Adobe Systems Inc SIGNED)(2012-09-24 00:43:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{0579E89F-E364-4a3d-A9CB-90262B2B7E1C}@InfoTip C:\Program Files (x86)\Norton Security Suite\Norton 360\Branding\muis.dll (Shortcut MUI Resource/Symantec Corporation SIGNED)(2017-10-21 21:17:54)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{0579E89F-E364-4a3d-A9CB-90262B2B7E1C}\InprocServer32@ C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine32\22.10.0.85\buShell.dll (Backup Shell/Symantec Corporation SIGNED)(2017-10-21 21:17:35)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{058D42F2-DBB1-11D6-B856-00C04FC06913}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32@ C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe PDF Helper for Internet Explorer/Adobe Systems Incorporated SIGNED)(2012-09-24 00:43:54)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{0B5DB071-ABF4-49D4-B67A-3956DDEFFAFB}\InprocServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\PDFMakerAPI.dll (PDFMakerAPI Module/CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{0CD1257A-50DD-48C4-BCB0-74B52EB054CF}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{12BA069D-0FC6-4577-97C6-5DF634CE6E84}\InProcServer32@ C:\Program Files (x86)\Adobe\Reader 11.0\Reader\ViewerPS.dll(2012-09-24 00:43:36)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{13C3C803-0CEF-4AE1-AF81-B73DD04BCAB5}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\adobeafp.dll (Adobe Acrobat File Preview/Adobe Systems, Inc. SIGNED)(2017-07-27 05:29:28)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{178687A2-ABF5-43EE-AEF6-B380D8A9FD7C}\InprocServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\PDFMakerAPI.dll (PDFMakerAPI Module/CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{17F2E344-8227-4AA7-A25A-E89424566BBA}\InProcServer32@ C:\Program Files (x86)\Adobe\Reader 11.0\Reader\pdfprevhndlr.dll (Adobe PDF Preview Handler/Adobe Systems, Inc. SIGNED)(2017-07-27 05:29:22)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\InprocServer32@ C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe PDF Helper for Internet Explorer/Adobe Systems Incorporated SIGNED)(2012-09-24 00:43:54)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{1A348363-F970-4871-9E43-AA777D4A5488}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{1CD675B2-ECD1-11D1-B976-00600802DB86}\LocalServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrodist.exe (Acrobat Distiller/CA SIGNED)(2016-04-23 11:32:44)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{1CDE2E84-991C-4BFC-8A31-AA52C1CF71E7}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{2272AE7A-0C30-48E1-91DF-F9E666276C0C}\InprocServer32@ C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine32\22.10.0.85\MsouPlug.dll (AntiSpam MS Outlook Plugin/Symantec Corporation SIGNED)(2017-10-21 21:17:35)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{231e1b19-4085-441e-8265-3353beee68f8}\InprocServer32@ C:\Windows\SysWOW64\indexeddbserver.dll (IndexedDb host/Microsoft Corporation)(2017-03-17 00:31:29)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{2437793F-7DF4-4566-B84F-CC413913FAF9}\InprocServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Mail\LotusNotes\PDFMLotusNotes.dll (Acrobat PDFMaker for Lotus Notes/CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{24DA047B-40C0-4018-841B-6B7409F730FC}\InprocServer32@ C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll (PDF Browser Control/CA - G2 SIGNED)(2016-04-23 11:32:56)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{29405572-43FB-11D2-9758-0060979C3633}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{2EAF0840-690A-101B-9CA8-9240CE2738AE}\LocalServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe (Adobe Acrobat /Adobe Systems Incorporated SIGNED)(2017-08-17 23:22:38)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{36C3DCDD-2525-40C6-BAE9-6507DD3DA8C2}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{4299124F-F2C3-41b4-9C73-9236B2AD0E8F}@InfoTip C:\Program Files (x86)\Java\jre1.8.0_151\bin\javacpl.exe (Java Control Panel/Oracle Corporation SIGNED)(2017-10-20 00:31:43)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}\InprocServer32@ C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine32\22.10.0.85\buShell.dll (Backup Shell/Symantec Corporation SIGNED)(2017-10-21 21:17:35)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\InprocServer32@ C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe PDF Toolbar for Internet Explorer/CA - G2 SIGNED)(2016-04-23 11:32:52)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{512B93DF-7183-4D13-A72F-65E2409E34FF}\LocalServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\plug_ins\WebPDF.api (Adobe Acrobat Web Capture Plug-in/Adobe Systems Incorporated)(2017-07-27 05:29:34)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{545B74BF-B996-43CF-9C88-111D55E6E610}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{551B31B1-4390-4f18-BE10-6841EF69DD51}\InprocServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Office\PDFMVisio.vsl (Acrobat PDFMaker/Adobe Systems Incorporated SIGNED)(2017-07-27 05:29:28)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{5789D319-A0E6-4788-8120-B0D3D1AB9797}\InprocServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Office\PDFMOfficeAddin.dll (PDFMOfficeAddin Module/CA - G2 SIGNED)(2016-04-23 11:32:50)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\InprocServer32@ C:\Program Files (x86)\Java\jre1.8.0_151\bin\wsdetect.dll (Java Web Start ActiveX Control/Oracle Corporation SIGNED)(2017-10-20 00:31:44)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{5AAABB05-F91B-4bce-AB18-D8319DEDABA8}\InprocServer32@ C:\Program Files (x86)\Adobe\Reader 11.0\Reader\adoberfp.dll (Adobe Reader File Preview/Adobe Systems, Inc. SIGNED)(2017-07-27 05:29:24)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{5BB2200E-5672-4A32-902A-5A98DB1C58DC}\InprocServer32@ C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll (PDF Browser Control/CA - G2 SIGNED)(2016-04-23 11:32:56)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{5E628A96-1BE5-42FE-9117-EDAD9A9C479C}\InProcServer32@ C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll (PDF Shell Extension/Adobe Systems, Inc. SIGNED)(2016-04-23 11:32:56)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{5F2F8074-C34B-4AFF-B218-6C69399F6CDC}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\InprocServer32@ C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine32\22.10.0.85\coIEPlg.dll (coIEPlugIn/Symantec Corporation SIGNED)(2017-10-21 21:17:38)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{66BD7D2F-1227-47D3-B613-C3968AAABC56}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{671B6145-4169-4ADD-9AF3-E6990EB2B325}\InProcServer32@ C:\Program Files (x86)\Adobe\Reader 11.0\Reader\adoberfp.dll (Adobe Reader File Preview/Adobe Systems, Inc. SIGNED)(2017-07-27 05:29:24)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{6D12C400-4E34-101B-9CA8-9240CE2738AE}\LocalServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe (Adobe Acrobat /Adobe Systems Incorporated SIGNED)(2017-08-17 23:22:38)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{74A13FDD-9BCF-4229-9CAB-0079A5E17A25}\InprocServer32@ C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDFImpl.dll (PDF Browser Control/CA SIGNED)(2016-04-23 08:32:56)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32@ C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll (Java™ Platform SE binary/Oracle Corporation SIGNED)(2017-10-20 00:31:44)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{7C4D2F80-790E-11D6-82C7-00C04FCFC84E}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{7D2D9B28-0B05-4B9D-B3EA-9FB1B9180E53}\InprocServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Office\PDFMVisio.vsl (Acrobat PDFMaker/Adobe Systems Incorporated SIGNED)(2017-07-27 05:29:28)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{7F2AB156-ABE7-48A1-A581-350BE149D414}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{7f38c2ab-5136-428f-a8aa-40877f61dd05}\InProcServer32@ C:\WINDOWS\system32\indexeddbserver.dll (IndexedDb host/Microsoft Corporation)(2017-05-11 09:34:43)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\InprocServer32@ C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine32\22.10.0.85\coIEPlg.dll (coIEPlugIn/Symantec Corporation SIGNED)(2017-10-21 21:17:38)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{8215BA54-B69F-4275-AE11-31CB63593B09}\InProcServer32@ C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRdIF.dll (PDF IFilter/Adobe Systems, Inc. SIGNED)(2012-09-24 00:43:42)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{838186E3-56E1-11D2-9758-0060979C3633}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{85183dd5-755d-4952-aa8f-c02e5c4f0651}\InprocServer32@ C:\Windows\SysWOW64\InkAnalysisLegacyCom.dll (InkAnalysisLegacyCom DLL/Microsoft Corporation)(2016-07-16 11:44:03)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{85DE1C45-2C66-101B-B02E-04021C009402}\LocalServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe (Adobe Acrobat /Adobe Systems Incorporated SIGNED)(2017-08-17 23:22:38)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{897D7B50-2CB6-4E43-B07C-768B2F2B9457}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{8AD0743E-113B-4E26-BA21-1E9A71098F41}\InprocServer32@ C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe PDF Toolbar for Internet Explorer/CA - G2 SIGNED)(2016-04-23 11:32:52)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32@ C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2iexp.dll(2017-10-20 00:31:44)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{9177B23F-7D46-11D6-B816-00C04FC06913}\InprocServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Mail\Outlook\PDFMOutlookAddin.dll (PDFMOutlook Addin Module/CA - G2 SIGNED)(2016-04-23 11:32:50)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}\LocalServer32@ C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32Info.exe (Adobe Reader /CA - G2 SIGNED)(2017-07-27 05:29:24)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{9BE31822-FDAD-461B-AD51-BE1D1C159921}\InprocServer32@ C:\Program Files (x86)\VideoLAN\VLC\axvlc.dll (VLC media player (Activex Plugin)/VideoLAN SIGNED)(2017-05-24 11:22:32)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{9FB78BEE-4BCB-4627-8672-86B64B8AED5A}\InprocServer32@ C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavCore.dll (Adobe PDF Toolbar for Internet Explorer/CA - G2 SIGNED)(2016-04-23 08:32:52)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{AE7CD045-E861-484f-8273-0445EE161910}\InprocServer32@ C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe PDF Toolbar for Internet Explorer/CA - G2 SIGNED)(2016-04-23 11:32:52)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{b28b6e84-1729-4097-9db1-c7a65433aa33}\InProcServer32@ C:\WINDOWS\system32\indexeddbserver.dll (IndexedDb host/Microsoft Corporation)(2017-05-11 09:34:43)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{B59987EA-25FE-44B4-8802-E4DE67073D8C}\InprocServer32@ C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine32\22.10.0.85\buShell.dll (Backup Shell/Symantec Corporation SIGNED)(2017-10-21 21:17:35)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\LocalServer32@ C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Reader /Adobe Systems Incorporated SIGNED)(2017-07-27 05:29:22)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{BAAB3B02-59D7-4C24-A44A-D9A0A24E6BED}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{BD57A9B2-4E7D-4892-9107-9F4106472DA4}\LocalServer32@ C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroBroker.exe (Adobe PDF Broker Process for Internet Explorer/CA SIGNED)(2017-07-27 05:29:22)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{BDE0D630-7801-47cd-984E-1F0AFBC5ACBF}\InprocServer32@ C:\Program Files (x86)\Adobe\Reader 11.0\Reader\adoberfp.dll (Adobe Reader File Preview/Adobe Systems, Inc. SIGNED)(2017-07-27 05:29:24)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{BE74BD18-D040-4A19-85CF-21E5BDF6B2F0}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\InprocServer32@ C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\Accessibility.api (Adobe Acrobat Accessibility Plug-in/Adobe Systems Incorporated)(2017-07-27 05:29:22)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{CA8A9780-280D-11CF-A24D-444553540000}\InprocServer32@ C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll (PDF Browser Control/CA - G2 SIGNED)(2016-04-23 11:32:56)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32@ C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2iexp.dll(2017-10-20 00:31:44)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}\InProcServer32@ C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\deployJava1.dll (Java™ Platform SE binary/Oracle Corporation SIGNED)(2017-10-20 00:31:43)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\InprocServer32@ C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2iexp.dll(2017-10-20 00:31:44)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32@ C:\Program Files\WinZip\adxloader.dll(2017-04-20 01:50:00)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{CB72AC12-699C-11D6-9904-00B0D048572E}\InprocServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Project\PDFMProject.dll (Acrobat PDFMaker/Adobe Systems Incorporated SIGNED)(2017-07-27 05:29:28)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{CF8187B6-14B1-49E3-A4AB-000B944FA0A2}\InprocServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\PDFMakerAPI.dll (PDFMakerAPI Module/CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{D1530EB4-BAAA-43D1-9007-FC9FA29C6212}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{D38406DA-E8AA-484b-B80D-3D3DBDCC2FB2}\LocalServer32@ C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32Info.exe (Adobe Reader /CA - G2 SIGNED)(2017-07-27 