Jump to content

Search the Community

Showing results for tags 'root kit'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 8 results

  1. Ive tried everything... I Mean everything to no avail!. There was a post about this that was closed a little while back. safemode usb+ any anti viruses = Nothing still telling me I dont have the privileges, even "run as admin" I tried weirdly enough to edit the program in notepad+ and saving it after deleting its contents. Worked for some files, but not the important ones. Im so stuck right now I dont know what to do? Do I have to get a new computer?! I was in computer repair too..
  2. Hello everyone, My name is Tim and I have recently been having problems with my computer. Hence this post. I have followed several guides on the removal process of this root kit, however somewhere along those guides I am unable to run any of the programs due to the virus. Such attempts have involved me downloading malware anti root kit software, running rkill to be bale to download Anti-Malware, and trying to initiate a system restore. All of these have failed. Please let me know if I need to provide any further information to get on the road of getting this problem resolved. Thanks for all the help!
  3. I keep getting error code 20025 and don't know what to do to correct it. It says that the rootkit cannot be loaded. Can someone help please?
  4. Hi, Recently my computer came under attack while I was using google drive and google sheets, avast gave me a couple warning about blocked attacks and later said a rootkit was on my computer and prompted whether I wanted to delete it. I clicked yes. I've used MBAR to scan, did full scans with Avast and Boot Scans with Avast and have had no detections, but I wanted to make sure my laptop was truly clear. Thank you for the help! This is the FRST Log Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017 Ran by Marc Tannous (administrator) on MARCTANNOUS-PC (07-03-2017 19:34:21) Running from C:\Users\Marc Tannous\Desktop Loaded Profiles: Marc Tannous (Available Profiles: Marc Tannous) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Tobias Erichsen) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Flux Software LLC) C:\Users\Marc Tannous\AppData\Local\FluxSoftware\Flux\flux.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Labtiva Inc.) C:\Users\Marc Tannous\AppData\Local\com.readcube.Desktop\bin\helper\164\ReadCubeTray.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe (Labtiva Inc.) C:\Users\Marc Tannous\AppData\Local\Temp\ReadCubeTray64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPNetworkCommunicatorCom.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2012-02-13] (Synaptics Incorporated) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020576 2012-02-20] (Atheros Commnucations) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-20] (Atheros Commnucations) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-03-31] (NTI Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-21] (AVAST Software) HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [75776 2016-10-17] () HKLM-x32\...\Run: [SilentCleanService] => C:\Program Files (x86)\iMobie\AnyTrans\${CHECK_RUNSERVICE_NAME} HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\...\Run: [f.lux] => C:\Users\Marc Tannous\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation) HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\...\Run: [ReadCube] => C:\Users\Marc Tannous\AppData\Local\com.readcube.Desktop\application\ReadCube.exe [150800 2013-11-17] () HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\...\Run: [HP OfficeJet Pro 8710 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe [3736584 2015-08-31] (HP Inc.) HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc.) HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation) HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\...\MountPoints2: E - E:\LaunchU3.exe -a HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\...\MountPoints2: {06ff2785-764a-11e4-909e-70188b28b67e} - E:\TL_Bootstrap.exe HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [450048 2011-09-12] () HKU\S-1-5-18\...\Run: [] => [X] HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-21] (AVAST Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-21] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{21926AFD-E739-422E-B174-660FB0D58C09}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{589370A3-D338-4EDE-87C6-6EDE8F06B20D}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{C03CB322-2411-485C-AA10-F7AC3E3677E8}: [DhcpNameServer] 172.20.10.1 Internet Explorer: ================== HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com/ HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3622033208-2468118113-1462319251-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3622033208-2468118113-1462319251-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-02-21] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-20] (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-02-20] (Atheros Commnucations) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-02-21] (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-20] (Oracle Corporation) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.) FireFox: ======== FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-02] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-02] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-20] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-20] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Profile 1 CHR Profile: C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Guest Profile [2014-11-30] CHR Profile: C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-03-07] CHR Extension: (Google Docs) - C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03] CHR Extension: (Google Drive) - C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (YouTube) - C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27] CHR Extension: (Adblock Plus) - C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-28] CHR Extension: (Google Search) - C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Avast Online Security (BETA)) - C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2017-02-22] CHR Extension: (Adobe Acrobat) - C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03] CHR Extension: (Google Docs Offline) - C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-02] CHR Extension: (Kindle Cloud Reader) - C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-06-20] CHR Extension: (Chrome Web Store Payments) - C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20] CHR Extension: (Gmail) - C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29] CHR Extension: (Chrome Media Router) - C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-16] CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-21] (AVAST Software s.r.o.