Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Damage Caused by Trojans

This is a discussion on Damage Caused by Trojans within the Resolved HJT Threads forums, part of the Tech Support Forum category. Win10 OS: On April 19th I was attempting to register on a (legal) foreign website. As soon as I entered


Like Tree1Likes
 
 
Thread Tools Search this Thread
Old 05-06-2018, 09:25 PM   #1
Registered Member
 
Join Date: Apr 2018
Posts: 142
OS:


Question

Win10 OS: On April 19th I was attempting to register on a (legal) foreign website. As soon as I entered my registration application, the registration process stopped and my computer immediately started acting crazy. I immediately closed the browser and ran a Windows Defender full scan. It quarantined and removed 4 Trojans. After that, the computer went back to performing normally but there appears to be damage to some folders, files & programs, possibly including Windows. I have run several subsequent full scans with WinDefender, all show clear, no threats detected. First thing I want to verify that all malware has been removed. Then I want advice on locating & repairing damage. I am in no hurry and I hope you are not in a big hurry. I am very old, very slow, and vision impaired. Thanks in advance for your patience. Also, my location is in time zone GMT+10 hrs. Therefore I may not see your reply until following day.
I have no access to a Windows Install disc, or a Boot CD
I have the "Attach - Notepad" but I read this on it "UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
So, I am waiting for "specific instruction" to attach it.
DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.16299.371
Run by Jerry at 13:58:05 on 2018-05-07
Microsoft Windows 10 Pro 10.0.16299.0.1252.1.1033.18.16156.12861 [GMT 10:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
C:\WINDOWS\system32\fontdrvhost.exe
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k localservice -p -s SEMgrSvc
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
C:\Windows\System32\WUDFHost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
C:\WINDOWS\system32\ibtsiva.exe
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs
C:\WINDOWS\SysWOW64\DllHost.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k localservice -p -s fdPHost
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s FDResPub
c:\windows\system32\svchost.exe -k netsvcs -p -s Browser
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s HomeGroupProvider
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s NgcCtnrSvc
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s fhsvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s QWAVE
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SensorService
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DsSvc
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p -s NcdAutoSetup
C:\WINDOWS\System32\fontdrvhost.exe
C:\WINDOWS\System32\dwm.exe
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\taskhostw.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtMonEx.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Users\shabu\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.78.999.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.11.0_x64__8wekyb3d8bbwe\WinStore.App.exe
C:\Program Files\WindowsApps\Microsoft.BingNews_4.23.10923.0_x64__8wekyb3d8bbwe\Microsoft.Msn.News.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Video.UI.exe
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
C:\WINDOWS\system32\browser_broker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s camsvc
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\WINDOWS\system32\AUDIODG.EXE
c:\windows\system32\taskhostw.exe
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
C:\WINDOWS\System32\Magnify.exe
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
uRun: [OneDrive] "C:\Users\shabu\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Chromium] "c:\users\shabu\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableFullTrustStartupTasks = dword:2
mPolicies-System: EnableUwpStartupTasks = dword:2
mPolicies-System: SupportFullTrustStartupTasks = dword:1
mPolicies-System: SupportUwpStartupTasks = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9b128a91-5cf3-490a-8f8c-6f0a529942f4} : DHCPNameServer = 192.168.1.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
x64-mPolicies-System: EnableUwpStartupTasks = dword:2
x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
x64-mPolicies-System: SupportUwpStartupTasks = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2017-9-29 130640]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2017-9-29 56728]
R0 MsSecFlt;Microsoft Security Events Component Minifilter;C:\WINDOWS\System32\drivers\mssecflt.sys [2017-9-29 293272]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2017-9-29 15392]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2018-4-11 71208]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-9-29 18000]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-9-29 209304]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2018-4-11 240640]
R1 bam;Background Activity Moderator Driver;C:\WINDOWS\System32\drivers\bam.sys [2018-4-11 59808]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-9-29 55808]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-4-11 8192]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R2 CDPUserSvc_104cdfd8;Connected Devices Platform User Service_104cdfd8;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2018-2-14 385536]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2018-1-1 8566440]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p [2017-9-29 48688]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc -p [2017-9-29 48688]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R2 FoxitReaderService;Foxit Reader Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [2018-1-1 1659456]
R2 ibtsiva;Intel Bluetooth Service;C:\WINDOWS\System32\ibtsiva --> C:\WINDOWS\System32\ibtsiva [?]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2017-10-20 365040]
R2 OneSyncSvc_104cdfd8;Sync Host_104cdfd8;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2018-3-14 519152]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2018-4-11 79872]
R2 TeamViewer;TeamViewer 13;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2018-4-28 11293936]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2018-4-11 147872]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 WpnUserService_104cdfd8;Windows Push Notifications User Service_104cdfd8;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 bthl2cap;Microsoft Bluetooth Protocol Support Driver;C:\WINDOWS\System32\drivers\bthl2cap.sys [2017-9-29 83968]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2017-9-29 78848]
R3 camsvc;Capability Access Manager Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2017-2-28 231944]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2016-5-12 481768]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\WINDOWS\System32\drivers\L1C63x64.sys [2017-9-29 121344]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-9-29 21504]
R3 NETwNb64;___ Intel(R) Wireless Adapter Driver for Windows 8.1 - 64 Bit;C:\WINDOWS\System32\drivers\Netwbw02.sys [2017-9-29 3485696]
R3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R3 TokenBroker;Web Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2018-4-11 75264]
R3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [2018-4-26 61472]
R3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\NisSrv.exe [2018-4-26 4632736]
R3 XtuAcpiDriver;Intel(R) Extreme Tuning Utility Service;C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [2015-6-6 63840]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-7-18 317408]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-9-29 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-9-29 1135512]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-9-29 18432]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness -p [2017-9-29 48688]
S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2017-9-29 126872]
S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2017-9-29 158616]
S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2017-9-29 143768]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
S3 AssignedAccessManagerSvc;AssignedAccessManager Service;C:\WINDOWS\System32\svchost.exe -k AssignedAccessManagerSvc [2017-9-29 48688]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-9-29 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-9-29 48688]
S3 bttflt;Microsoft Hyper-V VHDPMEM BTT Filter;C:\WINDOWS\System32\drivers\bttflt.sys [2017-9-29 37784]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-9-29 39424]
S3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2017-9-29 60312]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-9-29 122368]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-9-29 357272]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-9-29 1723288]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
S3 DevicesFlowUserSvc_104cdfd8;DevicesFlow_104cdfd8;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-9-29 48688]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-9-29 85504]
S3 diagsvc;Diagnostic Execution Service;C:\WINDOWS\System32\svchost.exe -k diagnostics [2017-9-29 48688]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2017-9-29 48688]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-9-29 20992]
S3 GraphicsPerfSvc;GraphicsPerfSvc;C:\WINDOWS\System32\svchost.exe -k GraphicsPerfSvcGroup [2017-9-29 48688]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-9-29 50584]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver;C:\WINDOWS\System32\drivers\mshwnclx.sys [2017-9-29 27136]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2017-9-29 36864]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2017-9-29 91648]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-9-29 79360]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-9-29 88576]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-9-29 171520]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-9-29 174592]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-9-29 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-9-29 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-9-29 674200]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2017-9-29 526232]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-9-29 39424]
S3 InstallService;Windows Store Install Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 invdimm;Microsoft iNVDIMM device driver;C:\WINDOWS\System32\drivers\invdimm.sys [2017-9-29 38912]
S3 IPT;IPT;C:\WINDOWS\System32\drivers\ipt.sys [2017-9-29 26112]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-9-29 123800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-9-29 103320]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-9-29 505240]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2017-9-29 55840]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-9-29 63520]
S3 MessagingService_104cdfd8;MessagingService_104cdfd8;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-9-29 842648]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-9-29 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-9-29 132608]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2018-4-11 192512]
S3 nvdimmn;Microsoft NVDIMM-N device driver;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-9-29 88576]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-9-29 58776]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-9-29 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 PimIndexMaintenanceSvc_104cdfd8;Contact Data_104cdfd8;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 PNPMEM;Microsoft Memory Module Driver;C:\WINDOWS\System32\drivers\pnpmem.sys [2017-9-29 16896]
S3 PrintWorkflowUserSvc_104cdfd8;PrintWorkflow_104cdfd8;C:\WINDOWS\System32\svchost.exe -k PrintWorkflow [2017-9-29 48688]
S3 PushToInstall;Windows PushToInstall Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 Ramdisk;Windows RAM Disk Driver;C:\WINDOWS\System32\drivers\ramdisk.sys [2017-9-29 39832]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-9-29 1849752]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-9-29 936856]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-9-29 48688]
S3 rhproxy;Resource Hub proxy driver;C:\WINDOWS\System32\drivers\rhproxy.sys [2017-9-29 103936]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-9-29 48688]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-9-29 118168]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-9-29 33176]
S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2017-12-13 4329952]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-9-29 1288704]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-9-29 154520]