05:29:24)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{D4164BB7-872D-4C66-83D8-8A3583B1CE25}\InprocServer32@ C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavCore.dll (Adobe PDF Toolbar for Internet Explorer/CA - G2 SIGNED)(2016-04-23 08:32:52)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{D86D3661-4F11-4a9a-AD85-772A52AE6D69}\InprocServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\adobeafp.dll (Adobe Acrobat File Preview/Adobe Systems, Inc. SIGNED)(2017-07-27 05:29:28)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32@ C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll (Java™ Platform SE binary/Oracle Corporation SIGNED)(2017-10-20 00:31:44)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{DC6A2437-8992-4E85-8081-DC92C93C0075}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}@DisplayName C:\Program Files (x86)\Adobe\Reader 11.0\Reader\pdfprevhndlr.dll (Adobe PDF Preview Handler/Adobe Systems, Inc. SIGNED)(2017-07-27 05:29:22)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{E0D79304-84BE-11CE-9641-444553540000}\InProcServer32@ C:\Program Files\WinZip\wzshlstb.dll (WinZip Shell Extension DLL/WinZip Computing, S.L. SIGNED)(2017-04-20 01:50:00)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{E0D7930A-84BE-11CE-9641-444553540002}@DisplayName C:\Program Files\WinZip\WzPreviewer64.exe (WinZip Previewer (64-bit)/WinZip Computing, S.L. SIGNED)(2017-04-20 01:50:00)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32@ C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2iexp.dll(2017-10-20 00:31:44)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{E69CBA0B-3B2B-4657-8835-92BCAF53EE17}\InprocServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\PDFMakerAPI.dll (PDFMakerAPI Module/CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{E6BE6A45-8093-462C-AF3B-8E77BA265A36}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{E80FE628-CB21-47AF-B5BC-8CBF5ED025CA}\LocalServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\plug_ins\Scan\AcroScanBroker.exe (AcroScanBroker Module/CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{E8978DA6-047F-4E3D-9C78-CDBE46041603}\InprocServer32@ C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRdIF.dll (PDF IFilter/Adobe Systems, Inc. SIGNED)(2012-09-24 00:43:42)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32@ C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (A plugin to detect whether the Adobe Application Manager is installed on this machine./CA SIGNED)(2015-07-29 09:31:42)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{EE5A151A-AD2A-4CEE-AD65-228B59F5B4AD}\InProcServer32@ C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll (PDF Browser Control/CA - G2 SIGNED)(2016-04-23 11:32:56)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{EEA07F81-E5A5-11D6-B85A-00C04FC06913}\InProcServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll (CA - G2 SIGNED)(2017-03-28 17:24:48)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{F0B4F6AD-5E09-4CB1-B763-EC390CBDE51D}\InprocServer32@ C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDFImpl.dll (PDF Browser Control/CA SIGNED)(2016-04-23 08:32:56)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}\InprocServer32@ C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine32\22.10.0.85\buShell.dll (Backup Shell/Symantec Corporation SIGNED)(2017-10-21 21:17:35)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{F4971EE7-DAA0-4053-9964-665D8EE6A077}\InprocServer32@ C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe PDF Toolbar for Internet Explorer/CA - G2 SIGNED)(2016-04-23 11:32:52)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB}\InprocServer32@ C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine32\22.10.0.85\buShell.dll (Backup Shell/Symantec Corporation SIGNED)(2017-10-21 21:17:35)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627}\InprocServer32@ C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc. SIGNED)(2016-04-23 11:32:56)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{FC403250-51F5-4E1B-AC8C-ED9C5E551B9B}\LocalServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrodist.exe (Acrobat Distiller/CA SIGNED)(2016-04-23 11:32:44)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{FD2C8897-2BE8-459c-B8E4-0D2FCFD341F0}\InprocServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\adobeafp.dll (Adobe Acrobat File Preview/Adobe Systems, Inc. SIGNED)(2017-07-27 05:29:28)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{FDA6EEC2-325B-4E8A-A8C7-1C75DFBE72D5}\InProcServer32@ C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe PDF Helper for Internet Explorer/Adobe Systems Incorporated SIGNED)(2012-09-24 00:43:54)

Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{FF76CB60-2E68-101B-B02E-04021C009402}\LocalServer32@ C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe (Adobe Acrobat /Adobe Systems Incorporated SIGNED)(2017-08-17 23:22:38)

Reg HKLM\SOFTWARE\Classes\WzExpForSPExtension@URL Protocol C:\Program Files\WinZip\WzExpForSPExtension.exe (WinZip Express for SharePoint Extension/WinZip Computing, S.L. SIGNED)(2017-04-20 01:50:00)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware Application/SUPERAntiSpyware SIGNED)(2016-10-18 19:09:20)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{024365BA-1F58-47DC-B9DF-3BB17B93B3DA}@AppId C:\Users\wjmcc\Desktop\rootkitremover.exe (McAfee Labs Rootkit Remover/McAfee, Inc. SIGNED)(2017-10-21 21:11:08)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{09FD50C0-0E0B-4A1E-B559-F5B1EE8C4119}@AppId C:\Users\wjmcc\Desktop\Norton_Download_Manager.exe (Norton Download Manager/Symantec Corporation SIGNED)(2017-10-21 21:16:33)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{1306B024-0B1B-49B2-9A50-A3AED69636F3}@AppPath C:\Program Files\Vuze\Azureus.exe (Vuze Launcher/Azureus Software, Inc SIGNED)(2016-11-24 14:12:48)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{168078B8-D69C-44A3-8861-B0FA7C25F8DC}@AppId C:\Users\wjmcc\Desktop\setup.exe (RogueKiller Installer /Adlice Software SIGNED)(2017-10-21 15:04:30)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{1DD05B91-A264-4636-BD7F-FDB76640A60D}@AppId C:\Users\wjmcc\Desktop\FRST64.exe (Farbar Recovery Scan Tool/Farbar)(2017-10-01 10:53:28)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{2C0EFF00-E985-4EBB-BB9C-824B360E5546}@AppId C:\Users\wjmcc\Desktop\rkill64.exe (Terminates malware processes so that you can run your normal security programs./Bleeping Computer, LLC SIGNED)(2017-10-21 19:55:38)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{2CDA9B54-8F2D-43AE-A201-A41E584C304D}@AppId C:\Users\wjmcc\Desktop\RogueKiller_portable64.exe (Anti-malware remediation tool/Adlice Software SIGNED)(2017-10-20 01:04:48)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{3BD64611-38E0-41F3-BEF6-382ECAD18E73}@AppId C:\Users\wjmcc\Desktop\rkill.exe (Terminates malware processes so that you can run your normal security programs./Bleeping Computer, LLC SIGNED)(2017-10-20 00:47:41)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{456E2E2B-84EC-469F-B2B4-8E1263468584}@AppId C:\Users\wjmcc\Desktop\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\Repair_Windows.exe (Tweaking.com - Windows Repair/Tweaking.com SIGNED)(2017-10-17 13:34:56)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{64F4F248-E12C-4303-B55D-24B39401946E}@AppId C:\Users\wjmcc\Desktop\mbam-check-2.3.2.0.exe (mbam-check.exe/Malwarebytes SIGNED)(2017-10-21 15:48:41)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{737D9995-0E6D-4F1F-A3CC-871AB9A86493}@AppPath C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes/Malwarebytes SIGNED)(2017-10-21 14:15:35)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{748C38EB-4232-48EC-ABE5-CAD9B3A7C1DF}@AppId C:\Users\wjmcc\Desktop\gmer\gmer.exe(2016-03-11 18:53:14)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{7799AA81-D2D8-4B6D-B0AA-902FF56AD5B9}@AppId C:\Users\wjmcc\Desktop\tweaking.com_windows_repair_aio_setup.exe (Setup Application/Tweaking.com SIGNED)(2017-10-08 13:27:09)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{86991175-4CAF-49FB-A477-B2575BCA20D7}@AppPath C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware Application/SUPERAntiSpyware SIGNED)(2016-10-18 19:09:20)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{8900CB62-957D-4334-9A8B-5D000A725E83}@AppId C:\Users\wjmcc\Desktop\JRT.exe (Junkware Removal Tool/Malwarebytes SIGNED)(2017-10-07 12:55:35)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{9B856560-B005-4885-A16D-9B3FF1C1B135}@AppPath C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe (Revo Uninstaller/VS Revo Group SIGNED)(2017-10-21 13:37:22)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{9EA5A571-17A4-48F3-AE5D-D1ECAEE7C923}@AppId C:\Users\wjmcc\Desktop\TFC.exe (OldTimer Tools)(2017-10-01 10:37:42)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{A00DBADE-EC07-47C2-B6C9-A08BBDD6B968}@AppPath C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VLC media player/VideoLAN SIGNED)(2017-05-24 11:22:36)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{A58134B5-02F6-488F-84E5-A525CCD99D8A}@AppPath C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTgui.exe (Sophos Virus Removal Tool GUI/Sophos Limited SIGNED)(2017-06-15 19:27:44)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{B83E0EEB-C166-46CA-AD5C-C83D61F760B2}@AppId C:\Users\wjmcc\Desktop\driverview-x64\DriverView.exe (DriverView/NirSoft SIGNED)(2015-09-19 15:52:20)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{BB150F33-14BA-4C65-8185-EF95EED41179}@AppId C:\Users\wjmcc\Desktop\revosetup.exe (Revo Uninstaller /VS Revo Group SIGNED)(2017-10-21 13:36:52)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{C89E3B27-7A65-44AF-B368-39E302E436B9}@AppId C:\Users\wjmcc\Desktop\mbar\mbar.exe (Malwarebytes Anti-Rootkit/Malwarebytes SIGNED)(2017-09-06 02:01:43)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{CBDCB85D-95C2-4B56-BBE4-897413406137}@AppId C:\Users\wjmcc\Desktop\mbar-1.10.2.1002-nr.exe(2017-10-21 14:07:59)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{DA59A2AA-F3A8-47A3-BFDB-15CB15CF551A}@AppId C:\Users\wjmcc\Desktop\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe (Malwarebytes /Malwarebytes SIGNED)(2017-10-21 14:14:51)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{EE183A9C-3C51-4B63-BC6C-AB36357B130E}@AppId C:\Users\wjmcc\Desktop\v4l1hour.exe(2017-10-21 19:32:49)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F14C6BB0-5D61-4882-81C4-703670CEDA71}@AppId C:\Users\wjmcc\Desktop\mbar\Plugins\fixdamage.exe (fixdamage/Malwarebytes SIGNED)(2017-09-06 02:01:43)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F426A90D-CB8D-43F0-850A-E500DD7ED68C}@AppId C:\Users\wjmcc\Downloads\SUPERAntiSpyware.exe (SUPERAntiSpyware Free Edition Setup/SUPERAntiSpyware SIGNED)(2016-11-26 17:36:06)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F78C4DE6-063A-491E-99AE-857965FEF3FC}@AppId C:\Users\wjmcc\Desktop\HitmanPro_x64.exe (HitmanPro 3.7/SurfRight B.V. SIGNED)(2017-10-20 01:06:58)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{FD7A0CED-ABB9-4D3C-8A67-26C17F53A521}@AppPath C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc. SIGNED)(2017-09-04 21:40:15)