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-20] (Atheros Commnucations) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-21] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [278784 2017-02-21] (AVAST Software) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-03-31] (NTI Corporation) R2 rtpMIDIService; C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [3954832 2015-08-02] (Tobias Erichsen) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-02-19] (Atheros) [File not signed] S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309784 2017-02-21] (AVAST Software s.r.o.) R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-02-21] (AVAST Software s.r.o.) R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-02-21] (AVAST Software s.r.o.) R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-02-21] (AVAST Software s.r.o.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-02-21] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-02-21] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126088 2017-02-21] (AVAST Software) R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [29432 2017-02-21] (AVAST Software) R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [456456 2017-02-21] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-02-21] (AVAST Software) R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [74680 2017-02-21] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [991496 2017-02-21] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [547904 2017-02-21] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-02-21] (AVAST Software) R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337080 2017-02-21] (AVAST Software) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-03-07] (Malwarebytes) R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-02-13] (Synaptics Incorporated) R3 teVirtualMIDI64; C:\Windows\System32\DRIVERS\teVirtualMIDI64.sys [41016 2015-07-12] (Tobias Erichsen) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-07 19:34 - 2017-03-07 19:35 - 00023824 _____ C:\Users\Marc Tannous\Desktop\FRST.txt 2017-03-07 19:34 - 2017-03-07 19:34 - 00000000 ____D C:\FRST 2017-03-07 19:33 - 2017-03-07 19:33 - 02423808 _____ (Farbar) C:\Users\Marc Tannous\Desktop\FRST64.exe 2017-03-07 18:35 - 2017-03-07 18:35 - 00000000 ____D C:\ProgramData\SWCUTemp 2017-03-07 18:27 - 2017-03-07 18:27 - 00000000 ____D C:\Windows\pss 2017-03-07 13:54 - 2017-03-07 13:54 - 19827800 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2017-03-07 13:11 - 2017-03-07 19:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-03-07 13:11 - 2017-03-07 18:33 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2017-03-07 13:11 - 2017-03-07 13:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-03-07 13:11 - 2017-03-07 13:11 - 00003912 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-03-07 13:09 - 2017-03-07 13:09 - 01201256 _____ (Adobe Systems Incorporated) C:\Users\Marc Tannous\Desktop\flashplayer24pp_xa_install.exe 2017-03-03 15:14 - 2017-03-01 09:39 - 815017296 _____ C:\Users\Marc Tannous\Desktop\Trim to 5 Minute Video.MOV 2017-03-01 20:43 - 2017-03-01 21:20 - 00019384 _____ C:\Users\Marc Tannous\Desktop\Data Sheet for More Time FCT.xlsx 2017-03-01 13:47 - 2017-03-02 14:38 - 00000000 ____D C:\Users\Marc Tannous\Desktop\Comprehensive Behavior Plan 2017-02-28 20:55 - 2017-02-28 20:55 - 00204295 _____ C:\Users\Marc Tannous\Desktop\Carter et al. (2013).pdf 2017-02-28 20:55 - 2017-02-28 20:55 - 00091744 _____ C:\Users\Marc Tannous\Desktop\Ayres_et_al-2013-MobileTech.pdf 2017-02-28 11:52 - 2017-03-01 07:32 - 00011016 _____ C:\Users\Marc Tannous\Desktop\Self Prompting Sheet for Running Instructional Lesson for FCT.xlsx 2017-02-28 11:40 - 2017-03-06 21:30 - 00000000 ____D C:\Users\Marc Tannous\Desktop\Instructional Programs 2017-02-26 19:53 - 2017-02-26 19:53 - 00121845 _____ C:\Users\Marc Tannous\Desktop\Hoover & Patton, 2008.pdf 2017-02-26 19:52 - 2017-02-26 19:52 - 03432773 _____ C:\Users\Marc Tannous\Desktop\Bateman CH2.pdf 2017-02-26 19:50 - 2017-02-26 19:51 - 01553733 _____ C:\Users\Marc Tannous\Desktop\Bateman CH1.pdf 2017-02-26 17:30 - 2017-02-26 19:58 - 00027696 _____ C:\Users\Marc Tannous\Desktop\UDL data.xlsx 2017-02-26 08:41 - 2017-02-26 08:41 - 00214596 _____ C:\Users\Marc Tannous\Desktop\wintergrass-ticket-3538.pdf 2017-02-25 16:14 - 2017-02-25 16:14 - 01255107 _____ C:\Users\Marc Tannous\Desktop\IEP_Kindergarten_Autism.pdf 2017-02-25 09:25 - 2017-02-25 09:25 - 00018245 _____ C:\Users\Marc Tannous\Desktop\Equal Interval Graph 2017-02-25 09:24 - 2017-02-25 09:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\Marc Tannous\Desktop\HijackThis.exe 2017-02-24 19:48 - 2017-03-03 07:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-02-24 19:47 - 2017-03-03 07:30 - 00000000 ____D C:\Users\Marc Tannous\Desktop\mbar 2017-02-24 19:47 - 2017-03-02 20:17 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2017-02-24 19:46 - 2017-02-24 19:47 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Marc Tannous\Desktop\mbar-1.09.3.1001.exe 2017-02-24 17:51 - 2017-03-07 18:34 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-02-24 17:51 - 2017-02-24 19:48 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-02-24 17:51 - 2017-02-24 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-02-24 17:51 - 2017-02-24 17:51 - 00000000 ____D C:\Program Files\Malwarebytes 2017-02-24 17:51 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-02-24 17:47 - 2017-02-24 17:47 - 55566792 _____ (Malwarebytes ) C:\Users\Marc Tannous\Desktop\mb3-setup-consumer-3.0.6.1469.exe 2017-02-21 20:30 - 2017-03-07 18:44 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2017-02-21 20:30 - 2017-02-21 20:27 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys 2017-02-21 20:30 - 2017-02-21 20:27 - 00309784 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys 2017-02-21 20:30 - 2017-02-21 20:27 