S3 SharedRealitySvc;Spatial Data Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 smbdirect;smbdirect;C:\WINDOWS\System32\drivers\smbdirect.sys [2017-9-29 151552]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2017-9-29 48688]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-9-29 56216]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2018-4-11 956416]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2018-3-14 103328]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2018-3-14 45472]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-9-29 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2017-11-30 114688]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-9-29 146944]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2018-3-14 57344]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-9-29 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2017-9-29 28568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-9-29 266648]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-9-29 97312]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-9-29 140696]
S3 UnistoreSvc_104cdfd8;User Data Storage_104cdfd8;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-9-29 28568]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2017-11-30 60824]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-9-29 27544]
S3 UserDataSvc_104cdfd8;User Data Access_104cdfd8;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-9-29 48688]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2017-9-29 34816]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2018-4-11 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vnvdimm;Microsoft virtual NVDIMM device driver;C:\WINDOWS\System32\drivers\vnvdimm.sys [2017-9-29 43008]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 WarpJITSvc;WarpJITSvc;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-9-29 48688]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2018-3-14 770048]
S3 wdm_usb;wdm_usb;C:\WINDOWS\System32\drivers\usb2ser.sys [2016-7-15 151184]
S3 wdnsfltr;Windows Defender Network Stream Filter Driver;C:\WINDOWS\System32\drivers\wdnsfltr.sys [2017-9-29 33792]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-9-29 48688]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2017-9-29 32152]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2018-4-11 225792]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2017-9-29 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 wlpasvc;Local Profile Assistant Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\xbgmsvc.exe [2017-9-29 59512]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-9-29 281600]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-9-29 46592]
S4 AppVClient;Microsoft App-V Client;C:\WINDOWS\System32\AppVClient.exe [2018-4-11 819104]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S4 UevAgentDriver;UevAgentDriver;C:\WINDOWS\System32\drivers\UevAgentDriver.sys [2017-9-29 40344]
S4 UevAgentService;User Experience Virtualization Service;C:\WINDOWS\System32\AgentService.exe [2017-9-29 1190400]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: opera.exe: open="C:\Program Files\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2018-05-07 02:12:24 -------- d--h--w- C:\OneDriveTemp
2018-05-06 04:47:00 14575456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B960B235-3B33-425B-ACB3-88ED9D3BD1EF}\mpengine.dll
2018-05-05 09:45:36 14575456 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2018-04-28 02:09:12 -------- d-----w- C:\Users\shabu\AppData\Local\TeamViewer
2018-04-27 23:01:08 -------- d-----w- C:\Users\shabu\AppData\Roaming\TeamViewer
2018-04-27 23:00:59 -------- d-----w- C:\Program Files (x86)\TeamViewer
2018-04-23 12:28:50 211632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2018-04-23 12:18:48 465072 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2018-04-23 12:16:34 29872 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2018-04-23 00:40:53 96152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\MsMpCom.dll
2018-04-23 00:40:53 95128 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\MpAsDesc.dll
2018-04-23 00:40:53 463904 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\OfflineScannerShell.exe
2018-04-23 00:40:53 444824 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\MsMpRes.dll
2018-04-23 00:40:53 442576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\MpCmdRun.exe
2018-04-23 00:40:53 349080 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\MpCommu.dll
2018-04-23 00:40:53 2306456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\MpSvc.dll
2018-04-23 00:40:53 156056 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\EppManifest.dll
2018-04-23 00:40:53 14232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\MsMpLics.dll
2018-04-23 00:40:53 1289112 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\MsAsCui.exe
2018-04-23 00:40:53 1072536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\MpClient.dll
2018-04-23 00:40:53 105944 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\MsMpEng.exe
2018-04-19 17:37:47 -------- d-----w- C:\WINDOWS\Microsoft Antimalware
2018-04-18 20:46:28 -------- d-sh--w- C:\found.000
2018-04-10 22:30:00 956928 ----a-w- C:\WINDOWS\SysWow64\rdpbase.dll
2018-04-10 22:29:59 96256 ----a-w- C:\WINDOWS\SysWow64\fontsub.dll
.
==================== Find3M ====================
.
2018-05-07 02:12:06 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-04-26 09:34:02 61472 ----a-w- C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys
2018-04-26 09:34:02 46072 ----a-w- C:\WINDOWS\System32\drivers\wd\WdBoot.sys
2018-04-26 09:34:02 313888 ----a-w- C:\WINDOWS\System32\drivers\wd\WdFilter.sys
2018-04-10 22:32:38 136971704 -c--a-w- C:\WINDOWS\System32\MRT-KB890830.exe
2018-04-10 22:30:35 169472 ----a-w- C:\WINDOWS\System32\wuuhosdeployment.dll
2018-04-03 19:37:46 835064 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2018-04-03 19:37:46 179704 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2018-03-30 12:34:45 956416 ----a-w- C:\WINDOWS\System32\Spectrum.exe
2018-03-30 05:18:40 1092008 ----a-w- C:\WINDOWS\System32\winresume.efi
2018-03-30 05:14:12 423320 ----a-w- C:\WINDOWS\System32\invagent.dll
2018-03-30 05:12:57 75168 ----a-w- C:\WINDOWS\System32\drivers\vpci.sys
2018-03-30 05:12:53 270208 ----a-w- C:\WINDOWS\System32\LsaIso.exe
2018-03-30 05:12:49 599448 ----a-w- C:\WINDOWS\System32\securekernel.exe
2018-03-30 05:10:17 924648 ----a-w- C:\WINDOWS\System32\winresume.exe
2018-03-30 05:08:35 1415296 ----a-w- C:\WINDOWS\System32\winload.efi
2018-03-30 05:08:33 137112 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2018-03-30 05:08:26 2513920 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2018-03-30 05:08:10 1568160 ----a-w- C:\WINDOWS\System32\appraiser.dll
2018-03-30 05:07:38 300448 ----a-w- C:\WINDOWS\System32\acmigration.dll
2018-03-30 05:07:08 69528 ----a-w- C:\WINDOWS\System32\win32appinventorycsp.dll
2018-03-30 0525 166304 ----a-w- C:\WINDOWS\System32\drivers\partmgr.sys
2018-03-30 0523 53152 ----a-w- C:\WINDOWS\System32\drivers\pcw.sys
2018-03-30 05:05:37 1056152 ----a-w- C:\WINDOWS\System32\hvax64.exe
2018-03-30 05:05:30 1206688 ----a-w- C:\WINDOWS\System32\hvix64.exe
2018-03-30 05:05:23 191824 ----a-w- C:\WINDOWS\System32\skci.dll
2018-03-30 05:05:22 73120 ----a-w- C:\WINDOWS\System32\drivers\hvservice.sys
2018-03-30 05:05:22 66720 ----a-w- C:\WINDOWS\System32\iumcrypt.dll
2018-03-30 05:05:18 20888 ----a-w- C:\WINDOWS\System32\kdhvcom.dll
2018-03-30 05:05:17 748448 ----a-w- C:\WINDOWS\System32\generaltel.dll
2018-03-30 05:05:17 59808 ----a-w- C:\WINDOWS\System32\hvhostsvc.dll
2018-03-30 05:05:17 35744 ----a-w- C:\WINDOWS\System32\SDFHost.dll
2018-03-30 05:05:16 22208 ----a-w- C:\WINDOWS\System32\IumSdk.dll
2018-03-30 05:05:15 22800 ----a-w- C:\WINDOWS\System32\iumbase.dll
2018-03-30 05:05:11 15632 ----a-w- C:\WINDOWS\System32\iumdll.dll
2018-03-30 05:04:47 608160 ----a-w- C:\WINDOWS\System32\devinv.dll
2018-03-30 05:04:30 35224 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2018-03-30 05:04:22 2002336 ----a-w- C:\WINDOWS\System32\aitstatic.exe
2018-03-30 05:02:23 128416 ----a-w- C:\WINDOWS\System32\drivers\tm.sys
2018-03-30 05:01:49 8600480 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2018-03-30 05:01:38 649304 ----a-w- C:\WINDOWS\System32\advapi32.dll
2018-03-30 05:01:36 1209760 ----a-w- C:\WINDOWS\System32\winload.exe
2018-03-30 05:01:29 571288 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys
2018-03-30 05:01:02 34208 ----a-w- C:\WINDOWS\System32\drivers\fs_rec.sys
2018-03-30 05:00:30 94104 ----a-w- C:\WINDOWS\System32\drivers\disk.sys
2018-03-30 05:00:27 2395040 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2018-03-30 05:00:10 103320 ----a-w- C:\WINDOWS\System32\drivers\mountmgr.sys
2018-03-30 04:59:13 82840 ----a-w- C:\WINDOWS\System32\drivers\volmgr.sys
2018-03-30 04:59:12 398744 ----a-w- C:\WINDOWS\System32\drivers\fltMgr.sys
2018-03-30 04:58:44 898216 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2018-03-30 04:58:42 39328 ----a-w- C:\WINDOWS\System32\drivers\storvsc.sys
2018-03-30 04:58:16 129432 ----a-w- C:\WINDOWS\System32\drivers\hvsocket.sys
2018-03-30 04:57:54 121248 ----a-w- C:\WINDOWS\System32\drivers\tdx.sys
2018-03-30 04:57:53 1173576 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
2018-03-30 04:57:47 540064 ----a-w- C:\WINDOWS\System32\pcasvc.dll
2018-03-30 04:57:44 109976 ----a-w- C:\WINDOWS\System32\drivers\vmbus.sys
2018-03-30 04:57:23 711944 ----a-w- C:\WINDOWS\System32\ci.dll
2018-03-30 04:57:03 31640 ----a-w- C:\WINDOWS\System32\drivers\winhv.sys
2018-03-30 04:57:02 81304 ----a-w- C:\WINDOWS\System32\drivers\vmbkmcl.sys
2018-03-30 04:56:15 18680 ----a-w- C:\WINDOWS\System32\wshhyperv.dll
2018-03-30 04:55:50 367344 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2018-03-30 04:55:43 62880 ----a-w- C:\WINDOWS\System32\drivers\fsdepends.sys
2018-03-30 04:54:22 2574240 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2018-03-30 04:54:20 749984 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2018-03-30 04:54:18 408992 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2018-03-30 04:54:09 645536 ----a-w- C:\WINDOWS\System32\AppVPublishing.dll
2018-03-30 04:54:08 670112 ----a-w- C:\WINDOWS\System32\AppVCatalog.dll
2018-03-30 04:54:04 461728 ----a-w- C:\WINDOWS\System32\wifitask.exe
2018-03-30 04:53:59 831392 ----a-w- C:\WINDOWS\System32\AppVOrchestration.dll
2018-03-30 04:53:57 7676304 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2018-03-30 04:53:57 40352 ----a-w- C:\WINDOWS\System32\AppVClientPS.dll
2018-03-30 04:53:47 549552 ----a-w- C:\WINDOWS\System32\WWanAPI.dll
2018-03-30 04:53:39 94080 ----a-w- C:\WINDOWS\System32\wwapi.dll
2018-03-30 04:53:39 495008 ----a-w- C:\WINDOWS\System32\TransportDSA.dll
2018-03-30 04:53:29 246176 ----a-w- C:\WINDOWS\System32\browserbroker.dll
2018-03-30 04:53:08 2220952 ----a-w- C:\WINDOWS\System32\AppVEntSubsystems64.dll
2018-03-30 04:53:06 712600 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2018-03-30 04:53:04 163744 ----a-w- C:\WINDOWS\System32\drivers\wfplwfs.sys
2018-03-30 04:52:39 247480 ----a-w- C:\WINDOWS\System32\logoncli.dll
2018-03-30 04:52:37 677280 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2018-03-30 04:52:36 2457504 ----a-w- C:\WINDOWS\System32\UpdateAgent.dll
2018-03-30 04:52:29 54688 ----a-w- C:\WINDOWS\System32\drivers\vdrvroot.sys
2018-03-30 04:52:24 192416 ----a-w- C:\WINDOWS\System32\drivers\appid.sys
2018-03-30 04:52:18 28520 ----a-w- C:\WINDOWS\System32\vmbuspipe.dll
2018-03-30 04:52:14 47512 ----a-w- C:\WINDOWS\System32\drivers\vmstorfl.sys
2018-03-30 04:52:05 727456 ----a-w- C:\WINDOWS\System32\drivers\fvevol.sys
2018-03-30 04:52:04 282528 ----a-w- C:\WINDOWS\System32\drivers\rdyboost.sys
2018-03-30 04:52:01 428960 ----a-w- C:\WINDOWS\System32\drivers\rdbss.sys
2018-03-30 04:51:59 123800 ----a-w- C:\WINDOWS\System32\drivers\mup.sys
2018-03-30 04:51:43 71208 ----a-w- C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys
2018-03-30 04:51:38 125568 ----a-w- C:\WINDOWS\System32\rmclient.dll
2018-03-30 04:51:33 902928 ----a-w- C:\WINDOWS\System32\winhttp.dll
2018-03-30 04:51:27 147872 ----a-w- C:\WINDOWS\System32\drivers\wcifs.sys
2018-03-30 04:50:40 57760 ----a-w- C:\WINDOWS\System32\drivers\netbios.sys
2018-03-30 04:50:19 1336344 ----a-w- C:\WINDOWS\System32\ole32.dll
2018-03-30 04:49:34 204184 ----a-w- C:\WINDOWS\System32\basecsp.dll
2018-03-30 04:48:56 1628064 ----a-w- C:\WINDOWS\System32\AppVIntegration.dll
2018-03-30 04:48:52 819104 ----a-w- C:\WINDOWS\System32\AppVClient.exe
2018-03-30 04:48:50 744856 ----a-w- C:\WINDOWS\System32\AppVReporting.dll
2018-03-30 04:48:49 397720 ----a-w- C:\WINDOWS\System32\AppVScripting.dll
.
============= FINISH: 13:58:21.12 ===============
englishtutor is offline  
Sponsored Links
Advertisement
 