---- EOF - GMER 2.2 ----

#22
RKinner

Posted 21 October 2017 - 09:27 PM

Malware Expert

Expert
24,625 posts

Gmer definitely shows a bad infection.

The following are all most likely malware:

Module   \SystemRoot\system32\drivers\tervybei.sys(2017-03-18 20:58:04)                                                                                                                                          fffff802a8cc0000-fffff802a8db1000 (987136 bytes)
Module   \SystemRoot\system32\drivers\msidntfs.sys (NetFilter SDK WFP Driver (WPP)/Windows ® Win 7 DDK provider)(2017-10-21 15:16:11)                                                                          fffff802a9fa0000-fffff802a9fc7000 (159744 bytes)
Process C:\Users\wjmcc\AppData\Local\imexfrj\imexfrj.exe [3924](2017-09-29 15:35:24)                                                                                                                            0000000000e40000
Process C:\Users\wjmcc\AppData\Local\imexfrj\wudutkh.exe [6404](2017-09-29 15:24:12)                                                                                                                            00000000012e0000
Library C:\Users\wjmcc\AppData\Local\imexfrj\libcef.dll(2017-08-03 01:40:34)                                                                                                                                    0000000065230000
Process C:\Users\wjmcc\AppData\Local\imexfrj\wudutkh.exe [8164](2017-09-29 15:24:12)                                                                                                                            00000000012e0000
Library C:\Users\wjmcc\AppData\Local\imexfrj\libcef.dll(2017-08-03 01:40:34)                                                                                                                                    0000000065230000
Library C:\Users\wjmcc\AppData\Local\imexfrj\libglesv2.dll(2016-05-31 15:43:10)                                                                                                                                 00000000647a0000
Library C:\Users\wjmcc\AppData\Local\imexfrj\libegl.dll(2016-05-31 15:44:48)
Process C:\Users\wjmcc\AppData\Local\imexfrj\wudutkh.exe [6872](2017-09-29 15:24:12)                                                                                                                            00000000012e0000
Library C:\Users\wjmcc\AppData\Local\imexfrj\libcef.dll(2017-08-03 01:40:34)                                                                                                                                    0000000065230000
Library C:\Users\wjmcc\AppData\Local\imexfrj\pepflashplayer.dll(2016-06-15 21:15:24)                                                                                                                            00000000627a0000
Process C:\Users\wjmcc\AppData\Local\imexfrj\wudutkh.exe [7480](2017-09-29 15:24:12)                                                                                                                            00000000012e0000
Library C:\Users\wjmcc\AppData\Local\imexfrj\libcef.dll(2017-08-03 01:40:34)                                                                                                                                    0000000065230000
Process C:\Users\wjmcc\AppData\Local\imexfrj\wudutkh.exe [436](2017-09-29 15:24:12)                                                                                                                             00000000012e0000
Library C:\Users\wjmcc\AppData\Local\imexfrj\libcef.dll(2017-08-03 01:40:34)                                                                                                                                    0000000065230000
Process C:\Users\wjmcc\AppData\Local\imexfrj\wudutkh.exe [9568](2017-09-29 15:24:12)                                                                                                                            00000000012e0000
Library C:\Users\wjmcc\AppData\Local\imexfrj\libcef.dll(2017-08-03 01:40:34)
Service C:\WINDOWS\system32\drivers\tervybei.sys (*** hidden *** )                                                                                                                                              [BOOT] tauxo

Are you able to use GMER to remove them? The FAQ on http://www.gmer.net/#faq

says: When GMER detects hidden service click "Delete the service" and answer YES to all questions. and also: ometimes "delete the service" option wont work because the rootkit protects its service. So, in such case use: 1) "disable the service", 2) reboot your machine, and 3) "delete the service".

I think you probably have to right click to get the options but I haven't used GMER in a long time.