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys 2017-02-21 20:30 - 2017-02-21 20:27 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys 2017-02-21 20:29 - 2017-02-21 20:29 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2017-02-21 20:27 - 2017-02-21 20:27 - 00029432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys 2017-02-21 20:16 - 2017-02-21 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2017-02-21 20:15 - 2017-02-21 20:16 - 00000000 ____D C:\Program Files\iTunes 2017-02-21 20:15 - 2017-02-21 20:15 - 00000000 ____D C:\Program Files\iPod 2017-02-21 20:09 - 2017-02-21 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2017-02-21 20:09 - 2017-02-21 20:09 - 00000000 ____D C:\Program Files\7-Zip 2017-02-17 17:46 - 2017-02-17 17:46 - 00000000 ____D C:\Users\Marc Tannous\Desktop\WPN824v2 Firmware Version 2.0.26 (NA) 2017-02-17 13:30 - 2017-02-17 13:30 - 00000000 ____D C:\Users\Marc Tannous\AppData\Local\{29A98EC7-B61B-4671-84BC-D3837F8689CC} 2017-02-13 16:47 - 2017-02-13 16:47 - 00000000 _____ C:\Windows\SysWOW64\last.dump ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-07 18:42 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-03-07 18:42 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-03-07 18:35 - 2015-08-15 09:07 - 00000000 ____D C:\Program Files (x86)\Steam 2017-03-07 18:34 - 2015-09-20 04:38 - 00436544 _____ C:\Windows\ntbtlog.txt 2017-03-07 18:33 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-03-07 18:30 - 2014-01-24 17:21 - 00000000 ____D C:\Users\Marc Tannous\AppData\Roaming\SoftGrid Client 2017-03-07 13:54 - 2013-03-20 05:31 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-03-07 13:54 - 2013-03-20 05:31 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-03-07 13:54 - 2013-03-20 05:31 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-03-07 13:54 - 2013-03-20 05:31 - 00000000 ____D C:\Windows\system32\Macromed 2017-03-07 13:12 - 2014-04-02 15:31 - 00000000 ____D C:\Users\Marc Tannous\AppData\Local\Adobe 2017-03-07 11:06 - 2014-01-24 16:35 - 00076088 _____ C:\Users\Marc Tannous\AppData\Local\GDIPFONTCACHEV1.DAT 2017-03-06 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF 2017-03-04 10:05 - 2016-10-02 14:51 - 00000000 ____D C:\Users\Marc Tannous\Desktop\UW Assignments 2017-03-03 09:31 - 2017-01-12 12:51 - 00000352 _____ C:\Windows\BRRBCOM.INI 2017-02-28 07:25 - 2016-01-12 16:36 - 00003904 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1452645413 2017-02-26 10:00 - 2014-03-31 18:04 - 00000000 ____D C:\Users\Marc Tannous\AppData\Roaming\foobar2000 2017-02-25 11:22 - 2014-01-24 16:42 - 00000000 ____D C:\ProgramData\AVAST Software 2017-02-25 09:52 - 2014-01-24 16:35 - 00000000 ____D C:\Users\Marc Tannous\AppData\Local\VirtualStore 2017-02-24 19:01 - 2014-08-15 15:24 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-02-24 19:01 - 2014-08-15 15:24 - 00000000 ____D C:\Windows\system32\MRT 2017-02-24 18:56 - 2015-05-11 16:10 - 00000000 ____D C:\Users\Marc Tannous\Downloads\Worse things still happen at sea_ the shipping disasters we never hear about _ World news _ The Guardian_files 2017-02-22 18:21 - 2013-03-20 05:14 - 00000000 ____D C:\ProgramData\Skype 2017-02-22 09:53 - 2014-01-24 16:38 - 00000000 ____D C:\Users\Marc Tannous\Documents\Bluetooth Folder 2017-02-22 09:46 - 2015-08-01 13:16 - 00000000 ____D C:\temp 2017-02-22 09:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf 2017-02-21 20:30 - 2014-01-24 16:44 - 00337080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys 2017-02-21 20:29 - 2014-04-22 18:40 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2017-02-21 20:29 - 2014-01-24 16:44 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2017-02-21 20:29 - 2014-01-24 16:44 - 00337080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148773781720804 2017-02-21 20:29 - 2014-01-24 16:44 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2017-02-21 20:29 - 2014-01-24 16:44 - 00126088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2017-02-21 20:29 - 2014-01-24 16:44 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2017-02-21 20:29 - 2014-01-24 16:44 - 00074680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2017-02-21 20:28 - 2016-01-12 16:04 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2017-02-21 20:28 - 2014-01-24 16:44 - 00991496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2017-02-21 20:27 - 2016-05-13 14:42 - 00456456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys 2017-02-21 20:15 - 2014-04-02 16:55 - 00000000 ____D C:\Program Files\Common Files\Apple 2017-02-21 18:31 - 2016-10-29 08:30 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-02-21 09:18 - 2014-03-31 17:41 - 00000000 ____D C:\Users\Marc Tannous\AppData\Local\Apple Computer 2017-02-06 16:30 - 2014-01-24 16:45 - 00002159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ==================== Files in the root of some directories ======= 2014-12-24 09:02 - 2014-12-24 09:02 - 0000100 _____ () C:\Users\Marc Tannous\AppData\Local\fusioncache.dat 2016-09-04 11:54 - 2016-09-04 11:54 - 0000057 _____ () C:\ProgramData\Ament.ini 2013-08-06 05:49 - 2013-08-06 05:52 - 0002439 _____ () C:\ProgramData\clear.fiSDK20.log 2017-01-08 15:18 - 2017-01-08 15:18 - 0005051 _____ () C:\ProgramData\czchsjpj.srw 2017-01-08 15:18 - 2017-01-08 15:18 - 0000016 _____ () C:\ProgramData\mntemp 2013-08-06 05:52 - 2013-08-06 05:52 - 0000032 _____ () C:\ProgramData\PS.log Some files in TEMP: ==================== 2016-10-28 20:48 - 2016-10-28 20:49 - 33860328 _____ (Ellora Assets Corporation ) C:\Users\Marc Tannous\AppData\Local\Temp\FreemakeVideoConverterFull.exe 2016-12-14 10:04 - 2016-12-14 10:04 - 0739904 _____ (Oracle Corporation) C:\Users\Marc Tannous\AppData\Local\Temp\jre-8u121-windows-au.exe 2016-03-21 07:12 - 2016-03-21 07:12 - 0736320 _____ (Oracle Corporation) C:\Users\Marc Tannous\AppData\Local\Temp\jre-8u77-windows-au.exe 2017-03-04 13:11 - 2017-03-04 13:11 - 0005632 _____ () C:\Users\Marc Tannous\AppData\Local\Temp\oj975jed.dll 2016-02-28 09:01 - 2017-03-07 18:35 - 0320272 _____ (Labtiva Inc.) C:\Users\Marc Tannous\AppData\Local\Temp\ReadCubeTray64.