Old 05-06-2018, 09:40 PM   #2
Registered Member
 
Join Date: Apr 2018
Posts: 142
OS:



I have a screenshot of the descriptions of the 4 Trojans. I also have a screenshots of the subsequent Win Defender scans "no threats detected": I tried to attach images here before. The image URLs that I used were valid (OneDrive) but it only made little x marks, no image. I will try again here.
englishtutor is offline  
Old 05-09-2018, 04:12 AM   #3
Registered Member
 
Join Date: Apr 2018
Posts: 142
OS:



Bump please.
englishtutor is offline  
Sponsored Links
Advertisement
 
Old 05-13-2018, 11:23 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-14-2018, 05:53 PM   #5
Registered Member
 
Join Date: Apr 2018
Posts: 142
OS:



5-15-2018, 10:45am GMT+10: Greetings chemist. Thank you for your assistance. As per your instructions, I downloaded & ran AdwCleaner. Then I ran both the scan and the clean. I made screenshots of the reports. I will try to attach those to this reply but so far have had no success attaching any image files. Also as per your instructions, after the reboot, I looked for the log file C:\AdwCleaner\AdwCleaner[C#].txt However, my Windows file explorer says that that file does not exist. I made a screenshot of that file search report. I will attempt to attach it to this reply, along with the other 2, but, so far, I have had no success attaching any image files. I tried to attach the above referenced files but it failed again.
Attached Thumbnails
Click image for larger version

Name:	MalwareRemovalScan5-15-2018.png
Views:	100
Size:	85.9 KB
ID:	320062   Click image for larger version

Name:	MalwareRemoved5-15-2018.png
Views:	100
Size:	87.9 KB
ID:	320064   Click image for larger version

Name:	4Trojans4-19-2018.png
Views:	103
Size:	41.1 KB
ID:	320066  

Click image for larger version

Name:	NoLogFileFound5-15-2018.png
Views:	85
Size:	81.1 KB
ID:	320068  
englishtutor is offline  
Old 05-14-2018, 06:43 PM   #6
Registered Member
 
Join Date: Apr 2018
Posts: 142
OS:



5-15-2018, 11:30am GMT+10: chemist: My reasoning is that it is crucial for you to see all of the screenshots that I have made documenting this case, especially the one showing the identity of the 4 Trojans that Win Defender caught & removed. Also crucial that you see the "Attach - Notepad" file resultant from my following the original instructions of Deejay100six. I first tried to insert the image files using the image icon in the message menu. That one required a URL image. So I uploaded the images to my OneDrive, copied the image URL, then inserted. All attempts failed, all producing only little x s in the message field. techsupportforum's platform did not insert the image. Then I tried attaching files. That failed as well. I will work on this some more because, chemist, I know that you need to see my files in order to properly diagnose and prognose this case.
englishtutor is offline  
Old 05-14-2018, 07:01 PM   #7
Registered Member
 
Join Date: Apr 2018
Posts: 142
OS:



chemist: OK, now I see above that 4 of the image files did attach. Now I will try to attach the other 2 image files.
Attached Thumbnails
Click image for larger version

Name:	1MalwareDamage4-20-2018.jpg
Views:	70
Size:	103.1 KB
ID:	320070   Click image for larger version

Name:	WinDefender5Scans4-30-2018.jpg
Views:	28
Size:	106.3 KB
ID:	320072  
englishtutor is offline  
Old 05-14-2018, 07:06 PM   #8
Registered Member
 
Join Date: Apr 2018
Posts: 142
OS:



OK. Now I see that the image files all appeared. Now I will try to attach the NotePad file "attach" per previous instructions of Deejay100six.
Attached Files
File Type: txt attach.txt (4.3 KB, 18 views)
englishtutor is offline  
Old 05-15-2018, 03:31 AM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, englishtutor. Instead of attaching the logs, can you just copy/paste them in your next reply?

Quote:
I tried to attach the above referenced files but it failed again
Did you run FRST? It appears you did. Again, try posting the FRST.txt and Addition.txt logs instead of attaching them. You may have to post more than once to get all the logs posted.

------------------------------------------------------

Are you aware you have no system restore points?

Did you turn off System Restore? Can you turn System Restore back on?

------------------------------------------------------

Please download SystemLook from here and save it to your Desktop.
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8/Win10 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :filefind
    AdwCleaner*.txt
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-16-2018, 04:55 PM   #10
Registered Member
 
Join Date: Apr 2018
Posts: 142
OS:


Question

Thur.5-17-2018, 9:50pm: Thank you chemist. With reference to restore point, that is only a small part of the damage that was done by the trojans. I wanted to make sure there was no more malware before I addressed the damage done to folders, files and PROGRAMS, especially apparently Windows and Windows component programs like backup & restore. Can you make the determination that the computer is now malware free? What were the malware items that the AdAware scan found? Does that mean that malware is routinely getting past Windows Defender? I have always thought WinDefender was the best and it has been for me until now.
englishtutor is offline  
Old 05-16-2018, 05:34 PM   #11
Moderator, Editor, Articles Team
 
Deejay100six's Avatar
 
Join Date: Nov 2007
Location: Doncaster, Great Britain
Posts: 11,796
OS: Windows 7 Professional SP1

My System


Hi,

Our Malware Analysts have their own way of doing things.

If you're not sure how to follow their instructions, you should ask Chemist for guidance and I'm quite sure he would help.
__________________
Regards, Dave.


Submit New Articles Here

Help us to help you by posting your System Specs
Deejay100six is offline  
Old 05-16-2018, 10:00 PM   #12
Registered Member
 
Join Date: Apr 2018
Posts: 142
OS:



5-17-2018, 2:45pm GMT+10hrs: Greetings chemist: With reference to "C:\AdwCleaner\AdwCleaner[C#].txt", there was no file by that name in that directory file path. However, there were TWO text files located at C:\AdwCleaner\Logs . I will paste the first one below.
AdwCleaner[S00] - Notepad

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build: 04-27-2018
# Database: 2018-05-14.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-15-2018
# Duration: 00:00:08
# OS: Windows 10 Pro
# Scanned: 40858
# Detected: 29


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.ByteFence HKCU\Software\Microsoft\Internet Explorer\DOMStorage\en.bytefence.com
PUP.Optional.ByteFence HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bytefence.com
PUP.Optional.InstallCore HKCU\Software\csastats
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\NCTAudioCDGrabber2.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{C179F98B-A7BC-4F15-AE49-28B6C602AFB8}C:\program files (x86)\relevantknowledge\rlvknlg.exe
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{9CF2507B-E63F-40AF-92EF-E07B0CCB3A2D}C:\program files (x86)\relevantknowledge\rlvknlg.exe
PUP.Optional.ProductSetup.A HKCU\Software\PRODUCTSETUP

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy Ask
PUP.Optional.Legacy AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
englishtutor is offline  
Old 05-16-2018, 10:04 PM   #13
Registered Member
 
Join Date: Apr 2018
Posts: 142
OS:



The second file located at C:\AdwCleaner\Logs is: AdwCleaner[C00] – Notepad
I will paste it below.
# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build: 04-27-2018
# Database: 2018-05-14.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-15-2018
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 29
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\en.bytefence.com
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bytefence.com
Deleted HKCU\Software\csastats
Deleted HKLM\Software\Wow6432Node\Classes\AppID\NCTAudioCDGrabber2.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
Deleted HKLM\Software\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Deleted HKLM\Software\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Deleted HKLM\Software\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Deleted HKLM\Software\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Deleted HKLM\Software\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Deleted HKLM\Software\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Deleted HKLM\Software\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Deleted HKLM\Software\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{C179F98B-A7BC-4F15-AE49-28B6C602AFB8}C:\program files (x86)\relevantknowledge\rlvknlg.exe
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{9CF2507B-E63F-40AF-92EF-E07B0CCB3A2D}C:\program files (x86)\relevantknowledge\rlvknlg.exe
Deleted HKCU\Software\PRODUCTSETUP

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Ask
Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************


########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
englishtutor is offline  
Old 05-16-2018, 10:17 PM   #14
Registered Member
 
Join Date: Apr 2018
Posts: 142
OS:



Thur. 5-17-2019, 3:13pm GMT+10hrs: Greetings chemist. I downloaded and ran "Farbar Recovery Scan Tool". I will paste the text file "FRST - Notepad" below.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by Jerry (administrator) on DESKTOP-9A3RCC2 (17-05-2018 15:10:29)
Running from C:\Users\shabu\Desktop
Loaded Profiles: Jerry (Available Profiles: Jerry & postgres)
Platform: Windows 10 Pro Version 1803 17134.48 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Visioneer Inc.) C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Visioneer Inc.) C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtMonEx.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.8.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9226.21485.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Users\shabu\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\FileCoAuth.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-3304532806-1953607304-1708024266-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [149504 2018-04-12] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9b128a91-5cf3-490a-8f8c-6f0a529942f4}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3304532806-1953607304-1708024266-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.msn.com/en-us/weather/today/Saipan,Saipan,Northern-Mariana-Islands/we-city?iso=MP&el=2NKp2CpVPgeUe4RUwCtlsg%3D%3D&ocid=spartanntp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-05-17] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-04-29] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-01] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR StartupUrls: Default -> "hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxps://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\shabu\AppData\Local\Google\Chrome\User Data\Default [2018-05-17]
CHR Extension: (Google Translate) - C:\Users\shabu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2018-01-02]
CHR Extension: (Slides) - C:\Users\shabu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-01]
CHR Extension: (Duolingo on the Web) - C:\Users\shabu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2018-02-09]
CHR Extension: (Docs) - C:\Users\shabu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-01]
CHR Extension: (Google Drive) - C:\Users\shabu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-01]
CHR Extension: (YouTube) - C:\Users\shabu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-01]
CHR Extension: (Sheets) - C:\Users\shabu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-01]
CHR Extension: (FromDocToPDF) - C:\Users\shabu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnakppaljlplipddalicdemlhlanffdf [2018-04-26]
CHR Extension: (PDFescape Free PDF Editor) - C:\Users\shabu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdefoklganepljiopdnglodohlgfikkl [2018-01-02]
CHR Extension: (Google Docs Offline) - C:\Users\shabu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-02]
CHR Extension: (Pinterest Save Button) - C:\Users\shabu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-05-01]
CHR Extension: (PDFescape) - C:\Users\shabu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioombffmiompnnfbajkmmghjaleclnjo [2018-01-02]
CHR Extension: (Grammarly for Chrome) - C:\Users\shabu\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-05-11]
CHR Extension: (LinkedIn Extension) - C:\Users\shabu\AppData\Local\Google\Chrome\User Data\Default\Extensions\meajfmicibjppdgbjfkpdikfjcflabpk [2018-01-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\shabu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\shabu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-01]
CHR Extension: (Chrome Media Router) - C:\Users\shabu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-02]

Opera:
=======
OPR Extension: (Web Developer) - C:\Users\shabu\AppData\Roaming\Opera Software\Opera Stable\Extensions\kddhmaadmaklcieonhggddempagbakph [2018-03-27]
OPR Extension: (Install Chrome Extensions) - C:\Users\shabu\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2018-03-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8566448 2018-05-12] (Microsoft Corporation)
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659456 2017-12-11] (Foxit Software Inc.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [183480 2017-02-28] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
R2 OneTouch 4.0 Monitor; C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe [255488 2016-10-27] (Visioneer Inc.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-11] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe [4632736 2018-04-26] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe [104680 2018-04-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [231944 2017-02-28] (Intel Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2018-04-12] (Intel Corporation)
S3 smbdirect; C:\WINDOWS\System32\DRIVERS\smbdirect.sys [152064 2018-04-12] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-04-26] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313888 2018-04-26] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61472 2018-04-26] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-17 15:10 - 2018-05-17 15:10 - 000014414 _____ C:\Users\shabu\Desktop\FRST.txt
2018-05-17 15:09 - 2018-05-17 15:10 - 000000000 ____D C:\FRST
2018-05-17 15:08 - 2018-05-17 15:08 - 002413056 _____ (Farbar) C:\Users\shabu\Desktop\FRST64.exe
2018-05-17 07:18 - 2018-05-17 07:18 - 000000000 ___HD C:\OneDriveTemp
2018-05-15 10:14 - 2018-05-15 10:21 - 000000000 ____D C:\AdwCleaner
2018-05-15 10:13 - 2018-05-15 10:13 - 007271632 _____ (Malwarebytes) C:\Users\shabu\Desktop\AdwCleaner.exe
2018-05-15 04:00 - 2018-05-14 10:05 - 000000000 ____D C:\Windows.old
2018-05-14 10:08 - 2018-05-15 10:27 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-14 10:06 - 2018-05-14 10:06 - 000001417 _____ C:\Users\shabu\Desktop\Microsoft Edge.lnk
2018-05-14 10:06 - 2018-05-14 10:06 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-05-14 10:05 - 2018-05-14 10:05 - 000000020 ___SH C:\Users\shabu\ntuser.ini
2018-05-14 10:04 - 2018-05-17 14:19 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BBE4F982-A14A-4C2D-90E9-B2910A0F63F8}
2018-05-14 10:04 - 2018-05-15 10:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-14 10:04 - 2018-05-14 10:04 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2018-05-14 10:04 - 2018-05-14 10:04 - 000011433 _____ C:\WINDOWS\diagerr.xml
2018-05-14 10:04 - 2018-05-14 10:04 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-14 10:04 - 2018-05-14 10:04 - 000003306 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1514814584
2018-05-14 10:04 - 2018-05-14 10:04 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-14 10:04 - 2018-05-14 10:04 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3304532806-1953607304-1708024266-1001
2018-05-14 10:04 - 2018-05-14 10:04 - 000000000 ____D C:\ProgramData\USOShared
2018-05-14 10:03 - 2018-05-14 10:03 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-05-14 10:02 - 2018-05-14 10:02 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-05-14 10:01 - 2018-05-14 10:05 - 000000000 ____D C:\Users\shabu
2018-05-14 10:01 - 2018-05-14 10:03 - 000000000 ____D C:\Users\postgres
2018-05-14 10:01 - 2018-04-12 09:34 - 000001105 _____ C:\Users\shabu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-14 10:01 - 2018-04-12 09:34 - 000001105 _____ C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-14 10:01 - 2018-04-12 09:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-05-14 10:01 - 2017-10-20 16:43 - 000091120 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-05-14 10:00 - 2018-05-17 09:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-14 10:00 - 2018-05-14 10:02 - 000400032 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-13 12:59 - 2018-05-15 04:00 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-05-13 12:57 - 2018-05-13 12:59 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-05-13 12:54 - 2018-05-13 12:54 - 025848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 022707712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 022002688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 019399168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 013570560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 012712960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 007583232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 006569952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 005782528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 001636352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 001454016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 001426328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 001380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 000786168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-13 12:54 - 2018-05-13 12:54 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 000559968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-13 12:54 - 2018-05-13 12:54 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 009159064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-13 12:53 - 2018-05-13 12:53 - 008623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 007436624 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 003732800 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 003655168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-13 12:53 - 2018-05-13 12:53 - 003440640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 003389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 003283400 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 003086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 002897408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-13 12:53 - 2018-05-13 12:53 - 002835864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-13 12:53 - 2018-05-13 12:53 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 002700800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 002486976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 002422168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-13 12:53 - 2018-05-13 12:53 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-13 12:53 - 2018-05-13 12:53 - 002170368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 001953280 _____ C:\WINDOWS\system32\rdpnano.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 001664512 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 001634800 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 001565592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 001534976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 001456616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-13 12:53 - 2018-05-13 12:53 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-13 12:53 - 2018-05-13 12:53 - 001191168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 001174424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-05-13 12:53 - 2018-05-13 12:53 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-05-13 12:53 - 2018-05-13 12:53 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-05-13 12:53 - 2018-05-13 12:53 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-13 12:53 - 2018-05-13 12:53 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-05-13 12:53 - 2018-05-13 12:53 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000826776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2018-05-13 12:53 - 2018-05-13 12:53 - 000788216 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000776880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000733992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000709816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-05-13 12:53 - 2018-05-13 12:53 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-05-13 12:53 - 2018-05-13 12:53 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-13 12:53 - 2018-05-13 12:53 - 000665320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000652184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000606448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000604568 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-13 12:53 - 2018-05-13 12:53 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000567136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2018-05-13 12:53 - 2018-05-13 12:53 - 000474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000473496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000434584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2018-05-13 12:53 - 2018-05-13 12:53 - 000399768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000382872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-13 12:53 - 2018-05-13 12:53 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000269216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-05-13 12:53 - 2018-05-13 12:53 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys
2018-05-13 12:53 - 2018-05-13 12:53 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-05-13 12:53 - 2018-05-13 12:53 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-05-13 12:46 - 2018-05-13 12:46 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-05-13 12:46 - 2018-05-13 12:46 - 000000000 ____D C:\Program Files\MSBuild
2018-05-13 12:46 - 2018-05-13 12:46 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-05-13 12:46 - 2018-05-13 12:46 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-05-13 12:45 - 2018-05-13 12:45 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-05-13 12:45 - 2018-05-13 12:45 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-05-13 12:45 - 2018-05-13 12:45 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-05-13 12:45 - 2018-05-13 12:45 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-05-13 12:45 - 2018-05-13 12:45 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-05-13 12:45 - 2018-05-13 12:45 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-05-13 12:44 - 2018-05-13 12:44 - 004492288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-05-13 12:44 - 2018-05-13 12:44 - 003398144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-05-13 12:44 - 2018-05-13 12:44 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2018-05-13 12:44 - 2018-05-13 12:44 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2018-05-13 12:44 - 2018-05-13 12:44 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2018-05-13 12:44 - 2018-05-13 12:44 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2018-05-13 12:44 - 2018-05-13 12:44 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2018-05-13 12:44 - 2018-05-13 12:44 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2018-05-13 11:05 - 2018-05-13 11:05 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-05-12 23:51 - 2018-05-14 10:05 - 000000000 ___DC C:\WINDOWS\Panther
2018-05-07 13:58 - 2018-05-07 13:58 - 000044987 _____ C:\Users\shabu\Desktop\dds.txt
2018-05-07 13:58 - 2018-05-07 13:58 - 000004393 _____ C:\Users\shabu\Desktop\attach.txt
2018-04-28 12:09 - 2018-04-28 12:09 - 000000000 ____D C:\Users\shabu\AppData\Local\TeamViewer
2018-04-28 09:01 - 2018-04-28 09:01 - 000001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-04-28 09:01 - 2018-04-28 09:01 - 000001104 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-04-28 09:01 - 2018-04-28 09:01 - 000000000 ____D C:\Users\shabu\AppData\Roaming\TeamViewer
2018-04-28 09:00 - 2018-05-15 10:22 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-04-25 13:20 - 2018-04-25 13:20 - 000001203 _____ C:\Users\shabu\Desktop\Screenshots - Shortcut.lnk
2018-04-20 03:37 - 2018-04-24 04:43 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2018-04-19 06:46 - 2018-04-19 06:46 - 000000072 ___SH C:\bootTel.dat
2018-04-19 06:46 - 2018-04-19 06:46 - 000000000 __SHD C:\found.000