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-03-04 13:02 ==================== End of FRST.txt ============================ This is the addition log Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017 Ran by Marc Tannous (07-03-2017 19:35:21) Running from C:\Users\Marc Tannous\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2014-01-25 00:34:38) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3622033208-2468118113-1462319251-500 - Administrator - Disabled) ASPNET (S-1-5-21-3622033208-2468118113-1462319251-1002 - Limited - Enabled) Guest (S-1-5-21-3622033208-2468118113-1462319251-501 - Limited - Disabled) Marc Tannous (S-1-5-21-3622033208-2468118113-1462319251-1000 - Administrator - Enabled) => C:\Users\Marc Tannous ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov) Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.103 - NTI Corporation) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2904.00 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.5.2904.00 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3508 - Acer Incorporated) Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3507 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 20.11.1107.1418 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated) Adams Guitar (HKLM-x32\...\46D88D6E-2384-4DFA-A02C-7ED5B10234D6) (Version: 1.0 - Adams Guitar) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated) Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated) Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden Anki (HKLM-x32\...\Anki) (Version: - ) AnyTrans (HKLM-x32\...\AnyTrans) (Version: 5.2.0.0 - iMobie Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.122 - Atheros) Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software) Backup Manager V3 (x32 Version: 3.0.0.103 - NTI Corporation) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 15.0.7.3 - Broadcom Corporation) Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.7.1 - Broadcom Corporation) Brother MFL-Pro Suite MFC-L8850CDW (HKLM-x32\...\{A3C8ED27-D848-441A-AE81-E42E27109558}) (Version: 1.0.6.0 - Brother Industries, Ltd.) Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.00.3006 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.00.3006 - Acer Incorporated) clear.fi SDK - MVP 2 (x32 Version: 2.0.1702 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.0.1707 - CyberLink Corp.) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.2727_43992 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Dropbox (HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.) Duskers (HKLM\...\Steam App 254320) (Version: - Misfits Attic) eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM) Edthena Video Tool version 1.0.0 (HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\...\{1EEFC7B0-8DB6-4160-857F-6B547DAF385E}_is1) (Version: 1.0.0 - R3 Collaboratives, Inc.) Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.) f.lux (HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\...\Flux) (Version: - ) FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden foobar2000 v1.3.1 (HKLM-x32\...\foobar2000) (Version: 1.3.1 - Peter Pawlowski) Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.1.2 - FUHU, Inc.) Fooz Kids (x32 Version: 3.1.2 - FUHU, Inc.) Hidden Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.) Free FLAC Player (HKLM-x32\...\{A1FBD437-D823-4438-A491-5F16B8BE3CFB}) (Version: 1.00.0000 - Media Freeware) Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation) Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden GNU Backgammon (Version 1_05_000, 20150725) (HKLM-x32\...\GNU Backgammon_is1) (Version: - Free Software Foundation) GoldWave v6.24 (HKLM\...\GoldWave v6.24) (Version: 6.24 - GoldWave Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden HP Dropbox Plugin (HKLM-x32\...\{3E261474-8DF2-463B-984E-0B6396F58D1C}) (Version: 36.0.39.57346 - HP) HP Google Drive Plugin (HKLM-x32\...\{9469285B-AB76-434A-8533-2EE643318F2E}) (Version: 36.0.39.57346 - HP) HP OfficeJet Pro 8710 Basic Device Software (HKLM\...\{FD93EB2A-3768-4B16-BDDF-3E2F5667A0A0}) (Version: 38.1.1881.57490 - HP Inc.) HP OfficeJet Pro 8710 Help (HKLM-x32\...\{92B8A892-1D92-407A-BF5E-26DCE71B9B12}) (Version: 38.0.0 - HP) I.R.I.S. OCR (HKLM-x32\...\{093C645A-294E-41E4-904C-DDF13DC47A27}) (Version: 12.3.6.12 - HP) iCloud (HKLM\...\{4BB313CE-D3D1-424C-8823-15CF85B00B05}) (Version: 6.1.0.30 - Apple Inc.) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3503 - Acer Incorporated) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation) Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation) Intel(R) Turbo Boost Technology Monitor 2.5 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.5.1.0 - Intel) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.) Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.15 - Acer Inc.) loopMIDIBlockLegacy (x32 Version: 9.9.9.9 - Tobias Erichsen) Hidden Magic Assistant (HKLM\...\{45FB1CF2-FEB9-4335-8D35-DA0D1E8EEB6F}) (Version: 1.3.1.14 - Reflex IT) Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Movavi Video Editor 12 (HKLM-x32\...\Movavi Video Editor 12) (Version: 12.1.1 - Movavi) MuseScore 2 (HKLM-x32\...\{D0969A82-E79E-45D9-95D2-B2824880F780}) (Version: 2.0.2 - Werner Schweer and Others) MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden New Yorker Viewer (HKLM-x32\...\New Yorker Viewer1.0) (Version: 1.0 - The New Yorker) newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.) newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9006 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.9006 - NTI Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.0 - pdfforge GmbH) Penguin version 10 (HKLM-x32\...\{8A01202D-DB75-4C7A-B69D-B63C644FAE25}_is1) (Version: 10 - Dariusz Stachowski) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden PhoneBrowse 3.2.0 (HKLM-x32\...\{6A4F3A46-FC4A-4B5C-917C-B9BAAB99FE01}}_is1) (Version: 3.2.0 - iMobie Inc.) PhoneTrans 4.2.5 (HKLM-x32\...\{37823FA5-B4AA-458A-AADA-027A95958911}}_is1) (Version: 4.2.5 - iMobie Inc.) PhotoTrans 1.8.1 (HKLM-x32\...\{E980ED1F-AOF8-PF7E-B174-59POS2BOIUVB}}_is1) (Version: 1.8.1 - iMobie Inc.) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden POWERPREP II (HKLM-x32\...\{2687340C-C114-47DC-9F0E-C1BA85FEB001}) (Version: 2.2.0000 - ETS) Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 3.1 - Qualcomm Atheros) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) ReadCube (HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\...\ReadCube) (Version: - Labtiva, Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.) rtpMIDI (HKLM-x32\...\{c6191bca-2915-42ed-a491-fabd9c29c08d}) (Version: 1.1.6.238 - Tobias Erichsen) rtpMIDI (x32 Version: 1.1.6.238 - Tobias Erichsen) Hidden rtpMIDIBlockLegacy (x32 Version: 9.9.9.9 - Tobias Erichsen) Hidden SafeZone Stable 3.55.2393.561 (x32 Version: 3.55.2393.561 - Avast Software) Hidden Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.41.5 - Synaptics Incorporated) teVirtualMIDI64 (Version: 1.2.10.38 - Tobias Erichsen) Hidden Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden Ultima 4 - Quest of the Avatar (HKLM-x32\...\GOGPACKULTIMA4FREE_is1) (Version: 2.0.0.19 - GOG.com) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden VASSAL (3.2.13) (HKLM\...\VASSAL (3.2.13)) (Version: 3.2.13 - vassalengine.org) Video Edit Master (HKLM-x32\...\{35A99221-DAF4-4769-880F-ECC57548FBCC}) (Version: 2.0.0 - Hazem Osman) Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden VSDC Free Video Editor version 5.5.0.601 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 5.5.0.601 - Flash-Integro LLC) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated) WildTangent Games App (Acer Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3622033208-2468118113-1462319251-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marc Tannous\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3622033208-2468118113-1462319251-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marc Tannous\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3622033208-2468118113-1462319251-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marc Tannous\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3622033208-2468118113-1462319251-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marc Tannous\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {12BA9EB1-76F9-4978-8362-790EDF1265C8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {1CA8E271-119F-47F9-8385-ADE962FD1DEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {24E53FC3-A000-451F-BC2C-25AE44169137} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-07] (Adobe Systems Incorporated) Task: {272C8CEC-30AD-404F-A6BD-59CA0E40EAC0} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-03-27] (CyberLink) Task: {30065E7B-38F1-48D3-AD57-2D53EA568A41} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated) Task: {4C38CC9E-F257-4E0F-AA05-6FF51FBC72A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {577A7404-2589-4223-92F2-D38CBA75253A} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.) Task: {88386F79-13E0-4BF8-882C-359444C72D2B} - System32\Tasks\SafeZone scheduled Autoupdate 1452645413 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-15] (Avast Software) Task: {8D59832B-D25C-42A8-886A-40E7DF3D49E4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {9D98291B-6B71-4447-9A53-3D26FB2F78F7} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.) Task: {B212B35E-F31A-4F09-A6F7-DF7686A78B6B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-03-07] (Adobe Systems Incorporated) Task: {B8842D8E-B853-4653-9802-D25C095EB370} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-21] (AVAST Software) Task: {E2557D40-B595-4DB0-B9CF-8412723645DB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Marc Tannous\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ==================== Loaded Modules (Whitelisted) ============== 2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-02-24 17:51 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2017-02-21 20:28 - 2017-02-21 20:28 - 00162600 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll 2017-02-21 20:29 - 2017-02-21 20:29 - 00792656 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll 2013-03-20 05:21 - 2012-03-26 16:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2016-10-28 20:49 - 2016-10-17 15:05 - 00075776 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe 2017-02-21 20:29 - 2017-02-21 20:29 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-03-07 11:13 - 2017-03-07 11:13 - 05883904 _____ () C:\Program Files\AVAST Software\Avast\defs\17030705\algo.dll 2017-02-21 20:29 - 2017-02-21 20:29 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2012-03-31 14:08 - 2012-03-31 14:08 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2012-03-31 14:08 - 2012-03-31 14:08 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll 2012-03-31 14:08 - 2012-03-31 14:08 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll 2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2016-10-05 18:18 - 2016-10-05 18:18 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2017-01-13 13:56 - 2017-01-13 13:56 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2016-07-16 05:00 - 2016-07-16 05:00 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2017-02-21 20:27 - 2017-02-21 20:27 - 00289328 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll 2017-01-12 10:58 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2016-05-12 10:18 - 2016-05-12 10:18 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9494e643d25019b25b5cf70f2ffc0778\IsdiInterop.ni.dll 2013-03-20 05:03 - 2012-02-01 15:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2013-08-06 05:31 - 2012-02-07 17:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2017-02-06 16:30 - 2017-02-01 01:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll 2017-02-06 16:30 - 2017-02-01 01:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marc Tannous\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{C1CD171D-A63C-435D-AE96-51D916E7F7F1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{80008F5E-F97E-4019-8D4F-A239295B2186}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{F62E8827-1FE2-48F7-A4A7-25B890382D6F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{48B824D0-D460-42BD-AAAF-67570FD7B2B6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{01F35C41-2479-4BDA-859B-FFDBA38C51A7}] => (Allow) LPort=2869 FirewallRules: [{43161D11-D7EC-427A-BFD3-F39D619427C9}] => (Allow) LPort=1900 FirewallRules: [{78A1B605-1440-436D-9FE2-5D87EAA96EE7}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{5D65ABFE-431C-4AC6-8BAC-11A9728AA4DF}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{B5A6CFDD-45F1-4AAE-8381-79B13A062953}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{16E96122-9EF7-4AC4-B49F-07E9FF6CA0D8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{5631556E-D0B0-47F6-97D9-9224F13692BD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{D7FF6D6C-65E5-4EF3-B2C2-F562D3B50905}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{AD86EF88-36A0-4390-9E04-C0D9AE3339B6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{3602A412-EB0C-427C-8FAB-653E183F08D0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{4791EA40-C024-477A-A7C4-14139E5154AF}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{5BAECA65-58DA-4525-8292-F41987940FC9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{53FF7233-D2CD-4636-A557-489E826544C0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\Movie\PlayMovie.exe FirewallRules: [{277CC04F-A8E6-4CB1-B636-3102B56CC90E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\VideoPlayer.exe FirewallRules: [{9D4FA8DD-CE87-4015-8382-DDD21EBE1574}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\MusicPlayer.exe FirewallRules: [{C6AA5C6F-D92F-4706-A3CD-9EAC2E6364A0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe FirewallRules: [{82DA2B85-C718-45B4-8F75-8532089338DA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe FirewallRules: [{79B21130-5843-4A93-A6A7-5E9AE144FFFF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe FirewallRules: [{AE15B31A-3E5F-464E-BB38-ED7034F31B1D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe FirewallRules: [{676133B4-F2F1-4B1D-ABF2-CB22BEF50DDE}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [{63650D47-3E68-44F1-93FE-B219E8D7F00C}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [{C45BC583-227B-4A30-9D23-0ACDB9927CB2}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe FirewallRules: [{5EC11A12-993A-450B-A43B-AFFEE4031980}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe FirewallRules: [TCP Query User{1E1D22A5-BE6D-49BE-9771-40EA21241799}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe FirewallRules: [UDP Query User{4B91C5F1-6F27-47E2-AFD0-BBB3BC077999}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe FirewallRules: [{40DFB97C-8EAF-4196-B355-CE5B4E8544D1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe FirewallRules: [{F8C53766-B469-42CF-9186-FD43AD01DCB6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe FirewallRules: [{0E5C813B-EF59-44E6-A73A-F62F3A605827}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{8CECE56C-29E8-4AAF-AC43-F867BC0EDF82}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{1702590D-8424-4A46-ABA6-486224054E47}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{6C6C61C5-AE2C-4D60-BC24-66F17B7F3D4D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{6152C63A-1863-4FF5-822B-06008EFFC21A}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{AD39A0A4-CD1D-409B-A4CE-B7669AAF9888}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{E4A06EF7-2032-40C0-89E6-4C1C7916A017}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{7D8CCAE5-2928-4137-9753-179233CE2438}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{7B36C2BC-C286-47F8-A3E8-BEE402A9800D}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{64593FA8-E47E-442F-9C04-9982D6CBCF38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duskers\Duskers.exe FirewallRules: [{1B906CFE-5647-4366-A1AC-9B5A8C840B5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duskers\Duskers.exe FirewallRules: [{A46E1F68-DF3C-439C-B5C6-24310F047FD4}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{DEAE1926-D4A8-4F4D-B13A-41FD5E0D30A3}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{B62BC9E9-B038-4346-A46C-2B1E8F8CFAD7}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{F44C97D8-47A7-4794-9EC8-7E1067D5790B}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{66DE124D-5070-424A-86E8-47527346741E}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{3E2F5576-7D64-4AF2-9317-017BA8766B74}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{12EF0393-5951-44DE-898D-0985AC8FC7DE}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{951CF58E-4B2C-4839-B84E-75D848DA525D}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{5BEFB1AA-EABC-496A-8621-0188958C19D9}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{C89AB493-23E4-409A-8438-E1508ABCE40E}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{C19CB9B7-88C9-468D-BE06-1409B8CCC687}] => (Allow) C:\Users\Marc Tannous\AppData\Local\Temp\7zS38E2\HP.EasyStart.exe FirewallRules: [{D547225D-F95F-43DD-9AC3-117D423005F0}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\FaxApplications.exe FirewallRules: [{031469FB-D59D-40FB-856B-C292BAAB21EE}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\DigitalWizards.exe FirewallRules: [{332C817C-7DA9-453B-85BD-2A12FB35F185}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\SendAFax.exe FirewallRules: [{2F288DE9-0BDF-4500-B899-9F5D3E9B1B56}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\FaxPrinterUtility.exe FirewallRules: [{49EC2019-0771-4BBC-B394-C93900201F2E}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\DeviceSetup.exe FirewallRules: [{843DE9F1-04A5-4A3C-930C-B51E2AF453CA}] => (Allow) LPort=5357 FirewallRules: [{6E42B1F9-47A3-4594-9C69-52D7E603510C}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{C2EBA7FE-EE84-407E-99A3-08C6B2807FDB}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{6C8F3A8A-B1A1-49AE-8B0A-F84109B92A36}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{E0E49185-6B46-48D7-A265-A04171AF9E23}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe FirewallRules: [{6379D07D-6D7E-4DD3-8838-BB360FF2567E}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe FirewallRules: [{94C8CE60-B5C9-4814-A6FD-87353E618CB7}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe FirewallRules: [{AEBF32AA-68CD-4679-8DEE-D65F82A55BD9}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe FirewallRules: [{B87B5BDF-BDB0-4420-9664-F02785885847}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe FirewallRules: [{CEBEB7C9-7BAC-48F2-A627-1DA0E35FB199}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe FirewallRules: [{7002B960-3872-42DE-9C0A-295D9D945ED5}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{CD261715-8DC6-4B84-BDBF-0EAD544E9100}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{FA39C334-E6AF-4240-8F20-3D861D5069FB}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{A09A6AF3-434D-48A8-8985-75A5521D732A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe FirewallRules: [{758C6EFF-BB39-4B46-9D3A-100B7D6B0A2E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe FirewallRules: [{3CE333AD-1D51-4C16-89DD-A1D309681BDA}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{B9ECB613-8A71-469D-85AC-DAA6E762DB72}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{7B16EE33-1C80-4C1F-A99A-AAB3272F0A96}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{D5136432-28AE-4B59-BAE0-66064FD5A3B3}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{B4B239D3-8FB9-4FA3-9E5B-F277B838F7C1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{491F1353-919D-4F1E-B2A2-1A7D8FA4BF45}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{6A07B278-26D0-4038-973A-68A0C62FE761}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{1300EE8D-440C-412E-AB1C-175316B02D1A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{535723E3-BDF7-4045-A676-CF75F4EA730A}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{60EB8FD2-2CE3-467C-85B4-C3FB3698151E}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe FirewallRules: [{82BC050F-3078-4334-9914-6A1D60634565}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe FirewallRules: [{8313F583-F201-4BB3-BB80-3794C18F69D2}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe FirewallRules: [{EAE5742F-C256-4203-80FC-72EEDE124C72}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe FirewallRules: [{D9700431-EA91-4E9D-A104-599778DD8977}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe FirewallRules: [{762E2583-734E-478A-8846-C1C12581E0B2}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe FirewallRules: [{3D91CDF8-1039-4A50-91AD-20CBF3C4DA51}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe FirewallRules: [{5E900344-5F1C-4DE1-863E-EF8956029106}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe FirewallRules: [{E75A85E2-440C-420C-A65C-D54AC6B2AA59}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{9C8B21A4-0B6E-4B5C-8ECD-776624E1E073}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{CF9DF258-9A2C-4049-80A8-CCE211B711D5}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{B7101457-5102-47E9-BC8C-8A124E6D70D1}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{130B00FE-5570-458D-9B77-66C09CE8C531}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{639CB9D5-D1B5-4757-A909-BC57F6FC4A21}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{B3505E91-00D9-42F8-B9B5-8738DCC15793}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{B1A8C207-3B7A-45BB-ADBD-F41201AB2EED}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{3DDD9006-2CDC-4EDD-8F36-43F8C68CC94E}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{FBB9275E-56DE-45CA-99C3-31B96431247F}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{06DDBDD7-F787-4E6B-AEE0-96FA4E46D6D4}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{0C3CBDFA-A40B-4552-BC73-F0FB87343137}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{1C819FE7-4DC2-4599-B49A-106AEB83F932}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{34A84E03-84B1-4AB6-AE31-C0186AAC6431}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{2821DC17-6B5B-4858-8C0B-0A0CD48BDE38}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{B4B2D76A-317B-4BA5-8668-DEA6181AB721}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{35E7241B-6FA2-4A72-8071-78D9D58CAE8E}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{8349120B-7346-4B0E-908B-D8973643406A}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{85090703-7633-4D7B-800E-19F0CEE7B7C4}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{BD351271-6A19-48CB-814A-1F4AB9BFFC32}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{76109EE8-532B-4588-A42C-5C036EDCF2AE}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{0A562B07-624E-4CCA-8FE1-29053310C122}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{0490A12B-025D-4C59-B25C-658209D10656}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{03DABED7-D346-4A9A-B3A8-420F46657A35}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{45B94396-2096-4E7B-BB4C-14A11994318D}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe FirewallRules: [{5F49F715-2343-4A40-ABE0-43BE1B3F678F}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{A197DD35-7A07-4606-87B9-99FB3480C7EF}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{DF3C25EE-1922-4C43-8617-CD7049391CA6}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{901CEDEC-30AD-4404-AA54-98D540489E28}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe FirewallRules: [{10999C54-BF86-486A-8A2F-54029002161C}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe ==================== Restore Points ========================= 15-10-2016 15:35:26 Scheduled Checkpoint 16-10-2016 07:50:25 Windows Update 18-10-2016 19:17:44 Windows Update 20-10-2016 06:35:56 Quik 20-10-2016 06:43:21 Windows Modules Installer 21-10-2016 19:50:37 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 21-10-2016 20:09:37 Installed Video Edit Master 30-10-2016 16:29:29 Scheduled Checkpoint 04-11-2016 16:59:51 Removed HP OfficeJet Pro 8710 Basic Device Software 04-11-2016 17:00:51 Quik 04-11-2016 17:47:01 Quik 04-11-2016 17:52:41 Windows Modules Installer 09-11-2016 07:08:11 Windows Update 11-11-2016 19:29:38 Windows Update 21-11-2016 15:03:21 Scheduled Checkpoint 08-12-2016 17:02:20 Scheduled Checkpoint 10-12-2016 13:30:59 Installed DaVinci Resolve 10-12-2016 14:04:27 Installed QuickTime 7 14-12-2016 03:00:42 Windows Update 21-12-2016 09:22:32 Scheduled Checkpoint 26-12-2016 11:25:28 Removed DaVinci Resolve 26-12-2016 11:28:18 Quik 02-01-2017 18:31:09 Scheduled Checkpoint 08-01-2017 15:40:18 Installed Apple Mobile Device Support 08-01-2017 15:44:27 Installed Apple Application Support 12-01-2017 08:00:36 Windows Update 12-01-2017 10:58:08 Installed Brother Software Suite 12-01-2017 12:52:09 Device Driver Package Install: Brother Printers 15-01-2017 08:06:47 Installed iCloud 23-01-2017 20:31:46 Scheduled Checkpoint 31-01-2017 16:19:37 Scheduled Checkpoint 11-02-2017 15:10:23 Scheduled Checkpoint 21-02-2017 20:30:45 Device Driver Package Install: Avast Network Service 24-02-2017 19:00:39 Windows Update 04-03-2017 13:12:48 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/07/2017 07:25:11 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2438873 Error: (03/07/2017 07:25:11 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2438873 Error: (03/07/2017 07:25:11 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/07/2017 06:44:26 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. Error: (03/07/2017 06:34:34 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/07/2017 05:50:31 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7005 Error: (03/07/2017 05:50:31 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7005 