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-17 14:48 - 2017-10-21 16:40 - 000001414 _____ C:\Users\shabu\Desktop\RTF doc template - Shortcut.lnk
2018-05-17 14:39 - 2018-04-12 09:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-17 14:23 - 2018-01-01 20:48 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-05-17 10:15 - 2017-11-30 12:04 - 000000000 ___HD C:\Users\shabu\MicrosoftEdgeBackups
2018-05-17 07:18 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-17 07:18 - 2018-01-01 20:41 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-05-17 07:18 - 2017-07-22 19:23 - 000000000 ___RD C:\Users\shabu\OneDrive
2018-05-16 21:07 - 2017-10-21 16:49 - 000001610 _____ C:\Users\shabu\Desktop\DLINK-964FAE - Shortcut.lnk
2018-05-16 20:08 - 2018-01-01 21:01 - 000000000 ____D C:\Users\shabu\AppData\Roaming\Skype
2018-05-16 16:25 - 2018-04-12 09:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-15 21:49 - 2017-10-21 16:40 - 000001446 _____ C:\Users\shabu\Desktop\Class Notes template - Shortcut.lnk
2018-05-15 10:58 - 2018-04-12 09:36 - 000000000 ____D C:\WINDOWS\INF
2018-05-15 10:24 - 2018-01-01 21:03 - 000000000 ____D C:\Users\shabu\AppData\Local\PlaceholderTileLogoFolder
2018-05-15 10:22 - 2018-04-12 07:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-05-15 10:21 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\Registration
2018-05-15 09:32 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\appcompat
2018-05-15 04:00 - 2018-04-12 09:41 - 000000000 ____D C:\WINDOWS\Setup
2018-05-15 04:00 - 2018-04-12 09:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-05-15 04:00 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-05-15 04:00 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\spool
2018-05-15 04:00 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-05-15 04:00 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-05-15 04:00 - 2018-04-12 09:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-05-15 04:00 - 2018-03-26 15:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2018-05-15 04:00 - 2018-01-22 10:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2018-05-15 04:00 - 2018-01-02 14:36 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-05-15 04:00 - 2018-01-01 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-05-15 04:00 - 2017-10-08 15:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Sound Recorder
2018-05-15 04:00 - 2017-10-01 14:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.5
2018-05-15 04:00 - 2017-08-29 13:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker
2018-05-15 04:00 - 2017-08-06 21:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-05-14 12:10 - 2018-04-12 09:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-14 10:21 - 2018-04-12 09:38 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-05-14 10:21 - 2018-01-01 20:44 - 000000000 ____D C:\Users\shabu\AppData\Local\Packages
2018-05-14 10:05 - 2017-11-30 12:04 - 000000000 ___RD C:\Users\shabu\3D Objects
2018-05-14 10:05 - 2017-07-22 19:21 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-14 10:04 - 2018-04-12 09:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-05-14 10:04 - 2018-04-12 09:38 - 000000000 ____D C:\Program Files\Windows Defender
2018-05-14 10:04 - 2018-04-12 07:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-05-14 10:04 - 2018-01-01 21:53 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-14 10:04 - 2018-01-01 21:53 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-14 10:03 - 2018-04-12 09:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-05-14 10:03 - 2018-04-12 09:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-14 10:02 - 2017-11-25 18:27 - 000000000 ____D C:\Users\shabu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AIMP Classic
2018-05-14 10:02 - 2017-10-07 14:58 - 000000000 ____D C:\Users\shabu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flash Slideshow Maker Professional
2018-05-14 10:01 - 2018-03-18 13:54 - 000000000 ____D C:\Users\shabu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media
2018-05-14 10:01 - 2018-01-01 20:41 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2018-05-14 10:01 - 2018-01-01 20:41 - 000000000 ____D C:\WINDOWS\SysWOW64\9520
2018-05-14 10:01 - 2018-01-01 20:41 - 000000000 ____D C:\WINDOWS\system32\9520
2018-05-14 10:01 - 2017-10-01 14:36 - 000000000 ____D C:\Users\shabu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2018-05-13 12:59 - 2018-01-01 20:41 - 000000000 ____D C:\Program Files\Intel
2018-05-13 12:59 - 2017-10-01 14:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2018-05-13 12:59 - 2017-09-26 18:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
2018-05-13 12:55 - 2018-04-12 19:37 - 000000000 ____D C:\WINDOWS\Containers
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-05-13 12:55 - 2018-04-12 19:19 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-05-13 12:55 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-05-13 12:55 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-05-13 12:55 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-05-13 12:55 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-05-13 12:55 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-05-13 12:55 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-05-13 12:55 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-05-13 12:55 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-05-13 12:55 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\Provisioning
2018-05-13 12:55 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-05-13 12:55 - 2018-04-12 09:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-05-13 12:55 - 2018-04-12 09:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-05-13 12:44 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-05-13 12:44 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-05-13 12:44 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-05-13 12:44 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-05-13 12:44 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-05-13 12:44 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-05-13 12:44 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-05-13 12:44 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-05-13 12:44 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-05-13 12:44 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-05-10 11:48 - 2018-03-01 09:33 - 000000000 ____D C:\Users\shabu\AppData\Local\ElevatedDiagnostics
2018-05-09 19:08 - 2018-01-02 08:13 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-09 19:08 - 2018-01-02 08:13 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-09 19:08 - 2018-01-02 08:13 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-02 07:22 - 2018-04-12 09:41 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-05-02 07:22 - 2018-04-12 09:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-26 19:34 - 2018-02-20 22:05 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-04-19 09:28 - 2018-02-07 06:03 - 000001357 _____ C:\Users\shabu\Desktop\Word doc template - Shortcut.lnk

==================== Files in the root of some directories =======

2018-01-02 14:36 - 2018-01-02 14:38 - 000000000 _____ () C:\Program Files (x86)\Common Files\s1stea

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-14 10:00

==================== End of FRST.txt ============================
englishtutor is offline  
Old 05-16-2018, 10:24 PM   #15
Registered Member
 
Join Date: Apr 2018
Posts: 142
OS:



With reference to "It also makes another log (Addition.txt). Please attach it to your reply.", There is no icon for attaching files to this reply. Therefore, I will paste the file "Addition - Notepad" below.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Jerry (17-05-2018 15:10:52)
Running from C:\Users\shabu\Desktop
Windows 10 Pro Version 1803 17134.48 (X64) (2018-05-14 00:05:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3304532806-1953607304-1708024266-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3304532806-1953607304-1708024266-503 - Limited - Disabled)
Guest (S-1-5-21-3304532806-1953607304-1708024266-501 - Limited - Disabled)
Jerry (S-1-5-21-3304532806-1953607304-1708024266-1001 - Administrator - Enabled) => C:\Users\shabu
postgres (S-1-5-21-3304532806-1953607304-1708024266-1003 - Limited - Enabled) => C:\Users\postgres
WDAGUtilityAccount (S-1-5-21-3304532806-1953607304-1708024266-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AIMP Classic (HKLM-x32\...\AIMPClassic) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Flash Slideshow Maker Pro 5.20 (HKLM-x32\...\Flash Slideshow Maker Pro) (Version: 5.20 - Flash-Slideshow-Maker.COM)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.)
Free Sound Recorder v10.8.8 (HKLM-x32\...\Free Sound Recorder_is1) (Version: - Copyright(C) 2005-2015 FreeSoundRecorder Technologies, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.139 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.4276.0) (Version: 4.0.4276.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{64C12304-7010-43F3-A25B-BDC38DE41E46}) (Version: 4.0.4276.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.9226.2156 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3304532806-1953607304-1708024266-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
OneTouch 4 OCR Module 19.11 (HKLM-x32\...\{89E2A144-6C18-41E8-8073-7DE04757E012}) (Version: 2.1.115.12165 - Visioneer Inc.)
OneTouch 4 OCR Module 19.11 Combo (HKLM-x32\...\{a7a97a98-670c-491e-bff4-55342ed231ca}) (Version: 2.1.115.12165 - Visioneer Inc.)
OneTouch 4.6 (HKLM-x32\...\{0EBFF816-84E2-442E-A4EE-D842FB7B13EE}) (Version: 4.6.2716.11040 - Visioneer Inc.)
OneTouch 4.6 4.6.2716.11040 & OP19SDK 2.1.115.12165 (HKLM-x32\...\{0fd389f6-89c6-4ba6-951d-73ef36ed26f1}) (Version: 4.6.2716.11040 - Visioneer Inc.)
Opera Stable 52.0.2871.64 (HKLM-x32\...\Opera 52.0.2871.64) (Version: 52.0.2871.64 - Opera Software)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
Visioneer 9520 Driver (HKLM-x32\...\{BCDA28CF-BDE3-49BE-AB50-87FD47CA4559}) (Version: 4.6.10309 - Visioneer Inc.)
Windows Media 9 Capture Tool (HKLM-x32\...\WM9Cap) (Version: - )
Windows Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version: - videowinsoft.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1-x32: [AIMPClassic] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP Classic\System\aimp_shell.dll [2007-05-13] (Artem Izmaylov)
ContextMenuHandlers1-x32: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Inc.)
ContextMenuHandlers4-x32: [AIMPClassic] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP Classic\System\aimp_shell.dll [2007-05-13] (Artem Izmaylov)
ContextMenuHandlers4-x32: [SetAsScanDestShellExt] -> {A05984FF-804F-4599-9814-304312F63239} => C:\Program Files (x86)\Visioneer\OneTouch 4.0\Links\SetAsScanDestShellExtx.dll [2016-11-04] (Visioneer Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Intel Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {107B721C-AFA4-4D01-9FB5-5DE40DF1D0B4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-26] (Microsoft Corporation)
Task: {2244589C-6844-4ADB-8285-3F0FAA269DE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-01] (Google Inc.)
Task: {2366CF43-8DB0-4BEF-8878-B86C200E497C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-26] (Microsoft Corporation)
Task: {38444B6E-9A56-4D97-9314-C4345F5EFBBF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-17] (Microsoft Corporation)
Task: {63B2975E-AB5D-44E5-B68F-9542F8A4EC71} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-17] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {7D5C0E50-A7DD-4498-9DD2-4E21C29565FA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-05-17] (Microsoft Corporation)
Task: {808BC61F-4587-47D7-82A5-21E5ABDF6F93} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-26] (Microsoft Corporation)
Task: {9B652686-7431-40E5-8E73-B3A4E436439A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-26] (Microsoft Corporation)
Task: {BC2095BB-1CD8-4AA9-9B9C-B206DA6D445E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-12] (Microsoft Corporation)
Task: {DBB449A2-F9CD-429B-AB1E-85FA2B058C4B} - System32\Tasks\Opera scheduled Autoupdate 1514814584 => C:\Program Files\Opera\launcher.exe [2018-04-10] (Opera Software)
Task: {E37D874A-836A-4B80-B09C-999AA0BB748E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-01] (Google Inc.)
Task: {F45FC53C-FF60-46A5-B172-8A5FA9B72930} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-05-17] (Microsoft Corporation)
Task: {FBB08D96-93C0-414E-9095-5473B1A325B9} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-12] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-12 09:34 - 2018-04-12 09:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 09:34 - 2018-04-12 09:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 09:34 - 2018-04-12 09:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2017-10-20 16:42 - 2017-10-20 16:42 - 000393200 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-04-12 09:35 - 2018-04-12 19:20 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-27 09:14 - 2018-04-27 09:15 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-04-27 09:14 - 2018-04-27 09:15 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-04-27 09:14 - 2018-04-27 09:15 - 022320128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-04-27 09:14 - 2018-04-27 09:15 - 002603008 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\skypert.dll
2018-04-27 09:14 - 2018-04-27 09:14 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-05-03 09:53 - 2018-05-03 09:54 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-05-03 09:53 - 2018-05-03 09:54 - 066466304 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-01-02 08:06 - 2018-01-02 08:11 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-05-03 09:53 - 2018-05-03 09:54 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-04-26 08:15 - 2018-04-26 08:16 - 004173312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-04-26 08:15 - 2018-04-26 08:15 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-04-26 08:15 - 2018-04-26 08:16 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-04-05 08:30 - 2018-04-05 08:37 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-05-03 09:53 - 2018-05-03 09:54 - 015563776 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-04-26 08:15 - 2018-04-26 08:16 - 004018176 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-05-03 09:53 - 2018-05-03 09:53 - 003281920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-04-26 08:15 - 2018-04-26 08:16 - 001386496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-02-01 11:06 - 2018-02-01 11:07 - 004601048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-03 09:53 - 2018-05-03 09:53 - 000094208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\BendRealityNode.dll
2018-04-26 08:15 - 2018-04-26 08:16 - 000878080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-04-05 08:30 - 2018-04-05 08:36 - 000043008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2018-05-03 09:53 - 2018-05-03 09:54 - 000165888 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\SKU.dll
2018-05-09 12:32 - 2018-05-09 12:32 - 000084992 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.8.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-05-09 12:32 - 2018-05-09 12:32 - 001873120 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.8.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-01-02 14:36 - 2018-01-02 14:35 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3304532806-1953607304-1708024266-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\shabu\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{97362704-E963-4AB0-BC9E-E1EE339C36B6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{66E6B427-2A2E-407F-8AD5-3EBAC38FFEA5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{BB15576E-A05E-4394-9622-AFB2DD4FB652}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{1E741EE1-C1C0-462D-AE26-AB2DEA0FC326}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{443782C8-B584-4D05-BBEE-BE7FB5807FC0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{25191A07-D831-4A33-A7AE-CB891373C929}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{A22FCF6F-7B9C-4E83-90FF-12B2BA77759E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{6F6753F8-30F9-46BC-9C4A-AB7142524C37}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{20B7E09C-9130-434C-A331-EEB15BC0DECF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{6C75EE52-551F-486A-A554-BC8EC41E1EFD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{EE32E945-11EA-4051-973B-79A77EB292E7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{23824417-09CB-4F72-941D-3F586C52A486}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{9E0BFDA6-629E-4CCA-9895-0392B82B5940}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{C9800210-4704-4EAF-8B50-B3FE353EF516}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{92129A0D-369F-475F-B7FF-FA13F8CF4D99}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E2126ECE-7BE2-4ABB-98B2-3D7E0ABFA728}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2082A732-7B45-4C9D-8FF9-FD00B1756FFE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5ABBC764-E81C-4567-AC59-AABA61BE61A3}] => (Allow) C:\Program Files\Opera\52.0.2871.64\opera.exe
FirewallRules: [{28A4CE4A-23FE-44A9-B393-E03DDA52A150}] => (Allow) C:\Program Files\Opera\52.0.2871.40\opera.exe
FirewallRules: [{36FC63B3-786F-41C4-B817-D6E688ACE4A5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{00A349C7-D087-4574-BB00-EDAA1116D10F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{F8BD0881-7482-4D65-A008-0104B113745A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{CBEDDE1D-0E59-4D59-89BD-E647CCBF94BB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2018 1049 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/14/2018 10:03:31 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (05/14/2018 10:02:46 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (05/14/2018 10:02:46 AM) (Source: MSDTC 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (05/14/2018 10:02:46 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A


System errors:
=============
Error: (05/17/2018 10:00:42 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9A3RCC2)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-9A3RCC2\Jerry SID (S-1-5-21-3304532806-1953607304-1708024266-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/17/2018 09:57:08 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9A3RCC2)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-9A3RCC2\Jerry SID (S-1-5-21-3304532806-1953607304-1708024266-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/17/2018 07:18:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/17/2018 07:18:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/17/2018 07:18:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/16/2018 10:23:50 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9A3RCC2)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-9A3RCC2\Jerry SID (S-1-5-21-3304532806-1953607304-1708024266-1001) from address LocalHost (Using LRPC) running in the application container SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0 SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/16/2018 09:09:22 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9A3RCC2)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-9A3RCC2\Jerry SID (S-1-5-21-3304532806-1953607304-1708024266-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/16/2018 08:08:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9A3RCC2)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-9A3RCC2\Jerry SID (S-1-5-21-3304532806-1953607304-1708024266-1001) from address LocalHost (Using LRPC) running in the application container SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0 SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 22%
Total physical RAM: 16156.12 MB
Available physical RAM: 12498.93 MB
Total Virtual: 19100.12 MB
Available Virtual: 15183.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:110.84 GB) (Free:47.62 GB) NTFS
Drive d: () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:931.41 GB) (Free:756.94 GB) NTFS

\\?\Volume{70d02811-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
\\?\Volume{70d02811-0000-0000-0000-f0d41b000000}\ () (Fixed) (Total:0.46 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 70D02811)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=110.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=472 MB) - (Type=27)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 841F1AB8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
englishtutor is offline  
Old 05-17-2018, 05:49 PM   #16
Registered Member
 
Join Date: Apr 2018
Posts: 142
OS:


Question

Fri.5-18-2018, 10:41am GMT+10hrs: Greetings Deejay100six & chemist: I have already completed all the instructions as per both of you. I have not changed anything about any of the folders or programs that were damaged by the malware because #1 I did not want to disturb any forensic evidence and #2 I did not want to trigger any more damage by touching something in there. Have I adequately followed all instructions so far? What should I do next? Should I now turn on the restore point in the damaged, previously infected Windows backup & restore program?
englishtutor is offline  
Old 05-17-2018, 05:50 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello englishtutor. No one antivirus application catches everything. If one did, everyone would have it and no one would get infected.

Yes, you can create a restore point now, if possible.

I see no sign of infection in your logs. Please run this online scan to help look for remnants.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-18-2018, 08:38 PM   #18
Registered Member
 
Join Date: Apr 2018
Posts: 142
OS:



Sat.5-19-2018, 1:35pm GMT+10hrs: Thank you chemist. I created restore points for both of my internal hard drives. I also created a recovery disk on a removable flash drive. Next I will download esetonlinescanner_enu.exe. and run a scan looking for malware remnants. Thank you for your patience.
englishtutor is offline  
Old 05-18-2018, 11:25 PM   #19
Registered Member
 
Join Date: Apr 2018
Posts: 142
OS:


Question

Sat.5-19-2018, 4:20pm GMT+10hrs: I downloaded and scanned with ESET Online Scanner. I will paste the log file of the scan below. There were many threats identified. May I ask, why are we not cleaning/removing the threats? ...as in "To close ESET Online Scanner, select Do not clean then Finish" ???