Error: (03/07/2017 05:50:31 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/07/2017 04:49:48 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2045236 Error: (03/07/2017 04:49:48 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2045236 System errors: ============= Error: (03/07/2017 06:34:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified. Error: (03/07/2017 06:31:59 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout. Error: (03/07/2017 06:31:20 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {D0904ECD-CC91-11E4-BAB1-D4BED9D4D463} did not register with DCOM within the required timeout. Error: (03/07/2017 06:28:58 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {D0904ECE-CC91-11E4-B4BB-D4BED9D4D463} did not register with DCOM within the required timeout. Error: (03/07/2017 02:19:16 PM) (Source: Tcpip) (EventID: 4199) (User: ) Description: The system detected an address conflict for IP address 2607:fb90:278a:2954:dc44:523e:6132:2f92 with the system having network hardware address 00-15-FF-D0-DC-2D. Network operations on this system may be disrupted as a result. Error: (03/07/2017 07:38:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified. Error: (03/06/2017 07:46:35 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY) Description: A new BITS job could not be created. The current job count for the user MarcTannous-PC\Marc Tannous (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits. Error: (03/06/2017 05:21:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified. Error: (03/06/2017 04:53:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified. Error: (03/06/2017 04:18:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The aswbIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. CodeIntegrity: =================================== Date: 2016-08-12 08:42:49.722 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-12 08:42:49.410 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-10 05:40:58.251 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-10 05:40:58.173 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-08 15:56:55.914 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-08 15:56:55.852 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-07 07:56:43.738 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-07 07:56:43.473 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-02 19:31:13.989 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-02 19:31:13.708 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz Percentage of memory in use: 62% Total physical RAM: 3934.36 MB Available physical RAM: 1490.63 MB Total Virtual: 7866.89 MB Available Virtual: 5109.36 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:447.66 GB) (Free:49.38 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FC2A7643) Partition 1: (Not Active) - (Size=18 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=447.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Thanks again. FRST.txt Addition.txt
  5. Hello, I recently purchased a bitcoin miner so me and my friends can mine. The next day I woke up in the morning and turned on my PC and started a steam download for a game so it would download when I was at school. When I returned from school I saw chrome open with a fake adobe flash player website and at the bottom of chrome, the download bar was full of stuff I didn't download. I've done endless scans with Malware bytes (yes I have premium) and nothing has been detected. Also my PC crashes a lot, not from overheating because I have 4 case fans and a water cooler and the temperature never goes past 70•F. I don't know what other programs this one virus has downloaded but I'm afraid I might also have a keylogger so I haven't been signing into my steam account or my emails. Any help would be greatly appreciated. Also I have about 4 different MBAM services running. Thank you
  6. Hello, I believe that my computer is infected with a root kit. The first thing I noticed was that my firefox search extensions were rearranged and that a program called RocketTab was installed on my computer. I never conciously installed that program. Any attempts at uninstalling or deleting that program were unsuccessful so far, it always returns after reboot. This program is apparently located in the folder C:\Program Files\Search Extensions. First this folder contained only an uninstall.exe file. This is what virustotal says about that file: https://www.virustotal.com/file/6ccc20982c90c78e6b8f92ac4d811edd6a8c4b1075cc897f2e1c3bd1566bfbe9/analysis/1415910818/ Now the folder contains a whole bunch of files, among them one ironically named TrustedRoot.cerI have attached the contents of that folder as a zip file. Secondly, running or installing any anti-virus software is impossible and interrupted at some point by a different error message. I've tried Malwarebytes, Kaspersky Anti-Virus 2015, and Kaspersky TDSSKiller. I managed to run TDSSKiller in windows safe mode, and while it found no threats, it took particularly long to scan a file named mctadmin.exe which is apparently located at C:\Windows\System32. I also zipped and attached that file to this thread. While no virus scanner at virustotal identified it as a threat, one of the first hits when googling the name of that file is another malwarebytes forum thread describing symptoms very similar to mine: https://forums.malwarebytes.org/index.php?/topic/74208-rather-nasty-rootkit/ Any help in this matter would be very highly appreciated! Please also find attached my Farbar Recovery Scan Tool logfile and Addition.txt
  7. The latest version of Malwarbytes is reporting USBAAPL64.SYS as an unknown root kit driver. Apple identifies this as a USB driver for remote devices. Thanks for looking into this.
  8. Hello, I seem to have a zero access root kit on my machine and i think it happened after i foolishly clicked on a fake flash updater. I have followed the instructions in a few other threads where the person ishaving the same trouble and will attach the files to this post. Any help is greatly appreciated. The only thing I didnt do from the steps in other threads was use the user specific code and run combo fix since last time i did that i lost internet and never figured out how to get it back without a reformat. Attach.txt DDS.txt FRST.txt RKreport1.txt Search.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.