C:\Program Files\FreeSoundRecorder\FreeSoundRecorder-CNET.exe multiple threats,Win32/FusionCore.Q potentially unwanted application,Win32/Adware.RK.AW application,a variant of Win32/FusionCore.T potentially unwanted application
C:\Program Files (x86)\Windows Live\Photo Gallery\WinMovieMaker.exe a variant of Win32/Hoax.MovieMaker.A application
C:\Users\shabu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnakppaljlplipddalicdemlhlanffdf\13.651.13.9305_0\js\PartnerId.js JS/Mindspark.G potentially unwanted application
C:\Users\shabu\AppData\Roaming\Update available\FreeSoundRecorder.exe multiple threats,a variant of Win32/FusionCore.S potentially unwanted application,Win32/Adware.RK.AW application,a variant of Win32/FusionCore.T potentially unwanted application
C:\Users\shabu\OneDrive\English Tutor\Lessons\PDF Lessons\501_english_verbs_pdf_1095235792.exe Win32/InstallCore.Gen.A potentially unwanted application
C:\Users\shabu\OneDrive\English Tutor\Teaching Resources\501_english_verbs_pdf_download.exe a variant of Win32/Adware.YoBrowser.BJ application
E:\Local Disk E\Documents\English Tutor\Lessons\PDF Lessons\501_english_verbs_pdf_1095235792.exe Win32/InstallCore.Gen.A potentially unwanted application
E:\Local Disk E\Documents\English Tutor\Teaching Resources\501_english_verbs_pdf_download.exe a variant of Win32/Adware.YoBrowser.BJ application
E:\Local Disk E\Downloads\FreeSoundRecorder-CNET.exe multiple threats,Win32/FusionCore.Q potentially unwanted application,Win32/Adware.RK.AW application,a variant of Win32/FusionCore.T potentially unwanted application
E:\Local Disk E\Downloads\windows-movie-maker-2016.exe a variant of Win32/Hoax.MovieMaker.A application
E:\Local Disk E\Eric\shabu\AppData\Roaming\Free Sound Recorder\exe.exe a variant of Win32/InstallCore.AGX potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hauxstb.dll Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hbar.dll a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe Win32/Toolbar.MyWebSearch.X potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hbprtct.dll Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hbrstub.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hdatact.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hdlghk.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hdyn.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hfeedmg.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hhighin.exe Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hhkstub.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hhtmlmu.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hhttpct.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hidle.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hieovr.dll a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8himpipe.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hmedint.exe Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hmlbtn.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hmsg.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hPlugin.dll a variant of Win32/Toolbar.MyWebSearch potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hradio.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hregfft.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hreghk.dll Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hregiet.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hscript.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hskin.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hsknlcr.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hskplay.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hSrchMn.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8htpinst.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8huabtn.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\AppIntegrator64.exe Win64/Toolbar.MyWebSearch.A potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\AppIntegratorStub64.dll Win64/Toolbar.MyWebSearch.A potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\BOOTSTRAP.JS JS/Mindspark.C potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\CREXT.DLL a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\CrExtP8h.exe a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\DPNMNGR.DLL a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\EXEMANAGER.DLL a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\Hpg64.dll Win64/Toolbar.MyWebSearch.A potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\NP8hStub.dll Win32/Toolbar.MyWebSearch.T potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\T8EXTEX.DLL a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\T8EXTPEX.DLL Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\T8HTML.DLL a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\T8TICKER.DLL a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\VERIFY.DLL a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\BOOTSTRAP.JS JS/Mindspark.C potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\CREXT.DLL Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\CrExtPpa.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\paauxstb.dll Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pabar.dll Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pabarsvc.exe Win32/Toolbar.MyWebSearch.X potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pabrmon.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pabrstub.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\padatact.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\padlghk.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\padyn.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pafeedmg.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pahighin.exe Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pahkstub.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pahtmlmu.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pahttpct.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\paidle.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\paieovr.dll a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\paimpipe.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pamedint.exe Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pamlbtn.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pamsg.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\paradio.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pareghk.dll a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\paregiet.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pascript.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\paskin.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pasknlcr.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\paskplay.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\paSrcAs.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\paSrchMn.exe a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\patpinst.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pauabtn.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\T8EXTEX.DLL Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\T8EXTPEX.DLL Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\T8HTML.DLL a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\T8TICKER.DLL Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\Components\NCHToolbars\ask.com\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe a variant of Win32/Toolbar.Conduit.AU potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\MixPad\mixpad.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\MixPad\mixpadsetup_v3.27.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\PhotoStage\photostage.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\PhotoStage\photostagesetup_v2.17.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\Prism\prism.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\Prism\prismsetup_v1.89.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\Switch\switch.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\Switch\switchsetup_v4.35.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\VideoPad\videopad.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\VideoPad\videopadsetup_v3.00.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\WavePad\wavepad.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\WavePad\wavepadsetup_v5.33.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zauxstb.dll Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe Win32/Toolbar.MyWebSearch.X potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrstub.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zdatact.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zdlghk.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zdyn.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zfeedmg.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zhighin.exe Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zhkstub.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zhtmlmu.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zhttpct.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zidle.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zieovr.dll a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zimpipe.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zmedint.exe Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zmlbtn.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zmsg.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zradio.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zreghk.dll a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zregiet.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zscript.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zskin.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zsknlcr.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zskplay.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4ztpinst.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zuabtn.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\BOOTSTRAP.JS JS/Mindspark.C potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\CREXT.DLL Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\CrExtP4z.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8EXTEX.DLL Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8EXTPEX.DLL Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8HTML.DLL a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8TICKER.DLL Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\WinZip\wzdu18.exe a variant of Win32/Systweak.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\WinZip Driver Updater\winzipdu.exe a variant of Win32/Systweak.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hauxstb.dll Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hbar.dll a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe Win32/Toolbar.MyWebSearch.X potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hbprtct.dll Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hbrstub.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hdatact.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hdlghk.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hdyn.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hfeedmg.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hhighin.exe Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hhkstub.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hhtmlmu.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hhttpct.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hidle.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hieovr.dll a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8himpipe.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hmedint.exe Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hmlbtn.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hmsg.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hPlugin.dll a variant of Win32/Toolbar.MyWebSearch potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hradio.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hregfft.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hreghk.dll Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hregiet.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hscript.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hskin.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hsknlcr.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hskplay.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hSrchMn.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8htpinst.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8huabtn.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\AppIntegrator64.exe Win64/Toolbar.MyWebSearch.A potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\AppIntegratorStub64.dll Win64/Toolbar.MyWebSearch.A potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\BOOTSTRAP.JS JS/Mindspark.C potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\CREXT.DLL a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\CrExtP8h.exe a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\DPNMNGR.DLL a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\EXEMANAGER.DLL a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\Hpg64.dll Win64/Toolbar.MyWebSearch.A potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\NP8hStub.dll Win32/Toolbar.MyWebSearch.T potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\T8EXTEX.DLL a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\T8EXTPEX.DLL Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\T8HTML.DLL a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\T8TICKER.DLL a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\VERIFY.DLL a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\BOOTSTRAP.JS JS/Mindspark.C potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\CREXT.DLL Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\CrExtPpa.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\paauxstb.dll Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pabar.dll Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pabarsvc.exe Win32/Toolbar.MyWebSearch.X potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pabrmon.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pabrstub.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\padatact.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\padlghk.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\padyn.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pafeedmg.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pahighin.exe Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pahkstub.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pahtmlmu.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pahttpct.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\paidle.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\paieovr.dll a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\paimpipe.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pamedint.exe Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pamlbtn.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pamsg.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\paradio.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pareghk.dll a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\paregiet.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pascript.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\paskin.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pasknlcr.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\paskplay.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\paSrcAs.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\paSrchMn.exe a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\patpinst.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pauabtn.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\T8EXTEX.DLL Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\T8EXTPEX.DLL Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\T8HTML.DLL a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\T8TICKER.DLL Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\Components\NCHToolbars\ask.com\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe a variant of Win32/Toolbar.Conduit.AU potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\MixPad\mixpad.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\MixPad\mixpadsetup_v3.27.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\PhotoStage\photostage.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\PhotoStage\photostagesetup_v2.17.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\Prism\prism.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\Prism\prismsetup_v1.89.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\Switch\switch.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\Switch\switchsetup_v4.35.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\VideoPad\videopad.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\VideoPad\videopadsetup_v3.00.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\WavePad\wavepad.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\WavePad\wavepadsetup_v5.33.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zauxstb.dll Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe Win32/Toolbar.MyWebSearch.X potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrstub.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zdatact.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zdlghk.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zdyn.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zfeedmg.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zhighin.exe Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zhkstub.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zhtmlmu.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zhttpct.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zidle.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zieovr.dll a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zimpipe.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zmedint.exe Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zmlbtn.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zmsg.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zradio.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zreghk.dll a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zregiet.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zscript.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zskin.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zsknlcr.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zskplay.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4ztpinst.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zuabtn.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\BOOTSTRAP.JS JS/Mindspark.C potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\CREXT.DLL Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\CrExtP4z.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8EXTEX.DLL Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8EXTPEX.DLL Win32/Toolbar.MyWebSearch.AA potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8HTML.DLL a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8TICKER.DLL Win32/Toolbar.MyWebSearch.W potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\WinZip\wzdu18.exe a variant of Win32/Systweak.H potentially unwanted application
E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\WinZip Driver Updater\winzipdu.exe a variant of Win32/Systweak.H potentially unwanted application
E:\Local Disk E\NAS Files\Program Files\Box\sogou_pinyin_71g.exe a variant of Win32/Sogou.F potentially unwanted application
E:\Local Disk E\NAS Files\Volume_1Folder\compaq nc6220\My Dropbox\HP Compaq Laptops\HPCompaq nx9010\Downloads\unconfirmed 34642.download Win32/Toolbar.Crawler.A potentially unwanted application
E:\Local Disk E\NAS Files\Volume_1Folder\compaq nc6220\My Dropbox\HP Compaq Laptops\HPCompaq nx9010\Downloads\unconfirmed 91833.download Win32/Toolbar.Crawler.A potentially unwanted application
Autostart locations multiple threats,a variant of Win32/Hoax.MovieMaker.A application,JS/Mindspark.G potentially unwanted application
englishtutor is offline  
Old 05-19-2018, 07:41 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, englishtutor. Not everything ESET detects is necessarily bad.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Program Files\FreeSoundRecorder\FreeSoundRecorder-CNET.exe"
"C:\Program Files (x86)\Windows Live\Photo Gallery\WinMovieMaker.exe"
"C:\Users\shabu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnakppaljlplipddalicdemlhlanffdf\13.651.13.9305_0\js\PartnerId.js"
"C:\Users\shabu\AppData\Roaming\Update available\FreeSoundRecorder.exe"
"C:\Users\shabu\OneDrive\English Tutor\Lessons\PDF Lessons\501_english_verbs_pdf_1095235792.exe"
"C:\Users\shabu\OneDrive\English Tutor\Teaching Resources\501_english_verbs_pdf_download.exe"
"E:\Local Disk E\Documents\English Tutor\Lessons\PDF Lessons\501_english_verbs_pdf_1095235792.exe"
"E:\Local Disk E\Documents\English Tutor\Teaching Resources\501_english_verbs_pdf_download.exe"
"E:\Local Disk E\Downloads\FreeSoundRecorder-CNET.exe"
"E:\Local Disk E\Downloads\windows-movie-maker-2016.exe"
"E:\Local Disk E\Eric\shabu\AppData\Roaming\Free Sound Recorder\exe.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hauxstb.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hbar.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hbprtct.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hbrstub.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hdatact.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hdlghk.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hdyn.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hfeedmg.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hhighin.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hhkstub.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hhtmlmu.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hhttpct.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hidle.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hieovr.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8himpipe.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hmedint.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hmlbtn.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hmsg.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hPlugin.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hradio.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hregfft.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hreghk.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hregiet.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hscript.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hskin.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hsknlcr.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hskplay.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8hSrchMn.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8htpinst.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\8huabtn.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\AppIntegrator64.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\AppIntegratorStub64.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\BOOTSTRAP.JS"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\CREXT.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\CrExtP8h.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\DPNMNGR.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\EXEMANAGER.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\Hpg64.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\NP8hStub.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\T8EXTEX.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\T8EXTPEX.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\T8HTML.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\T8TICKER.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Allin1Convert_8h\bar\1.bin\VERIFY.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\Conduit\Community Alerts\Alert.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\BOOTSTRAP.JS"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\CREXT.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\CrExtPpa.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\paauxstb.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pabar.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pabarsvc.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pabrmon.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pabrstub.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\padatact.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\padlghk.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\padyn.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pafeedmg.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pahighin.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pahkstub.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pahtmlmu.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pahttpct.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\paidle.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\paieovr.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\paimpipe.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pamedint.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pamlbtn.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pamsg.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\paradio.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pareghk.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\paregiet.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pascript.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\paskin.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pasknlcr.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\paskplay.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\paSrcAs.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\paSrchMn.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\patpinst.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\pauabtn.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\T8EXTEX.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\T8EXTPEX.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\T8HTML.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\FilmFanatic\bar\1.bin\T8TICKER.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\Components\NCHToolbars\ask.com\ApnStub.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\MixPad\mixpad.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\MixPad\mixpadsetup_v3.27.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\PhotoStage\photostage.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\PhotoStage\photostagesetup_v2.17.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\Prism\prism.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\Prism\prismsetup_v1.89.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\Switch\switch.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\Switch\switchsetup_v4.35.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\VideoPad\videopad.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\VideoPad\videopadsetup_v3.00.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\WavePad\wavepad.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\NCH Software\WavePad\wavepadsetup_v5.33.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zauxstb.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrstub.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zdatact.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zdlghk.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zdyn.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zfeedmg.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zhighin.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zhkstub.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zhtmlmu.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zhttpct.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zidle.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zieovr.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zimpipe.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zmedint.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zmlbtn.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zmsg.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zradio.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zreghk.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zregiet.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zscript.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zskin.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zsknlcr.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zskplay.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4ztpinst.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zuabtn.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\BOOTSTRAP.JS"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\CREXT.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\CrExtP4z.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8EXTEX.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8EXTPEX.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8HTML.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8TICKER.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\WinZip\wzdu18.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\C Drive\Program Files\WinZip Driver Updater\winzipdu.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hauxstb.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hbar.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hbprtct.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hbrstub.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hdatact.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hdlghk.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hdyn.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hfeedmg.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hhighin.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hhkstub.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hhtmlmu.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hhttpct.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hidle.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hieovr.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8himpipe.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hmedint.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hmlbtn.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hmsg.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hPlugin.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hradio.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hregfft.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hreghk.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hregiet.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hscript.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hskin.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hsknlcr.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hskplay.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8hSrchMn.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8htpinst.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\8huabtn.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\AppIntegrator64.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\AppIntegratorStub64.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\BOOTSTRAP.JS"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\CREXT.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\CrExtP8h.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\DPNMNGR.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\EXEMANAGER.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\Hpg64.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\NP8hStub.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\T8EXTEX.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\T8EXTPEX.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\T8HTML.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\T8TICKER.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Allin1Convert_8h\bar\1.bin\VERIFY.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\Conduit\Community Alerts\Alert.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\BOOTSTRAP.JS"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\CREXT.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\CrExtPpa.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\paauxstb.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pabar.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pabarsvc.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pabrmon.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pabrstub.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\padatact.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\padlghk.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\padyn.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pafeedmg.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pahighin.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pahkstub.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pahtmlmu.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pahttpct.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\paidle.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\paieovr.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\paimpipe.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pamedint.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pamlbtn.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pamsg.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\paradio.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pareghk.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\paregiet.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pascript.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\paskin.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pasknlcr.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\paskplay.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\paSrcAs.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\paSrchMn.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\patpinst.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\pauabtn.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\T8EXTEX.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\T8EXTPEX.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\T8HTML.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\FilmFanatic\bar\1.bin\T8TICKER.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\Components\NCHToolbars\ask.com\ApnStub.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\MixPad\mixpad.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\MixPad\mixpadsetup_v3.27.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\PhotoStage\photostage.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\PhotoStage\photostagesetup_v2.17.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\Prism\prism.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\Prism\prismsetup_v1.89.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\Switch\switch.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\Switch\switchsetup_v4.35.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\VideoPad\videopad.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\VideoPad\videopadsetup_v3.00.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\WavePad\wavepad.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\NCH Software\WavePad\wavepadsetup_v5.33.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zauxstb.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrstub.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zdatact.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zdlghk.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zdyn.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zfeedmg.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zhighin.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zhkstub.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zhtmlmu.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zhttpct.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zidle.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zieovr.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zimpipe.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zmedint.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zmlbtn.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zmsg.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zradio.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zreghk.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zregiet.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zscript.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zskin.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zsknlcr.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zskplay.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4ztpinst.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zuabtn.dll"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\BOOTSTRAP.JS"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\CREXT.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\CrExtP4z.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8EXTEX.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8EXTPEX.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8HTML.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8TICKER.DLL"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\WinZip\wzdu18.exe"
"E:\Local Disk E\NAS Files\HP Compaq nc6220\Program Files\WinZip Driver Updater\winzipdu.exe"
"E:\Local Disk E\NAS Files\Program Files\Box\sogou_pinyin_71g.exe"
"E:\Local Disk E\NAS Files\Volume_1Folder\compaq nc6220\My Dropbox\HP Compaq Laptops\HPCompaq nx9010\Downloads\unconfirmed 34642.download"
"E:\Local Disk E\NAS Files\Volume_1Folder\compaq nc6220\My Dropbox\HP Compaq Laptops\HPCompaq nx9010\Downloads\unconfirmed 91833.download"


) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
System Service Exception - ntoskrnl
Hello I have been having these System Service Exception BSODs for quite a long time, they have been coming and going but only occur when i put the computer to sleep. This has been driving me absolutely spare as i have been unable to isolate whats causing the problem. I have attached a .zip of...
robhooley167 BSOD, App Crashes And Hangs 7 04-04-2013 10:58 AM
[SOLVED] Multiple BSODs
For the past month or so I have been getting a number of BSODs. It seems kind of random and occurs whenever I type in my internet browser's address bar. The weird thing is that it happens randomly. One moment I could type without worry and the next I get a BSOD. Below, I've posted the results of...
soulcross19 BSOD, App Crashes And Hangs 9 03-19-2013 05:36 AM
BSOD intermittently during Windows 7 Startup
Hello, I m new to this forum. I am using this computer on everyday basis. however, BSOD happens to it once in a while during start up to boot into windows. Found this during BSOD, "0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s." I have...
hunterz86 BSOD, App Crashes And Hangs 3 03-13-2013 07:31 AM
DAILY BSOD's FOR MONTHS-PLS. HELP!!
Hi Moderators: I've been having a BSOD problem with my Dell Studio540 desktop for months now and finally have some time to try and fix the problem. :banghead: It's my main computer and I use for business as well as personal. Per "JCGRIFF2"'s instructions on BSOD posting, here are the...
BIGBEARJEDI BSOD, App Crashes And Hangs 1 03-03-2013 12:20 PM
Blue screen and slowdowns.
My laptop just crashes randomly when I'm using it. It's frustrating, and it costs me a lot of time. When it's booting my keyboard becomes unresponsive so I have to wait for the countdown to run out (can't just hit enter into boot normally). Sorry for requesting help as this is my first post, but...
zRebellion BSOD, App Crashes And Hangs 0 06-05-2012 10:15 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:26 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts