Trojan.zbot Removal Tool For Mac

Posted on  by 

I've gotten two emails from them about this in two weeks. I know some of these programs I've scanned my PC with might not be the best at detecting things, but I wanted to check with everything I had on hand, knew about, or Cox notified me about.

ZBot Removal Tool is a lightweight Windows application designed with a single goal in mind: to help users detect and remove the ZBot (or ZeusBot) virus from their computer. My computer Probook 6555b is infected with Trojan.Zbot. I have tried numerous applications to remove it and I - Answered by a verified Tech Support Specialist.

System scans clean / nothing is found with:

Windows 10 built in Windows Defender

Malwarebytes Anti-malware

Something Cox told me to use, called Microsoft Safety Scanner

Another thing Cox told me to use, Symantec Trojan.Zbot Removal Tool

ESET Online Scanner

Cox provided subscription to McAfee Multi Access - Total Protection

All scans were done both in safe mode and my regular login, except ESET which was done in safe mode with networking only. My wifi is secure with an absurdly long password and mac address filtering and the password was changed already since the first warning I got from Cox. I have no other devices other than this PC connected to my network. I did have an Amazon Fire, an iPhone and a few game consoles before but never reconnected them when I changed my wifi password after the first warning. I've always used Windows Firewall + router firewall, but am now using the one in the McAfee tool + router. Other than format my PC I'm not sure what else I can do, which is why I'm here. Google searching on the issue led me to someone posting here, and I've known about people helping others like you guys do here so I figured I'd give it a shot before I finally give in and format. I don't really want to sit here scanning my PC over and over with various tools that find nothing. Each scan that comes up clean drives me more and more crazy. I could honestly format and be done with it faster than scanning with every tool I find in the hopes something detects what Cox is telling me I have.

So here goes. I appreciate any help you guys can offer. I really don't want to format, but will as a last resort.

FRST log below, Addition attached.

----

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by MementoMori (administrator) on MEMENTOMORI-PC (06-02-2016 21:42:36)
Loaded Profiles: MementoMori (Available Profiles: MementoMori)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
Processes (Whitelisted)
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe
(NVIDIA Corporation) C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe
(Seiko Epson Corporation) C:WindowsSystem32escsvc64.exe
(SEIKO EPSON CORPORATION) C:Program FilesEPSONEpsonCustomerParticipationEPCP.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationGeForce Experience ServiceGfExperienceService.exe
(Logitech Inc.) C:Program FilesLogitech Gaming SoftwareDriversAPOServiceLogiRegistryService.exe
(NVIDIA Corporation) C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamService.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamNetworkService.exe
(McAfee, Inc.) C:Program FilesCommon FilesMcAfeeSystemCoremfemms.exe
(McAfee, Inc.) C:WindowsSystem32mfevtps.exe
(McAfee, Inc.) C:Program FilesCommon FilesMcAfeeCSP1.8.203.0McCSPServiceHost.exe
(McAfee, Inc.) C:Program FilesCommon FilesMcAfeeSystemCoremfefire.exe
(McAfee, Inc.) C:Program FilesMcAfeeMSCMcAPExe.exe
(McAfee, Inc.) C:Program FilesCommon FilesMcAfeeSystemCoremfefire.exe
(McAfee, Inc.) C:Program FilesCommon FilesMcAfeeAMCoremcshield.exe
(McAfee, Inc.) C:Program FilesCommon FilesMcAfeePlatformMcSvcHostMcSvHost.exe
(McAfee, Inc.) C:Program Files (x86)McAfeeSiteAdvisormcsacore.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe
(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe
(EVGA Corp.) C:Program Files (x86)EVGAPrecisionX 16PrecisionX_x64.exe
(Microsoft Corporation) C:WindowsSystemAppsMicrosoft.Windows.Cortana_cw5n1h2txyewyRemindersServer.exe
(NVIDIA Corporation) C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe
(Microsoft Corporation) C:WindowsSystem32SettingSyncHost.exe
(CMedia) C:Program FilesUNi Xonar AudioCustomappAsusAudioCenter.exe
() C:WindowsSystemHsMgr64.exe
(Logitech Inc.) C:Program FilesLogitech Gaming SoftwareLCore.exe
(SEIKO EPSON CORPORATION) C:WindowsSystem32spooldriversx643E_IATILAE.EXE
(SEIKO EPSON CORPORATION) C:Program Files (x86)EPSON SoftwareEvent ManagerEEventManager.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationShadowPlaynvspcaps64.exe
(Valve Corporation) D:Steambinsteamwebhelper.exe
(Valve Corporation) C:Program Files (x86)Common FilesSteamSteamService.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamUserAgent.exe
(EVGA Corp.) C:Program Files (x86)EVGAPrecisionX 16PrecisionXServer.exe
(EVGA Corp.) C:Program Files (x86)EVGAPrecisionX 16PrecisionXServer_x64.exe
(Microsoft Corporation) C:WindowsSystem32LocationNotificationWindows.exe
(Microsoft Corporation) C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_17.6568.16731.0_x64__8wekyb3d8bbweHxMail.exe
(Microsoft Corporation) C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_17.6568.16731.0_x64__8wekyb3d8bbweHxTsr.exe
() C:Program FilesWindowsAppsMicrosoft.WindowsCalculator_10.1601.19020.0_x64__8wekyb3d8bbweCalculator.exe
(Microsoft Corporation) C:WindowsSystem32LocationNotificationWindows.exe
(Microsoft Corporation) C:WindowsSystem32LocationNotificationWindows.exe
(Microsoft Corporation) C:WindowsSystem32LockAppHost.exe
(Microsoft Corporation) C:WindowsSystem32LocationNotificationWindows.exe
(Microsoft Corporation) C:WindowsSystem32LocationNotificationWindows.exe
(McAfee, Inc.) C:Program FilesCommon FilesMcAfeePlatformMcUICnt.exe
(Microsoft Corporation) C:WindowsSystem32dllhost.exe
(Microsoft Corporation) C:WindowsSystem32dllhost.exe
Registry (Whitelisted)
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM...Run: [Cmaudio8788] => C:WINDOWSsyswow64RunDll32.exe C:WINDOWSSyswow64cmicnfgp.dll,CMICtrlWnd
HKLM...Run: [Cmaudio8788GX] => C:WINDOWSsyswow64HsMgr.exe [200704 2008-07-11] ()
HKLM...Run: [Cmaudio8788GX64] => C:WINDOWSsystemHsMgr64.exe [282112 2008-07-11] ()
HKLM...Run: [NvBackend] => C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe [2787264 2016-01-11] (NVIDIA Corporation)
HKLM...Run: [ShadowPlay] => 'C:WINDOWSsystem32rundll32.exe' C:WINDOWSsystem32nvspcap64.dll,ShadowPlayOnSystemStart
HKLM...Run: [Launch LCore] => C:Program FilesLogitech Gaming SoftwareLCore.exe [15009400 2015-10-14] (Logitech Inc.)
HKLM-x32...Run: [EEventManager] => C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe [1065024 2014-06-10] (SEIKO EPSON CORPORATION)
HKLM-x32...Run: [SunJavaUpdateSched] => C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [594992 2016-01-29] (Oracle Corporation)
HKUS-1-5-21-2712218113-430331144-635360849-1000...Run: [GalaxyClient] => [X]
HKUS-1-5-21-2712218113-430331144-635360849-1000...Run: [EPLTargetP0000000000000000] => C:WINDOWSsystem32spoolDRIVERSx643E_IATILAE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKUS-1-5-21-2712218113-430331144-635360849-1000...Run: [Steam] => D:Steamsteam.exe [3014224 2016-02-04] (Valve Corporation)
HKUS-1-5-21-2712218113-430331144-635360849-1000...RunOnce: [Uninstall C:UsersMementoMoriAppDataLocalMicrosoftOneDrive17.3.5892.0626amd64] => C:WINDOWSsystem32cmd.exe /q /c rmdir /s /q 'C:UsersMementoMoriAppDataLocalMicrosoftOneDrive17.3.5892.0626amd64'
Internet (Whitelisted)
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
TcpipParameters: [DhcpNameServer] 192.168.1.1
Tcpip..Interfaces{66708aac-3cce-462f-a391-39828a070c95}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:Program Files (x86)Javajre1.8.0_73binssv.dll [2016-02-06] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:Program Files (x86)Javajre1.8.0_73binjp2ssv.dll [2016-02-06] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:Program Files (x86)McAfeeSiteAdvisorx64McIEPlg.dll [2015-12-29] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:Program Files (x86)McAfeeSiteAdvisorMcIEPlg.dll [2015-12-29] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:Program Files (x86)McAfeeSiteAdvisorx64McIEPlg.dll [2015-12-29] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:Program Files (x86)McAfeeSiteAdvisorMcIEPlg.dll [2015-12-29] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:Program FilesMcAfeeMSCMcSnIePl64.dll [2015-12-03] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:Program Files (x86)McAfeeMSCMcSnIePl.dll [2015-12-03] (McAfee, Inc.)
FireFox:
FF ProfilePath: C:UsersMementoMoriAppDataRoamingMozillaFirefoxProfilesl85ig9fd.default
FF Session Restore: -> is enabled.
FF Plugin: @mcafee.com/MSC,version=10 -> c:PROGRA~1mcafeemscNPMCSN~1.DLL [2015-12-03] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:Program FilesMicrosoft Silverlight5.1.41212.0npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:Program Files (x86)Javajre1.8.0_73bindtpluginnpDeployJava1.dll [2016-02-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:Program Files (x86)Javajre1.8.0_73binplugin2npjp2.dll [2016-02-06] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:PROGRA~2mcafeemscNPMCSN~1.DLL [2015-12-03] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:Program Files (x86)Microsoft Silverlight5.1.41212.0npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:Program Files (x86)GoogleUpdate1.3.29.5npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:Program Files (x86)GoogleUpdate1.3.29.5npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:Program Files (x86)VideoLANVLCnpvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:Program Files (x86)AdobeAcrobat Reader DCReaderAIRnppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKUS-1-5-21-2712218113-430331144-635360849-1000: @my.com/Games -> C:UsersMementoMoriAppDataLocalMyComGamesNPMyComDetector.dll [2015-08-24] (My.com, Inc)
FF Extension: LastPass - C:UsersMementoMoriAppDataRoamingMozillaFirefoxProfilesl85ig9fd.defaultextensionssupport@lastpass.com [2015-08-07]
FF Extension: McAfee WebAdvisor - C:Program Files (x86)McAfeeSiteAdvisorsaffplg.xpi [2015-12-29]
FF HKLM...FirefoxExtensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:Program Files (x86)McAfeeSiteAdvisorsaffplg.xpi
FF HKLM-x32...FirefoxExtensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:Program Files (x86)McAfeeSiteAdvisorsaffplg.xpi
FF HKLM-x32...ThunderbirdExtensions: [msktbird@mcafee.com] - C:Program FilesMcAfeeMSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:Program FilesMcAfeeMSK [2016-01-23] [not signed]
Chrome:
CHR NewTab: Default -> 'chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html'
CHR DefaultSearchURL: Default -> hxxps://mail.google.com/mail/u/0/#inbox/152b7ce932786fcb
CHR Session Restore: Default -> is enabled.
CHR Profile: C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefault
CHR Extension: (Google Slides) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2015-08-07]
CHR Extension: (Magic Actions for YouTube™) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsabjcfabbhafbcdfjoecdgepllmpfceif [2016-01-31]
CHR Extension: (Entanglement Web App) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsaciahcmjmecflokailenpkdchphgkefd [2015-08-07]
CHR Extension: (Google Docs) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2015-08-07]
CHR Extension: (Google Drive) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (NeoGAF Live Thread) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsblbfgndoggabppkoehpipfadjelcofmp [2015-08-07]
CHR Extension: (YouTube) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Wikiwand: Wikipedia Modernized) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsemffkefkbkpkgpdeeooapgaicgmcbolj [2016-01-05]
CHR Extension: (Google Sheets) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2015-08-07]
CHR Extension: (Wunderlist - To-do and Task list) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsfjliknjliaohjgjajlgolhijphojjdkc [2016-01-21]
CHR Extension: (Google Docs Offline) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsgighmmpiobklfepjocnamgkkbiglidom [2016-02-05]
CHR Extension: (LastPass: Free Password Manager) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionshdokiejnpimakedhajhdlcegeplioahd [2016-01-29]
CHR Extension: (ytma!) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsijioppmkelhobdlpbcgojamecmailcnh [2015-08-07]
CHR Extension: (PSDLE) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsjdjhhapoddhnimgdemnpbfagndcnmhii [2015-12-24]
CHR Extension: (Speed Dial 2) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsjpfpebmajhhopeonhlcgidhclcccjcik [2015-11-10]
CHR Extension: (Reddit Enhancement Suite) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionskbmfpngjjgdllneeigpgjifpgocmfgmb [2016-01-11]
CHR Extension: (Poppit!) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsmcbkbpnkkkipelfledbfocopglifcfmi [2015-08-07]
CHR Extension: (Google Dictionary (by Google)) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsmgijmajocgfcbeboacabfgobmjgjcoja [2015-08-07]
CHR Extension: (Chrome Web Store Payments) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2015-08-07]
CHR Extension: (Hover Zoom+) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionspccckmaobkjjboncdfnnofkonhgpceea [2016-01-29]
CHR Extension: (Evernote Web Clipper) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionspioclpoplcdbaefihamjohnefbikjilc [2015-09-29]
CHR Extension: (Gmail) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2015-08-07]
CHR HKLM...ChromeExtension: [fheoggkfdfchfphceeifdbepaooicaho] - C:Program Files (x86)McAfeeSiteAdvisorMcChPlg.crx [2016-01-23]
CHR HKLM-x32...ChromeExtension: [fheoggkfdfchfphceeifdbepaooicaho] - C:Program Files (x86)McAfeeSiteAdvisorMcChPlg.crx [2016-01-23]
Services (Whitelisted)
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 0166071453592607mcinstcleanup; C:UsersMementoMoriAppDataLocalTemp0166071453592607mcinst.exe [883024 2015-10-28] (McAfee, Inc.)
R2 EpsonScanSvc; C:WINDOWSsystem32EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
S3 GalaxyClientService; C:Program Files (x86)GalaxyClientGalaxyClientService.exe [1616440 2015-11-08] (GOG.com)
S3 GalaxyCommunication; C:ProgramDataGOG.comGalaxyredistsGalaxyCommunication.exe [6952504 2015-11-08] (GOG.com)
R2 GfExperienceService; C:Program FilesNVIDIA CorporationGeForce Experience ServiceGfExperienceService.exe [1163200 2016-01-11] (NVIDIA Corporation)
R2 HomeNetSvc; C:Program FilesCommon FilesMcAfeePlatformMcSvcHostMcSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 LogiRegistryService; C:Program FilesLogitech Gaming SoftwareDriversAPOServiceLogiRegistryService.exe [193144 2015-10-14] (Logitech Inc.)
S2 MBAMScheduler; C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:Program Files (x86)McAfeeSiteAdvisorMcSACore.exe [158952 2015-12-29] (McAfee, Inc.)
R2 McAPExe; C:Program FilesMcAfeeMSCMcAPExe.exe [863448 2015-12-03] (McAfee, Inc.)
R2 mccspsvc; C:Program FilesCommon FilesMcAfeeCSP1.8.203.0McCSPServiceHost.exe [1694152 2015-12-02] (McAfee, Inc.)
R2 McMPFSvc; C:Program FilesCommon FilesMcAfeePlatformMcSvcHostMcSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McNaiAnn; C:Program FilesCommon FilesMcAfeePlatformMcSvcHostMcSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 McODS; C:Program FilesMcAfeeVirusScanmcods.exe [679120 2015-10-20] (McAfee, Inc.)
R2 mcpltsvc; C:Program FilesCommon FilesMcAfeePlatformMcSvcHostMcSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McProxy; C:Program FilesCommon FilesMcAfeePlatformMcSvcHostMcSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R3 mfefire; C:Program FilesCommon FilesMcAfeeSystemCoremfefire.exe [233680 2015-09-21] (McAfee, Inc.)
R2 mfemms; C:Program FilesCommon FilesMcAfeeSystemCoremfemms.exe [378848 2015-10-21] (McAfee, Inc.)
R3 mfevtp; C:WINDOWSsystem32mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
R2 MSK80Service; C:Program FilesCommon FilesMcAfeePlatformMcSvcHostMcSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 npggsvc; C:WINDOWSSysWOW64GameMon.des [3806032 2015-10-13] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe [1879488 2016-01-11] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamNetworkService.exe [6308288 2016-01-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamService.exe [4812736 2016-01-11] (NVIDIA Corporation)
S3 Origin Client Service; D:OriginOriginClientService.exe [2104840 2015-12-12] (Electronic Arts)
S3 WdNisSvc; C:Program FilesWindows DefenderNisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:Program FilesWindows DefenderMsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
Drivers (Whitelisted)
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:WindowsSystem32driverscfwids.sys [80760 2015-09-23] (McAfee, Inc.)
R3 cmudaxp; C:Windowssystem32driverscmudaxp.sys [2735616 2015-06-02] (C-Media Inc)
S3 HipShieldK; C:WindowsSystem32driversHipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R2 LGCoreTemp; C:Program FilesLogitech Gaming SoftwareDriversLgCoreTemplgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:Windowssystem32driversLGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R3 LGSHidFilt; C:WindowsSystem32driversLGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 LGSUsbFilt; C:WindowsSystem32driversLGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
S3 MBAMProtector; C:WINDOWSsystem32driversmbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:WINDOWSsystem32driversmwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 mfeaack; C:WindowsSystem32driversmfeaack.sys [415976 2015-09-23] (McAfee, Inc.)
R3 mfeavfk; C:WindowsSystem32driversmfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
S0 mfeelamk; C:WindowsSystem32driversmfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)
R3 mfefirek; C:WindowsSystem32driversmfefirek.sys [497888 2015-09-23] (McAfee, Inc.)
R0 mfehidk; C:WindowsSystem32driversmfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
R3 mfencbdc; C:Windowssystem32DRIVERSmfencbdc.sys [537192 2015-10-06] (McAfee, Inc.)
S3 mfencrk; C:Windowssystem32DRIVERSmfencrk.sys [109480 2015-10-06] (McAfee, Inc.)
R3 mfesapsn; C:Program Files (x86)McAfeeSiteAdvisorx64mfesapsn.sys [37448 2015-12-29] (McAfee, Inc.)
R0 mfewfpk; C:WindowsSystem32driversmfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)
R3 NvStreamKms; C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamKms.sys [26560 2016-01-11] (NVIDIA Corporation)
S3 NVSWCFilter; C:WindowsSystem32driversnvswcfilter.sys [19616 2015-07-23] (Windows ® Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:Windowssystem32driversnvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rt640x64; C:WindowsSystem32driversrt640x64.sys [587264 2015-07-10] (Realtek )
S3 tap0901_openvpn_accl; C:WindowsSystem32driverstap0901_openvpn_accl.sys [37912 2015-01-13] (The OpenVPN Project)
S3 UdeCx; C:WindowsSystem32driversudecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:Windowssystem32driversWdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:Windowssystem32driversWdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:WindowsSystem32DriversWdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WinRing0_1_2_0; C:Program Files (x86)EVGAPrecisionX 16WinRing0WinRing0x64.sys [14536 2015-10-20] (OpenLibSys.org)
S3 xhunter1; C:WINDOWSxhunter1.sys [36904 2016-02-04] (Wellbia.com Co., Ltd.)
S3 wfpcapture; SystemRootSystem32driverswfpcapture.sys [X]
NetSvcs (Whitelisted)
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
One Month Created files and folders
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-06 21:42 - 2016-02-06 21:42 - 00022076 _____ C:UsersMementoMoriDesktopFRST.txt
2016-02-06 21:35 - 2016-02-06 21:42 - 00000000 ____D C:FRST
2016-02-06 21:35 - 2016-02-06 21:35 - 02370560 _____ (Farbar) C:UsersMementoMoriDesktopFRST64.exe
2016-02-06 21:14 - 2016-02-06 21:14 - 00016148 _____ C:WINDOWSsystem32MEMENTOMORI-PC_MementoMori_HistoryPrediction.bin
2016-02-06 19:49 - 2016-02-06 19:49 - 00004020 _____ C:WINDOWSSystem32TasksIntel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-02-06 16:09 - 2016-02-06 16:09 - 00004208 _____ C:WINDOWSSystem32TasksIntel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-02-04 14:51 - 2016-02-04 17:28 - 00036904 _____ (Wellbia.com Co., Ltd.) C:WINDOWSxhunter1.sys
2016-02-04 14:51 - 2016-02-04 14:51 - 00000000 ____D C:UsersMementoMoriDocumentsBlack Desert
2016-02-04 14:12 - 2016-02-04 14:12 - 00000904 _____ C:UsersPublicDesktopBlack Desert Character Creator.lnk
2016-02-04 14:12 - 2016-02-04 14:12 - 00000904 _____ C:ProgramDataMicrosoftWindowsStart MenuBlack Desert Character Creator.lnk
2016-02-04 14:12 - 2016-02-04 14:12 - 00000000 ____D C:UsersMementoMoriAppDataLocalBDOCharacterCreator
2016-02-04 14:12 - 2016-02-04 14:12 - 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsBDOCharacterCreator
2016-01-23 21:58 - 2016-01-24 14:29 - 00007626 _____ C:UsersMementoMoriAppDataLocalResmon.ResmonCfg
2016-01-23 17:44 - 2016-01-23 17:44 - 00003138 _____ C:WINDOWSSystem32TasksMcAfeeLogon
2016-01-23 17:44 - 2016-01-23 17:44 - 00001989 _____ C:UsersPublicDesktopMcAfee Multi Access - Total Protection (PC).lnk
2016-01-23 17:44 - 2016-01-23 17:44 - 00000000 ____D C:WINDOWSSystem32TasksMcAfee
2016-01-23 17:44 - 2016-01-23 17:44 - 00000000 ____D C:UsersMementoMoriAppDataRoamingMacromedia
2016-01-23 17:44 - 2016-01-23 17:44 - 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMcAfee
2016-01-23 17:44 - 2016-01-23 17:44 - 00000000 ____D C:Program Files (x86)McAfee.com
2016-01-23 17:44 - 2015-09-23 09:43 - 00082072 _____ (McAfee, Inc.) C:WINDOWSsystem32Driversmfeelamk.sys
2016-01-23 17:44 - 2015-09-23 09:43 - 00080760 _____ (McAfee, Inc.) C:WINDOWSsystem32Driverscfwids.sys
2016-01-23 17:44 - 2015-05-19 13:59 - 00207208 _____ (McAfee, Inc.) C:WINDOWSsystem32DriversHipShieldK.sys
2016-01-23 17:43 - 2016-01-24 23:26 - 00000000 ____D C:Program Files (x86)McAfee
2016-01-23 17:43 - 2016-01-23 17:44 - 00000000 ____D C:Program FilesMcAfee
2016-01-23 17:43 - 2016-01-23 17:43 - 00000000 ____D C:Program FilesMcAfee.com
2016-01-23 17:43 - 2016-01-23 17:43 - 00000000 ____D C:Program FilesCommon FilesAV
2016-01-23 17:43 - 2015-09-23 09:43 - 00497888 _____ (McAfee, Inc.) C:WINDOWSsystem32Driversmfefirek.sys
2016-01-23 17:43 - 2015-09-23 09:43 - 00244544 _____ (McAfee, Inc.) C:WINDOWSsystem32Driversmfewfpk.sys
2016-01-23 17:42 - 2016-01-23 17:44 - 00000000 ____D C:Program FilesCommon FilesMcAfee
2016-01-23 17:42 - 2015-09-23 09:43 - 00841944 _____ (McAfee, Inc.) C:WINDOWSsystem32Driversmfehidk.sys
2016-01-23 17:42 - 2015-09-23 09:43 - 00415976 _____ (McAfee, Inc.) C:WINDOWSsystem32Driversmfeaack.sys
2016-01-23 17:42 - 2015-09-23 09:43 - 00351120 _____ (McAfee, Inc.) C:WINDOWSsystem32Driversmfeavfk.sys
2016-01-23 17:42 - 2015-09-21 13:33 - 00256840 _____ (McAfee, Inc.) C:WINDOWSsystem32mfevtps.exe
2016-01-23 17:41 - 2016-02-01 11:47 - 00000052 _____ C:UsersMementoMoriDesktopNew Text Document.txt
2016-01-23 17:41 - 2016-01-24 23:26 - 00000000 ____D C:ProgramDataMcAfee
2016-01-23 17:41 - 2016-01-23 17:41 - 08204776 _____ (McAfee, Inc.) C:UsersMementoMoriDesktopMcAfeeSetup-Serial.exe
2016-01-23 03:08 - 2016-01-23 03:08 - 00000214 _____ C:WINDOWSTasksCreateExplorerShellUnelevatedTask.job
2016-01-23 00:03 - 2016-01-23 00:05 - 148155664 _____ (Microsoft Corporation) C:UsersMementoMoriDownloadsmsert.exe
Trojan.zbot Removal Tool For Mac
2016-01-22 23:44 - 2016-01-23 11:23 - 00479444 _____ C:WINDOWSntbtlog.txt
2016-01-22 23:39 - 2016-01-22 23:44 - 00000000 ____D C:NPE
2016-01-22 23:38 - 2016-01-22 23:45 - 00000000 ____D C:UsersMementoMoriAppDataLocalNPE
2016-01-22 23:38 - 2016-01-22 23:38 - 00000000 ____D C:ProgramDataNorton
2016-01-22 22:30 - 2016-01-23 16:47 - 00192216 _____ (Malwarebytes) C:WINDOWSsystem32DriversMBAMSwissArmy.sys
2016-01-22 22:30 - 2016-01-22 22:30 - 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes Anti-Malware
2016-01-22 22:30 - 2016-01-22 22:30 - 00000000 ____D C:ProgramDataMalwarebytes
2016-01-22 22:30 - 2016-01-22 22:30 - 00000000 ____D C:Program Files (x86)Malwarebytes Anti-Malware
2016-01-22 22:30 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamchameleon.sys
2016-01-22 22:30 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:WINDOWSsystem32Driversmwac.sys
2016-01-22 22:30 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbam.sys
2016-01-17 14:53 - 2016-01-17 14:53 - 00000000 ____D C:WINDOWSLastGood.Tmp
2016-01-17 14:52 - 2015-12-18 00:10 - 00099472 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvaudcap64v.dll
2016-01-17 14:52 - 2015-12-18 00:10 - 00090768 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvaudcap32v.dll
2016-01-16 01:11 - 2016-01-16 01:11 - 00000000 ____D C:UsersMementoMoriAppDataLocalCAPCOM
2016-01-14 14:42 - 2016-01-14 14:42 - 00000000 ____D C:UsersMementoMoriDocumentsBnS
2016-01-14 14:42 - 2016-01-14 14:42 - 00000000 ____D C:Program FilesCommon FilesINCA Shared
2016-01-14 14:42 - 2015-10-13 07:32 - 03806032 _____ (INCA Internet Co., Ltd.) C:WINDOWSSysWOW64GameMon.des
2016-01-14 14:42 - 2005-01-03 00:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:WINDOWSSysWOW64npptNT2.sys
2016-01-14 14:42 - 2003-07-18 15:17 - 00005174 _____ C:WINDOWSSysWOW64nppt9x.vxd
2016-01-14 13:55 - 2016-01-14 13:55 - 00000000 ____D C:NCSOFT
2016-01-14 13:54 - 2016-01-14 13:54 - 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsNCWest
2016-01-14 13:54 - 2016-01-14 13:54 - 00000000 ____D C:Program Files (x86)NCWest
2016-01-13 10:05 - 2016-01-04 21:07 - 02463704 _____ (Microsoft Corporation) C:WINDOWSsystem32mfcore.dll
2016-01-13 10:05 - 2016-01-04 21:07 - 00377592 _____ (Microsoft Corporation) C:WINDOWSsystem32MP4SDECD.DLL
2016-01-13 10:05 - 2016-01-04 21:06 - 08022368 _____ (Microsoft Corporation) C:WINDOWSsystem32ntoskrnl.exe
2016-01-13 10:05 - 2016-01-04 21:06 - 01991120 _____ (Microsoft Corporation) C:WINDOWSsystem32WMVENCOD.DLL
2016-01-13 10:05 - 2016-01-04 21:06 - 01270104 _____ (Microsoft Corporation) C:WINDOWSsystem32mfnetsrc.dll
2016-01-13 10:05 - 2016-01-04 21:06 - 01063504 _____ (Microsoft Corporation) C:WINDOWSsystem32msmpeg2adec.dll
2016-01-13 10:05 - 2016-01-04 21:06 - 00119800 _____ (Microsoft Corporation) C:WINDOWSsystem32MP3DMOD.DLL
2016-01-13 10:05 - 2016-01-04 21:04 - 02824248 _____ (Microsoft Corporation) C:WINDOWSsystem32msmpeg2vdec.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 02641928 _____ (Microsoft Corporation) C:WINDOWSsystem32WMVDECOD.DLL
2016-01-13 10:05 - 2016-01-04 21:04 - 01591848 _____ (Microsoft Corporation) C:WINDOWSsystem32gdi32.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 01150816 _____ (Microsoft Corporation) C:WINDOWSsystem32aeinv.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00862056 _____ (Microsoft Corporation) C:WINDOWSsystem32mfnetcore.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00787720 _____ (Microsoft Corporation) C:WINDOWSsystem32WMADMOD.DLL
2016-01-13 10:05 - 2016-01-04 21:04 - 00784136 _____ (Microsoft Corporation) C:WINDOWSsystem32mfsvr.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00779928 _____ (Microsoft Corporation) C:WINDOWSsystem32evr.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00772448 _____ (Microsoft Corporation) C:WINDOWSsystem32invagent.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00751992 _____ (Microsoft Corporation) C:WINDOWSsystem32WMADMOE.DLL
2016-01-13 10:05 - 2016-01-04 21:04 - 00667856 _____ (Microsoft Corporation) C:WINDOWSsystem32advapi32.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00250520 _____ (Microsoft Corporation) C:WINDOWSsystem32MPG4DECD.DLL
2016-01-13 10:05 - 2016-01-04 21:04 - 00249464 _____ (Microsoft Corporation) C:WINDOWSsystem32RESAMPLEDMO.DLL
2016-01-13 10:05 - 2016-01-04 21:04 - 00243248 _____ (Microsoft Corporation) C:WINDOWSsystem32mfps.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00233992 _____ (Microsoft Corporation) C:WINDOWSsystem32mftranscode.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00115704 _____ (Microsoft Corporation) C:WINDOWSsystem32VIDRESZR.DLL
2016-01-13 10:05 - 2016-01-04 21:04 - 00090912 _____ (Microsoft Corporation) C:WINDOWSsystem32devenum.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00083704 _____ (Microsoft Corporation) C:WINDOWSsystem32mfvdsp.dll
2016-01-13 10:05 - 2016-01-04 20:59 - 00781976 _____ (Microsoft Corporation) C:WINDOWSsystem32mfds.dll
2016-01-13 10:05 - 2016-01-04 20:52 - 00441696 _____ (Microsoft Corporation) C:WINDOWSsystem32devinv.dll
2016-01-13 10:05 - 2016-01-04 20:50 - 01083072 _____ (Microsoft Corporation) C:WINDOWSsystem32appraiser.dll
2016-01-13 10:05 - 2016-01-04 20:50 - 00723648 _____ (Microsoft Corporation) C:WINDOWSsystem32generaltel.dll
2016-01-13 10:05 - 2016-01-04 20:50 - 00345080 _____ (Microsoft Corporation) C:WINDOWSsystem32WMVSDECD.DLL
2016-01-13 10:05 - 2016-01-04 20:50 - 00251544 _____ (Microsoft Corporation) C:WINDOWSsystem32MP43DECD.DLL
2016-01-13 10:05 - 2016-01-04 20:50 - 00205072 _____ (Microsoft Corporation) C:WINDOWSsystem32COLORCNV.DLL
2016-01-13 10:05 - 2016-01-04 20:31 - 01365576 _____ (Microsoft Corporation) C:WINDOWSSysWOW64gdi32.dll
2016-01-13 10:05 - 2016-01-04 20:30 - 02459096 _____ (Microsoft Corporation) C:WINDOWSSysWOW64WMVDECOD.DLL
2016-01-13 10:05 - 2016-01-04 20:30 - 02162064 _____ (Microsoft Corporation) C:WINDOWSSysWOW64WMVENCOD.DLL
2016-01-13 10:05 - 2016-01-04 20:30 - 02152744 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfcore.dll
2016-01-13 10:05 - 2016-01-04 20:30 - 01106872 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfnetsrc.dll
2016-01-13 10:05 - 2016-01-04 20:30 - 00882208 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msmpeg2adec.dll
2016-01-13 10:05 - 2016-01-04 20:30 - 00368776 _____ (Microsoft Corporation) C:WINDOWSSysWOW64MP4SDECD.DLL
2016-01-13 10:05 - 2016-01-04 20:30 - 00232896 _____ (Microsoft Corporation) C:WINDOWSSysWOW64RESAMPLEDMO.DLL
2016-01-13 10:05 - 2016-01-04 20:30 - 00100712 _____ (Microsoft Corporation) C:WINDOWSSysWOW64MP3DMOD.DLL
2016-01-13 10:05 - 2016-01-04 20:29 - 00208688 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mftranscode.dll
2016-01-13 10:05 - 2016-01-04 20:28 - 02445128 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msmpeg2vdec.dll
2016-01-13 10:05 - 2016-01-04 20:28 - 00714808 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfnetcore.dll
2016-01-13 10:05 - 2016-01-04 20:28 - 00696192 _____ (Microsoft Corporation) C:WINDOWSSysWOW64WMADMOE.DLL
2016-01-13 10:05 - 2016-01-04 20:28 - 00695752 _____ (Microsoft Corporation) C:WINDOWSSysWOW64WMADMOD.DLL
2016-01-13 10:05 - 2016-01-04 20:28 - 00645144 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfsvr.dll
2016-01-13 10:05 - 2016-01-04 20:28 - 00635312 _____ (Microsoft Corporation) C:WINDOWSSysWOW64evr.dll
2016-01-13 10:05 - 2016-01-04 20:28 - 00497896 _____ (Microsoft Corporation) C:WINDOWSSysWOW64advapi32.dll
2016-01-13 10:05 - 2016-01-04 20:28 - 00277400 _____ (Microsoft Corporation) C:WINDOWSSysWOW64MPG4DECD.DLL
2016-01-13 10:05 - 2016-01-04 20:28 - 00116728 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfps.dll
2016-01-13 10:05 - 2016-01-04 20:28 - 00107952 _____ (Microsoft Corporation) C:WINDOWSSysWOW64VIDRESZR.DLL
2016-01-13 10:05 - 2016-01-04 20:28 - 00082096 _____ (Microsoft Corporation) C:WINDOWSSysWOW64devenum.dll
2016-01-13 10:05 - 2016-01-04 20:28 - 00072808 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfvdsp.dll
2016-01-13 10:05 - 2016-01-04 20:21 - 00658528 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfds.dll
2016-01-13 10:05 - 2016-01-04 20:18 - 21873152 _____ (Microsoft Corporation) C:WINDOWSsystem32edgehtml.dll
2016-01-13 10:05 - 2016-01-04 20:15 - 24592896 _____ (Microsoft Corporation) C:WINDOWSsystem32mshtml.dll
2016-01-13 10:05 - 2016-01-04 20:15 - 00931328 _____ (Microsoft Corporation) C:WINDOWSsystem32MSMPEG2ENC.DLL
2016-01-13 10:05 - 2016-01-04 20:15 - 00235008 _____ (Microsoft Corporation) C:WINDOWSsystem32UserMgrProxy.dll
2016-01-13 10:05 - 2016-01-04 20:15 - 00042496 _____ (Microsoft Corporation) C:WINDOWSsystem32usermgrcli.dll
2016-01-13 10:05 - 2016-01-04 20:10 - 00539136 _____ (Microsoft Corporation) C:WINDOWSsystem32mfh264enc.dll
2016-01-13 10:05 - 2016-01-04 20:10 - 00305776 _____ (Microsoft Corporation) C:WINDOWSSysWOW64WMVSDECD.DLL
2016-01-13 10:05 - 2016-01-04 20:10 - 00278424 _____ (Microsoft Corporation) C:WINDOWSSysWOW64MP43DECD.DLL
2016-01-13 10:05 - 2016-01-04 20:10 - 00188032 _____ (Microsoft Corporation) C:WINDOWSSysWOW64COLORCNV.DLL
2016-01-13 10:05 - 2016-01-04 20:09 - 01234944 _____ (Microsoft Corporation) C:WINDOWSsystem32aitstatic.exe
2016-01-13 10:05 - 2016-01-04 20:09 - 00205312 _____ (Microsoft Corporation) C:WINDOWSsystem32aepic.dll
2016-01-13 10:05 - 2016-01-04 20:02 - 01672192 _____ (Microsoft Corporation) C:WINDOWSsystem32quartz.dll
2016-01-13 10:05 - 2016-01-04 20:02 - 00678912 _____ (Microsoft Corporation) C:WINDOWSsystem32qedit.dll
2016-01-13 10:05 - 2016-01-04 20:02 - 00379392 _____ (Microsoft Corporation) C:WINDOWSsystem32qdvd.dll
2016-01-13 10:05 - 2016-01-04 20:01 - 00305664 _____ (Microsoft Corporation) C:WINDOWSsystem32ksproxy.ax
2016-01-13 10:05 - 2016-01-04 20:00 - 00826880 _____ (Microsoft Corporation) C:WINDOWSsystem32jscript.dll
2016-01-13 10:05 - 2016-01-04 20:00 - 00771072 _____ (Microsoft Corporation) C:WINDOWSsystem32Chakradiag.dll
2016-01-13 10:05 - 2016-01-04 19:59 - 00572928 _____ (Microsoft Corporation) C:WINDOWSsystem32vbscript.dll
2016-01-13 10:05 - 2016-01-04 19:57 - 00712704 _____ (Microsoft Corporation) C:WINDOWSsystem32usermgr.dll
2016-01-13 10:05 - 2016-01-04 19:57 - 00578560 _____ (Microsoft Corporation) C:WINDOWSsystem32winlogon.exe
2016-01-13 10:05 - 2016-01-04 19:57 - 00455168 _____ (Microsoft Corporation) C:WINDOWSsystem32schannel.dll
2016-01-13 10:05 - 2016-01-04 19:56 - 07523840 _____ (Microsoft Corporation) C:WINDOWSsystem32Chakra.dll
2016-01-13 10:05 - 2016-01-04 19:51 - 01255936 _____ (Microsoft Corporation) C:WINDOWSsystem32WMSPDMOE.DLL
2016-01-13 10:05 - 2016-01-04 19:51 - 01009664 _____ (Microsoft Corporation) C:WINDOWSsystem32WMSPDMOD.DLL
2016-01-13 10:05 - 2016-01-04 19:51 - 00634368 _____ (Microsoft Corporation) C:WINDOWSsystem32WMVXENCD.DLL
2016-01-13 10:05 - 2016-01-04 19:51 - 00463872 _____ (Microsoft Corporation) C:WINDOWSsystem32MFWMAAEC.DLL
2016-01-13 10:05 - 2016-01-04 19:51 - 00447488 _____ (Microsoft Corporation) C:WINDOWSsystem32WMVSENCD.DLL
2016-01-13 10:05 - 2016-01-04 19:44 - 00159744 _____ (Microsoft Corporation) C:WINDOWSSysWOW64UserMgrProxy.dll
2016-01-13 10:05 - 2016-01-04 19:44 - 00033280 _____ (Microsoft Corporation) C:WINDOWSSysWOW64usermgrcli.dll
2016-01-13 10:05 - 2016-01-04 19:43 - 19324928 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mshtml.dll
2016-01-13 10:05 - 2016-01-04 19:42 - 00871936 _____ (Microsoft Corporation) C:WINDOWSSysWOW64MSMPEG2ENC.DLL
2016-01-13 10:05 - 2016-01-04 19:38 - 00556032 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfh264enc.dll
2016-01-13 10:05 - 2016-01-04 19:32 - 01541632 _____ (Microsoft Corporation) C:WINDOWSSysWOW64quartz.dll
2016-01-13 10:05 - 2016-01-04 19:32 - 00573440 _____ (Microsoft Corporation) C:WINDOWSSysWOW64qedit.dll
2016-01-13 10:05 - 2016-01-04 19:31 - 00563200 _____ (Microsoft Corporation) C:WINDOWSSysWOW64qdvd.dll
2016-01-13 10:05 - 2016-01-04 19:31 - 00235008 _____ (Microsoft Corporation) C:WINDOWSSysWOW64ksproxy.ax
2016-01-13 10:05 - 2016-01-04 19:30 - 18802176 _____ (Microsoft Corporation) C:WINDOWSSysWOW64edgehtml.dll
2016-01-13 10:05 - 2016-01-04 19:29 - 00650240 _____ (Microsoft Corporation) C:WINDOWSSysWOW64jscript.dll
2016-01-13 10:05 - 2016-01-04 19:29 - 00503296 _____ (Microsoft Corporation) C:WINDOWSSysWOW64vbscript.dll
2016-01-13 10:05 - 2016-01-04 19:26 - 00373760 _____ (Microsoft Corporation) C:WINDOWSSysWOW64schannel.dll
2016-01-13 10:05 - 2016-01-04 19:24 - 05454848 _____ (Microsoft Corporation) C:WINDOWSSysWOW64Chakra.dll
2016-01-13 10:05 - 2016-01-04 19:20 - 00890880 _____ (Microsoft Corporation) C:WINDOWSSysWOW64WMSPDMOD.DLL
2016-01-13 10:05 - 2016-01-04 19:19 - 01070080 _____ (Microsoft Corporation) C:WINDOWSSysWOW64WMSPDMOE.DLL
2016-01-13 10:05 - 2016-01-04 19:19 - 00747008 _____ (Microsoft Corporation) C:WINDOWSSysWOW64WMVXENCD.DLL
2016-01-13 10:05 - 2016-01-04 19:19 - 00409088 _____ (Microsoft Corporation) C:WINDOWSSysWOW64WMVSENCD.DLL
2016-01-13 10:05 - 2016-01-04 19:19 - 00404992 _____ (Microsoft Corporation) C:WINDOWSSysWOW64MFWMAAEC.DLL
One Month Modified files and folders
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-06 21:34 - 2015-08-23 11:34 - 00000949 _____ C:WINDOWSTasksEPSON XP-410 Series Update {1D02BD40-7F38-4062-8A74-FB427937982D}.job
2016-02-06 21:34 - 2015-08-23 11:34 - 00000763 _____ C:WINDOWSTasksEPSON XP-410 Series Invitation {1D02BD40-7F38-4062-8A74-FB427937982D}.job
2016-02-06 20:43 - 2015-08-07 12:18 - 00000936 _____ C:WINDOWSTasksGoogleUpdateTaskMachineUA.job
2016-02-06 18:12 - 2015-12-20 13:40 - 00000000 ____D C:UsersMementoMoriAppDataLocalCrashDumps
2016-02-06 17:12 - 2015-08-07 14:53 - 00000000 ____D C:WINDOWSAppReadiness
2016-02-06 17:07 - 2015-08-07 14:53 - 00000000 ___HD C:Program FilesWindowsApps
2016-02-06 16:35 - 2015-08-10 10:37 - 00004174 _____ C:WINDOWSSystem32TasksUser_Feed_Synchronization-{4987DB4F-5564-4BBE-B68D-3D71E3C7E474}
2016-02-06 10:49 - 2015-09-05 23:14 - 00000000 ____D C:ProgramDataOracle
2016-02-06 10:49 - 2015-09-05 23:14 - 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsJava
2016-02-06 10:49 - 2015-09-05 23:14 - 00000000 ____D C:Program Files (x86)Java
2016-02-06 10:48 - 2015-09-05 23:14 - 00097888 _____ (Oracle Corporation) C:WINDOWSSysWOW64WindowsAccessBridge-32.dll
2016-02-06 10:48 - 2015-09-05 23:14 - 00000000 ____D C:UsersMementoMori.oracle_jre_usage
2016-02-06 10:43 - 2015-08-07 12:18 - 00000932 _____ C:WINDOWSTasksGoogleUpdateTaskMachineCore.job
2016-02-04 15:43 - 2015-08-07 12:19 - 00002272 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2016-02-04 14:12 - 2015-08-23 11:34 - 00000000 ___HD C:Program Files (x86)InstallShield Installation Information
2016-02-04 13:10 - 2015-12-12 11:24 - 00000000 ____D C:UsersMementoMoriAppDataRoamingAwesomium
2016-02-03 20:21 - 2015-10-11 09:54 - 00000000 ____D C:Mod Organizer TESV
2016-02-03 20:21 - 2014-12-30 10:17 - 00000000 ____D C:Mod Organizer NV
2016-02-02 10:38 - 2015-08-07 12:18 - 00003994 _____ C:WINDOWSSystem32TasksGoogleUpdateTaskMachineUA
2016-02-02 10:38 - 2015-08-07 12:18 - 00003762 _____ C:WINDOWSSystem32TasksGoogleUpdateTaskMachineCore
2016-01-31 11:36 - 2015-08-07 14:48 - 00032768 ___SH C:WINDOWSsystem32configELAM
2016-01-28 21:36 - 2015-09-05 11:13 - 00000000 ____D C:Program Files (x86)Mozilla Firefox
2016-01-28 21:36 - 2015-08-07 22:30 - 00001228 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMozilla Firefox.lnk
2016-01-28 21:36 - 2015-08-07 22:30 - 00000000 ____D C:Program Files (x86)Mozilla Maintenance Service
2016-01-23 17:44 - 2015-08-07 14:53 - 00000000 ___HD C:WINDOWSELAMBKUP
2016-01-23 14:22 - 2015-08-07 14:52 - 00000000 ____D C:WINDOWSINF
2016-01-23 14:22 - 2015-08-07 12:05 - 00875126 _____ C:WINDOWSsystem32PerfStringBackup.INI
2016-01-23 14:16 - 2015-08-07 14:48 - 00524288 ___SH C:WINDOWSsystem32configBBI
2016-01-23 14:16 - 2015-08-07 11:59 - 00000000 ____D C:ProgramDataNVIDIA
2016-01-23 14:16 - 2015-08-07 11:58 - 00000006 ____H C:WINDOWSTasksSA.DAT
2016-01-17 14:54 - 2015-11-10 10:31 - 00000000 ____D C:UsersMementoMoriAppDataLocalNVIDIA
2016-01-16 22:40 - 2015-09-21 09:31 - 00000000 ____D C:UsersMementoMoriAppDataLocalElevatedDiagnostics
2016-01-16 21:26 - 2015-08-07 23:21 - 00000000 ____D C:Program FilesMicrosoft Silverlight
2016-01-16 21:26 - 2015-08-07 23:21 - 00000000 ____D C:Program Files (x86)Microsoft Silverlight
2016-01-14 21:34 - 2015-09-29 00:57 - 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsNCSOFT
2016-01-14 21:34 - 2015-09-29 00:55 - 00000000 ____D C:UsersMementoMoriAppDataLocalNCSOFT
2016-01-14 21:34 - 2014-05-09 08:09 - 00000000 ____D C:UsersMementoMoriDocumentsNCSOFT
2016-01-13 13:40 - 2015-08-09 19:21 - 00003972 _____ C:WINDOWSSystem32TasksAdobe Acrobat Update Task
2016-01-13 13:39 - 2015-08-09 19:21 - 00002457 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAcrobat Reader DC.lnk
2016-01-13 10:12 - 2015-08-12 10:19 - 00000000 ____D C:WINDOWSsystem32MRT
2016-01-13 10:12 - 2015-08-07 14:50 - 00000000 ____D C:WINDOWSCbsTemp
2016-01-13 10:07 - 2015-08-12 10:19 - 143671360 _____ (Microsoft Corporation) C:WINDOWSsystem32MRT.exe
2016-01-13 10:07 - 2015-08-07 23:21 - 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Silverlight
2016-01-11 22:41 - 2015-11-10 10:31 - 01542600 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvspcap.dll
2016-01-11 22:41 - 2015-11-10 10:31 - 01316184 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvspbridge.dll
2016-01-11 22:40 - 2015-12-18 22:24 - 00112032 _____ C:WINDOWSsystem32NvRtmpStreamer64.dll
2016-01-11 22:40 - 2015-11-10 10:31 - 01860120 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvspcap64.dll
2016-01-11 22:40 - 2015-11-10 10:31 - 01756608 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvspbridge64.dll
2016-01-10 13:53 - 2015-04-22 15:19 - 00000000 ____D C:UsersMementoMori.minion
2016-01-10 13:53 - 2015-04-22 15:19 - 00000000 ____D C:UsersMementoMori.junique
2016-01-08 15:32 - 2015-11-21 14:33 - 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsNexus Mod Manager
2016-01-08 12:18 - 2015-08-07 14:58 - 00000000 ___DC C:WINDOWSPanther
2016-01-08 12:16 - 2015-10-30 03:42 - 00000000 ___HD C:$WINDOWS.~BT
Files in the root of some directories
2016-01-23 21:58 - 2016-01-24 14:29 - 0007626 _____ () C:UsersMementoMoriAppDataLocalResmon.ResmonCfg
Some files in TEMP:
C:UsersMementoMoriAppDataLocalTemp0166071453592607mcinst.exe
C:UsersMementoMoriAppDataLocalTemp4ca8e46d0a3b512fe2b857a8406ceabe.dll
C:UsersMementoMoriAppDataLocalTemp6699d3ee8dd9cf775caae782c8f44f03.dll
C:UsersMementoMoriAppDataLocalTempjre-8u65-windows-au.exe
C:UsersMementoMoriAppDataLocalTempjre-8u66-windows-au.exe
C:UsersMementoMoriAppDataLocalTempjre-8u71-windows-au.exe
C:UsersMementoMoriAppDataLocalTempjre-8u73-windows-au.exe
C:UsersMementoMoriAppDataLocalTempMcCSPInstall.dll
C:UsersMementoMoriAppDataLocalTempNexus Mod Manager-0.61.2.exe
C:UsersMementoMoriAppDataLocalTempNexus Mod Manager-0.61.3.exe
C:UsersMementoMoriAppDataLocalTempNexus Mod Manager-0.61.4.exe
C:UsersMementoMoriAppDataLocalTempNexus Mod Manager-0.61.5.exe
C:UsersMementoMoriAppDataLocalTempnvSCPAPI.dll
C:UsersMementoMoriAppDataLocalTempnvSCPAPI64.dll
C:UsersMementoMoriAppDataLocalTempnvStInst.exe
C:UsersMementoMoriAppDataLocalTempxmlUpdater.exe
C:UsersMementoMoriAppDataLocalTemp__pythonRunner.dll
Bamital & volsnap
(There is no automatic fix for files that do not pass verification.)
C:WINDOWSsystem32winlogon.exe => File is digitally signed
C:WINDOWSsystem32wininit.exe => File is digitally signed
C:WINDOWSexplorer.exe => File is digitally signed
C:WINDOWSSysWOW64explorer.exe => File is digitally signed
C:WINDOWSsystem32svchost.exe => File is digitally signed
C:WINDOWSSysWOW64svchost.exe => File is digitally signed
C:WINDOWSsystem32services.exe => File is digitally signed
C:WINDOWSsystem32User32.dll => File is digitally signed
C:WINDOWSSysWOW64User32.dll => File is digitally signed
C:WINDOWSsystem32userinit.exe => File is digitally signed
C:WINDOWSSysWOW64userinit.exe => File is digitally signed
C:WINDOWSsystem32rpcss.dll => File is digitally signed
C:WINDOWSsystem32dnsapi.dll => File is digitally signed
C:WINDOWSSysWOW64dnsapi.dll => File is digitally signed
C:WINDOWSsystem32Driversvolsnap.sys => File is digitally signed
End of FRST.txt

I've gotten two emails from them about this in two weeks. I know some of these programs I've scanned my PC with might not be the best at detecting things, but I wanted to check with everything I had on hand, knew about, or Cox notified me about.

System scans clean / nothing is found with:

Windows 10 built in Windows Defender

Malwarebytes Anti-malware

Something Cox told me to use, called Microsoft Safety Scanner

Another thing Cox told me to use, Symantec Trojan.Zbot Removal Tool

ESET Online Scanner

Cox provided subscription to McAfee Multi Access - Total Protection

All scans were done both in safe mode and my regular login, except ESET which was done in safe mode with networking only. My wifi is secure with an absurdly long password and mac address filtering and the password was changed already since the first warning I got from Cox. I have no other devices other than this PC connected to my network. I did have an Amazon Fire, an iPhone and a few game consoles before but never reconnected them when I changed my wifi password after the first warning. I've always used Windows Firewall + router firewall, but am now using the one in the McAfee tool + router. Other than format my PC I'm not sure what else I can do, which is why I'm here. Google searching on the issue led me to someone posting here, and I've known about people helping others like you guys do here so I figured I'd give it a shot before I finally give in and format. I don't really want to sit here scanning my PC over and over with various tools that find nothing. Each scan that comes up clean drives me more and more crazy. I could honestly format and be done with it faster than scanning with every tool I find in the hopes something detects what Cox is telling me I have.

So here goes. I appreciate any help you guys can offer. I really don't want to format, but will as a last resort.

FRST log below, Addition attached.

----

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by MementoMori (administrator) on MEMENTOMORI-PC (06-02-2016 21:42:36)
Loaded Profiles: MementoMori (Available Profiles: MementoMori)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
Processes (Whitelisted)
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe
(NVIDIA Corporation) C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe
(Seiko Epson Corporation) C:WindowsSystem32escsvc64.exe
(SEIKO EPSON CORPORATION) C:Program FilesEPSONEpsonCustomerParticipationEPCP.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationGeForce Experience ServiceGfExperienceService.exe
(Logitech Inc.) C:Program FilesLogitech Gaming SoftwareDriversAPOServiceLogiRegistryService.exe
(NVIDIA Corporation) C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamService.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamNetworkService.exe
(McAfee, Inc.) C:Program FilesCommon FilesMcAfeeSystemCoremfemms.exe
(McAfee, Inc.) C:WindowsSystem32mfevtps.exe
(McAfee, Inc.) C:Program FilesCommon FilesMcAfeeCSP1.8.203.0McCSPServiceHost.exe
(McAfee, Inc.) C:Program FilesCommon FilesMcAfeeSystemCoremfefire.exe
(McAfee, Inc.) C:Program FilesMcAfeeMSCMcAPExe.exe
(McAfee, Inc.) C:Program FilesCommon FilesMcAfeeSystemCoremfefire.exe
(McAfee, Inc.) C:Program FilesCommon FilesMcAfeeAMCoremcshield.exe
(McAfee, Inc.) C:Program FilesCommon FilesMcAfeePlatformMcSvcHostMcSvHost.exe
(McAfee, Inc.) C:Program Files (x86)McAfeeSiteAdvisormcsacore.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe
(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe
(EVGA Corp.) C:Program Files (x86)EVGAPrecisionX 16PrecisionX_x64.exe
(Microsoft Corporation) C:WindowsSystemAppsMicrosoft.Windows.Cortana_cw5n1h2txyewyRemindersServer.exe
(NVIDIA Corporation) C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe
(Microsoft Corporation) C:WindowsSystem32SettingSyncHost.exe
(CMedia) C:Program FilesUNi Xonar AudioCustomappAsusAudioCenter.exe
() C:WindowsSystemHsMgr64.exe
(Logitech Inc.) C:Program FilesLogitech Gaming SoftwareLCore.exe
(SEIKO EPSON CORPORATION) C:WindowsSystem32spooldriversx643E_IATILAE.EXE
(SEIKO EPSON CORPORATION) C:Program Files (x86)EPSON SoftwareEvent ManagerEEventManager.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationShadowPlaynvspcaps64.exe
(Valve Corporation) D:Steambinsteamwebhelper.exe
(Valve Corporation) C:Program Files (x86)Common FilesSteamSteamService.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamUserAgent.exe
(EVGA Corp.) C:Program Files (x86)EVGAPrecisionX 16PrecisionXServer.exe
(EVGA Corp.) C:Program Files (x86)EVGAPrecisionX 16PrecisionXServer_x64.exe
(Microsoft Corporation) C:WindowsSystem32LocationNotificationWindows.exe
(Microsoft Corporation) C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_17.6568.16731.0_x64__8wekyb3d8bbweHxMail.exe
(Microsoft Corporation) C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_17.6568.16731.0_x64__8wekyb3d8bbweHxTsr.exe
() C:Program FilesWindowsAppsMicrosoft.WindowsCalculator_10.1601.19020.0_x64__8wekyb3d8bbweCalculator.exe
(Microsoft Corporation) C:WindowsSystem32LocationNotificationWindows.exe
(Microsoft Corporation) C:WindowsSystem32LocationNotificationWindows.exe
(Microsoft Corporation) C:WindowsSystem32LockAppHost.exe
(Microsoft Corporation) C:WindowsSystem32LocationNotificationWindows.exe
(Microsoft Corporation) C:WindowsSystem32LocationNotificationWindows.exe
(McAfee, Inc.) C:Program FilesCommon FilesMcAfeePlatformMcUICnt.exe
(Microsoft Corporation) C:WindowsSystem32dllhost.exe
(Microsoft Corporation) C:WindowsSystem32dllhost.exe
Registry (Whitelisted)
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM...Run: [Cmaudio8788] => C:WINDOWSsyswow64RunDll32.exe C:WINDOWSSyswow64cmicnfgp.dll,CMICtrlWnd
HKLM...Run: [Cmaudio8788GX] => C:WINDOWSsyswow64HsMgr.exe [200704 2008-07-11] ()
HKLM...Run: [Cmaudio8788GX64] => C:WINDOWSsystemHsMgr64.exe [282112 2008-07-11] ()
HKLM...Run: [NvBackend] => C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe [2787264 2016-01-11] (NVIDIA Corporation)
HKLM...Run: [ShadowPlay] => 'C:WINDOWSsystem32rundll32.exe' C:WINDOWSsystem32nvspcap64.dll,ShadowPlayOnSystemStart
HKLM...Run: [Launch LCore] => C:Program FilesLogitech Gaming SoftwareLCore.exe [15009400 2015-10-14] (Logitech Inc.)
HKLM-x32...Run: [EEventManager] => C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe [1065024 2014-06-10] (SEIKO EPSON CORPORATION)
HKLM-x32...Run: [SunJavaUpdateSched] => C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [594992 2016-01-29] (Oracle Corporation)
HKUS-1-5-21-2712218113-430331144-635360849-1000...Run: [GalaxyClient] => [X]
HKUS-1-5-21-2712218113-430331144-635360849-1000...Run: [EPLTargetP0000000000000000] => C:WINDOWSsystem32spoolDRIVERSx643E_IATILAE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKUS-1-5-21-2712218113-430331144-635360849-1000...Run: [Steam] => D:Steamsteam.exe [3014224 2016-02-04] (Valve Corporation)
HKUS-1-5-21-2712218113-430331144-635360849-1000...RunOnce: [Uninstall C:UsersMementoMoriAppDataLocalMicrosoftOneDrive17.3.5892.0626amd64] => C:WINDOWSsystem32cmd.exe /q /c rmdir /s /q 'C:UsersMementoMoriAppDataLocalMicrosoftOneDrive17.3.5892.0626amd64'
Internet (Whitelisted)
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Zbot Malware

TcpipParameters: [DhcpNameServer] 192.168.1.1
Tcpip..Interfaces{66708aac-3cce-462f-a391-39828a070c95}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:Program Files (x86)Javajre1.8.0_73binssv.dll [2016-02-06] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:Program Files (x86)Javajre1.8.0_73binjp2ssv.dll [2016-02-06] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:Program Files (x86)McAfeeSiteAdvisorx64McIEPlg.dll [2015-12-29] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:Program Files (x86)McAfeeSiteAdvisorMcIEPlg.dll [2015-12-29] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:Program Files (x86)McAfeeSiteAdvisorx64McIEPlg.dll [2015-12-29] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:Program Files (x86)McAfeeSiteAdvisorMcIEPlg.dll [2015-12-29] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:Program FilesMcAfeeMSCMcSnIePl64.dll [2015-12-03] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:Program Files (x86)McAfeeMSCMcSnIePl.dll [2015-12-03] (McAfee, Inc.)
FireFox:
FF ProfilePath: C:UsersMementoMoriAppDataRoamingMozillaFirefoxProfilesl85ig9fd.default
FF Session Restore: -> is enabled.
FF Plugin: @mcafee.com/MSC,version=10 -> c:PROGRA~1mcafeemscNPMCSN~1.DLL [2015-12-03] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:Program FilesMicrosoft Silverlight5.1.41212.0npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:Program Files (x86)Javajre1.8.0_73bindtpluginnpDeployJava1.dll [2016-02-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:Program Files (x86)Javajre1.8.0_73binplugin2npjp2.dll [2016-02-06] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:PROGRA~2mcafeemscNPMCSN~1.DLL [2015-12-03] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:Program Files (x86)Microsoft Silverlight5.1.41212.0npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:Program Files (x86)GoogleUpdate1.3.29.5npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:Program Files (x86)GoogleUpdate1.3.29.5npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:Program Files (x86)VideoLANVLCnpvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:Program Files (x86)AdobeAcrobat Reader DCReaderAIRnppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKUS-1-5-21-2712218113-430331144-635360849-1000: @my.com/Games -> C:UsersMementoMoriAppDataLocalMyComGamesNPMyComDetector.dll [2015-08-24] (My.com, Inc)
FF Extension: LastPass - C:UsersMementoMoriAppDataRoamingMozillaFirefoxProfilesl85ig9fd.defaultextensionssupport@lastpass.com [2015-08-07]
FF Extension: McAfee WebAdvisor - C:Program Files (x86)McAfeeSiteAdvisorsaffplg.xpi [2015-12-29]
FF HKLM...FirefoxExtensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:Program Files (x86)McAfeeSiteAdvisorsaffplg.xpi
FF HKLM-x32...FirefoxExtensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:Program Files (x86)McAfeeSiteAdvisorsaffplg.xpi
FF HKLM-x32...ThunderbirdExtensions: [msktbird@mcafee.com] - C:Program FilesMcAfeeMSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:Program FilesMcAfeeMSK [2016-01-23] [not signed]
Chrome:
CHR NewTab: Default -> 'chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html'
CHR DefaultSearchURL: Default -> hxxps://mail.google.com/mail/u/0/#inbox/152b7ce932786fcb
CHR Session Restore: Default -> is enabled.
CHR Profile: C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefault
CHR Extension: (Google Slides) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2015-08-07]
CHR Extension: (Magic Actions for YouTube™) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsabjcfabbhafbcdfjoecdgepllmpfceif [2016-01-31]
CHR Extension: (Entanglement Web App) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsaciahcmjmecflokailenpkdchphgkefd [2015-08-07]
CHR Extension: (Google Docs) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2015-08-07]
CHR Extension: (Google Drive) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (NeoGAF Live Thread) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsblbfgndoggabppkoehpipfadjelcofmp [2015-08-07]
CHR Extension: (YouTube) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Wikiwand: Wikipedia Modernized) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsemffkefkbkpkgpdeeooapgaicgmcbolj [2016-01-05]
CHR Extension: (Google Sheets) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2015-08-07]
CHR Extension: (Wunderlist - To-do and Task list) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsfjliknjliaohjgjajlgolhijphojjdkc [2016-01-21]
CHR Extension: (Google Docs Offline) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsgighmmpiobklfepjocnamgkkbiglidom [2016-02-05]
CHR Extension: (LastPass: Free Password Manager) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionshdokiejnpimakedhajhdlcegeplioahd [2016-01-29]
CHR Extension: (ytma!) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsijioppmkelhobdlpbcgojamecmailcnh [2015-08-07]
CHR Extension: (PSDLE) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsjdjhhapoddhnimgdemnpbfagndcnmhii [2015-12-24]
CHR Extension: (Speed Dial 2) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsjpfpebmajhhopeonhlcgidhclcccjcik [2015-11-10]
CHR Extension: (Reddit Enhancement Suite) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionskbmfpngjjgdllneeigpgjifpgocmfgmb [2016-01-11]
CHR Extension: (Poppit!) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsmcbkbpnkkkipelfledbfocopglifcfmi [2015-08-07]
CHR Extension: (Google Dictionary (by Google)) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsmgijmajocgfcbeboacabfgobmjgjcoja [2015-08-07]
CHR Extension: (Chrome Web Store Payments) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2015-08-07]
CHR Extension: (Hover Zoom+) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionspccckmaobkjjboncdfnnofkonhgpceea [2016-01-29]
CHR Extension: (Evernote Web Clipper) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionspioclpoplcdbaefihamjohnefbikjilc [2015-09-29]
CHR Extension: (Gmail) - C:UsersMementoMoriAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2015-08-07]
CHR HKLM...ChromeExtension: [fheoggkfdfchfphceeifdbepaooicaho] - C:Program Files (x86)McAfeeSiteAdvisorMcChPlg.crx [2016-01-23]
CHR HKLM-x32...ChromeExtension: [fheoggkfdfchfphceeifdbepaooicaho] - C:Program Files (x86)McAfeeSiteAdvisorMcChPlg.crx [2016-01-23]
Services (Whitelisted)
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 0166071453592607mcinstcleanup; C:UsersMementoMoriAppDataLocalTemp0166071453592607mcinst.exe [883024 2015-10-28] (McAfee, Inc.)
R2 EpsonScanSvc; C:WINDOWSsystem32EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
S3 GalaxyClientService; C:Program Files (x86)GalaxyClientGalaxyClientService.exe [1616440 2015-11-08] (GOG.com)
S3 GalaxyCommunication; C:ProgramDataGOG.comGalaxyredistsGalaxyCommunication.exe [6952504 2015-11-08] (GOG.com)
R2 GfExperienceService; C:Program FilesNVIDIA CorporationGeForce Experience ServiceGfExperienceService.exe [1163200 2016-01-11] (NVIDIA Corporation)
R2 HomeNetSvc; C:Program FilesCommon FilesMcAfeePlatformMcSvcHostMcSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 LogiRegistryService; C:Program FilesLogitech Gaming SoftwareDriversAPOServiceLogiRegistryService.exe [193144 2015-10-14] (Logitech Inc.)
S2 MBAMScheduler; C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:Program Files (x86)McAfeeSiteAdvisorMcSACore.exe [158952 2015-12-29] (McAfee, Inc.)
R2 McAPExe; C:Program FilesMcAfeeMSCMcAPExe.exe [863448 2015-12-03] (McAfee, Inc.)
R2 mccspsvc; C:Program FilesCommon FilesMcAfeeCSP1.8.203.0McCSPServiceHost.exe [1694152 2015-12-02] (McAfee, Inc.)
R2 McMPFSvc; C:Program FilesCommon FilesMcAfeePlatformMcSvcHostMcSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McNaiAnn; C:Program FilesCommon FilesMcAfeePlatformMcSvcHostMcSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 McODS; C:Program FilesMcAfeeVirusScanmcods.exe [679120 2015-10-20] (McAfee, Inc.)
R2 mcpltsvc; C:Program FilesCommon FilesMcAfeePlatformMcSvcHostMcSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McProxy; C:Program FilesCommon FilesMcAfeePlatformMcSvcHostMcSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R3 mfefire; C:Program FilesCommon FilesMcAfeeSystemCoremfefire.exe [233680 2015-09-21] (McAfee, Inc.)
R2 mfemms; C:Program FilesCommon FilesMcAfeeSystemCoremfemms.exe [378848 2015-10-21] (McAfee, Inc.)
R3 mfevtp; C:WINDOWSsystem32mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
R2 MSK80Service; C:Program FilesCommon FilesMcAfeePlatformMcSvcHostMcSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 npggsvc; C:WINDOWSSysWOW64GameMon.des [3806032 2015-10-13] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe [1879488 2016-01-11] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamNetworkService.exe [6308288 2016-01-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamService.exe [4812736 2016-01-11] (NVIDIA Corporation)
S3 Origin Client Service; D:OriginOriginClientService.exe [2104840 2015-12-12] (Electronic Arts)
S3 WdNisSvc; C:Program FilesWindows DefenderNisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:Program FilesWindows DefenderMsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
Drivers (Whitelisted)
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:WindowsSystem32driverscfwids.sys [80760 2015-09-23] (McAfee, Inc.)
R3 cmudaxp; C:Windowssystem32driverscmudaxp.sys [2735616 2015-06-02] (C-Media Inc)
S3 HipShieldK; C:WindowsSystem32driversHipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R2 LGCoreTemp; C:Program FilesLogitech Gaming SoftwareDriversLgCoreTemplgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:Windowssystem32driversLGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R3 LGSHidFilt; C:WindowsSystem32driversLGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 LGSUsbFilt; C:WindowsSystem32driversLGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
S3 MBAMProtector; C:WINDOWSsystem32driversmbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:WINDOWSsystem32driversmwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 mfeaack; C:WindowsSystem32driversmfeaack.sys [415976 2015-09-23] (McAfee, Inc.)
R3 mfeavfk; C:WindowsSystem32driversmfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
S0 mfeelamk; C:WindowsSystem32driversmfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)
R3 mfefirek; C:WindowsSystem32driversmfefirek.sys [497888 2015-09-23] (McAfee, Inc.)
R0 mfehidk; C:WindowsSystem32driversmfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
R3 mfencbdc; C:Windowssystem32DRIVERSmfencbdc.sys [537192 2015-10-06] (McAfee, Inc.)
S3 mfencrk; C:Windowssystem32DRIVERSmfencrk.sys [109480 2015-10-06] (McAfee, Inc.)
R3 mfesapsn; C:Program Files (x86)McAfeeSiteAdvisorx64mfesapsn.sys [37448 2015-12-29] (McAfee, Inc.)
R0 mfewfpk; C:WindowsSystem32driversmfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)
R3 NvStreamKms; C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamKms.sys [26560 2016-01-11] (NVIDIA Corporation)
S3 NVSWCFilter; C:WindowsSystem32driversnvswcfilter.sys [19616 2015-07-23] (Windows ® Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:Windowssystem32driversnvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rt640x64; C:WindowsSystem32driversrt640x64.sys [587264 2015-07-10] (Realtek )
S3 tap0901_openvpn_accl; C:WindowsSystem32driverstap0901_openvpn_accl.sys [37912 2015-01-13] (The OpenVPN Project)
S3 UdeCx; C:WindowsSystem32driversudecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:Windowssystem32driversWdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:Windowssystem32driversWdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:WindowsSystem32DriversWdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WinRing0_1_2_0; C:Program Files (x86)EVGAPrecisionX 16WinRing0WinRing0x64.sys [14536 2015-10-20] (OpenLibSys.org)
S3 xhunter1; C:WINDOWSxhunter1.sys [36904 2016-02-04] (Wellbia.com Co., Ltd.)
S3 wfpcapture; SystemRootSystem32driverswfpcapture.sys [X]
NetSvcs (Whitelisted)
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
One Month Created files and folders
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-06 21:42 - 2016-02-06 21:42 - 00022076 _____ C:UsersMementoMoriDesktopFRST.txt
2016-02-06 21:35 - 2016-02-06 21:42 - 00000000 ____D C:FRST
2016-02-06 21:35 - 2016-02-06 21:35 - 02370560 _____ (Farbar) C:UsersMementoMoriDesktopFRST64.exe
2016-02-06 21:14 - 2016-02-06 21:14 - 00016148 _____ C:WINDOWSsystem32MEMENTOMORI-PC_MementoMori_HistoryPrediction.bin
2016-02-06 19:49 - 2016-02-06 19:49 - 00004020 _____ C:WINDOWSSystem32TasksIntel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-02-06 16:09 - 2016-02-06 16:09 - 00004208 _____ C:WINDOWSSystem32TasksIntel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-02-04 14:51 - 2016-02-04 17:28 - 00036904 _____ (Wellbia.com Co., Ltd.) C:WINDOWSxhunter1.sys
2016-02-04 14:51 - 2016-02-04 14:51 - 00000000 ____D C:UsersMementoMoriDocumentsBlack Desert
2016-02-04 14:12 - 2016-02-04 14:12 - 00000904 _____ C:UsersPublicDesktopBlack Desert Character Creator.lnk
2016-02-04 14:12 - 2016-02-04 14:12 - 00000904 _____ C:ProgramDataMicrosoftWindowsStart MenuBlack Desert Character Creator.lnk
2016-02-04 14:12 - 2016-02-04 14:12 - 00000000 ____D C:UsersMementoMoriAppDataLocalBDOCharacterCreator
2016-02-04 14:12 - 2016-02-04 14:12 - 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsBDOCharacterCreator
2016-01-23 21:58 - 2016-01-24 14:29 - 00007626 _____ C:UsersMementoMoriAppDataLocalResmon.ResmonCfg
2016-01-23 17:44 - 2016-01-23 17:44 - 00003138 _____ C:WINDOWSSystem32TasksMcAfeeLogon
2016-01-23 17:44 - 2016-01-23 17:44 - 00001989 _____ C:UsersPublicDesktopMcAfee Multi Access - Total Protection (PC).lnk
2016-01-23 17:44 - 2016-01-23 17:44 - 00000000 ____D C:WINDOWSSystem32TasksMcAfee
2016-01-23 17:44 - 2016-01-23 17:44 - 00000000 ____D C:UsersMementoMoriAppDataRoamingMacromedia
2016-01-23 17:44 - 2016-01-23 17:44 - 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMcAfee
2016-01-23 17:44 - 2016-01-23 17:44 - 00000000 ____D C:Program Files (x86)McAfee.com
2016-01-23 17:44 - 2015-09-23 09:43 - 00082072 _____ (McAfee, Inc.) C:WINDOWSsystem32Driversmfeelamk.sys
2016-01-23 17:44 - 2015-09-23 09:43 - 00080760 _____ (McAfee, Inc.) C:WINDOWSsystem32Driverscfwids.sys
2016-01-23 17:44 - 2015-05-19 13:59 - 00207208 _____ (McAfee, Inc.) C:WINDOWSsystem32DriversHipShieldK.sys
2016-01-23 17:43 - 2016-01-24 23:26 - 00000000 ____D C:Program Files (x86)McAfee
2016-01-23 17:43 - 2016-01-23 17:44 - 00000000 ____D C:Program FilesMcAfee
2016-01-23 17:43 - 2016-01-23 17:43 - 00000000 ____D C:Program FilesMcAfee.com
2016-01-23 17:43 - 2016-01-23 17:43 - 00000000 ____D C:Program FilesCommon FilesAV
2016-01-23 17:43 - 2015-09-23 09:43 - 00497888 _____ (McAfee, Inc.) C:WINDOWSsystem32Driversmfefirek.sys
2016-01-23 17:43 - 2015-09-23 09:43 - 00244544 _____ (McAfee, Inc.) C:WINDOWSsystem32Driversmfewfpk.sys
2016-01-23 17:42 - 2016-01-23 17:44 - 00000000 ____D C:Program FilesCommon FilesMcAfee
2016-01-23 17:42 - 2015-09-23 09:43 - 00841944 _____ (McAfee, Inc.) C:WINDOWSsystem32Driversmfehidk.sys
2016-01-23 17:42 - 2015-09-23 09:43 - 00415976 _____ (McAfee, Inc.) C:WINDOWSsystem32Driversmfeaack.sys
2016-01-23 17:42 - 2015-09-23 09:43 - 00351120 _____ (McAfee, Inc.) C:WINDOWSsystem32Driversmfeavfk.sys
2016-01-23 17:42 - 2015-09-21 13:33 - 00256840 _____ (McAfee, Inc.) C:WINDOWSsystem32mfevtps.exe
2016-01-23 17:41 - 2016-02-01 11:47 - 00000052 _____ C:UsersMementoMoriDesktopNew Text Document.txt
2016-01-23 17:41 - 2016-01-24 23:26 - 00000000 ____D C:ProgramDataMcAfee
2016-01-23 17:41 - 2016-01-23 17:41 - 08204776 _____ (McAfee, Inc.) C:UsersMementoMoriDesktopMcAfeeSetup-Serial.exe
2016-01-23 03:08 - 2016-01-23 03:08 - 00000214 _____ C:WINDOWSTasksCreateExplorerShellUnelevatedTask.job
2016-01-23 00:03 - 2016-01-23 00:05 - 148155664 _____ (Microsoft Corporation) C:UsersMementoMoriDownloadsmsert.exe
2016-01-22 23:44 - 2016-01-23 11:23 - 00479444 _____ C:WINDOWSntbtlog.txt
2016-01-22 23:39 - 2016-01-22 23:44 - 00000000 ____D C:NPE
2016-01-22 23:38 - 2016-01-22 23:45 - 00000000 ____D C:UsersMementoMoriAppDataLocalNPE
2016-01-22 23:38 - 2016-01-22 23:38 - 00000000 ____D C:ProgramDataNorton
2016-01-22 22:30 - 2016-01-23 16:47 - 00192216 _____ (Malwarebytes) C:WINDOWSsystem32DriversMBAMSwissArmy.sys
2016-01-22 22:30 - 2016-01-22 22:30 - 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes Anti-Malware
2016-01-22 22:30 - 2016-01-22 22:30 - 00000000 ____D C:ProgramDataMalwarebytes
2016-01-22 22:30 - 2016-01-22 22:30 - 00000000 ____D C:Program Files (x86)Malwarebytes Anti-Malware
2016-01-22 22:30 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamchameleon.sys
2016-01-22 22:30 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:WINDOWSsystem32Driversmwac.sys
2016-01-22 22:30 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbam.sys
2016-01-17 14:53 - 2016-01-17 14:53 - 00000000 ____D C:WINDOWSLastGood.Tmp
2016-01-17 14:52 - 2015-12-18 00:10 - 00099472 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvaudcap64v.dll
2016-01-17 14:52 - 2015-12-18 00:10 - 00090768 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvaudcap32v.dll
2016-01-16 01:11 - 2016-01-16 01:11 - 00000000 ____D C:UsersMementoMoriAppDataLocalCAPCOM
2016-01-14 14:42 - 2016-01-14 14:42 - 00000000 ____D C:UsersMementoMoriDocumentsBnS
2016-01-14 14:42 - 2016-01-14 14:42 - 00000000 ____D C:Program FilesCommon FilesINCA Shared
2016-01-14 14:42 - 2015-10-13 07:32 - 03806032 _____ (INCA Internet Co., Ltd.) C:WINDOWSSysWOW64GameMon.des
2016-01-14 14:42 - 2005-01-03 00:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:WINDOWSSysWOW64npptNT2.sys
2016-01-14 14:42 - 2003-07-18 15:17 - 00005174 _____ C:WINDOWSSysWOW64nppt9x.vxd
2016-01-14 13:55 - 2016-01-14 13:55 - 00000000 ____D C:NCSOFT
2016-01-14 13:54 - 2016-01-14 13:54 - 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsNCWest
2016-01-14 13:54 - 2016-01-14 13:54 - 00000000 ____D C:Program Files (x86)NCWest
2016-01-13 10:05 - 2016-01-04 21:07 - 02463704 _____ (Microsoft Corporation) C:WINDOWSsystem32mfcore.dll
2016-01-13 10:05 - 2016-01-04 21:07 - 00377592 _____ (Microsoft Corporation) C:WINDOWSsystem32MP4SDECD.DLL
2016-01-13 10:05 - 2016-01-04 21:06 - 08022368 _____ (Microsoft Corporation) C:WINDOWSsystem32ntoskrnl.exe
2016-01-13 10:05 - 2016-01-04 21:06 - 01991120 _____ (Microsoft Corporation) C:WINDOWSsystem32WMVENCOD.DLL
2016-01-13 10:05 - 2016-01-04 21:06 - 01270104 _____ (Microsoft Corporation) C:WINDOWSsystem32mfnetsrc.dll
2016-01-13 10:05 - 2016-01-04 21:06 - 01063504 _____ (Microsoft Corporation) C:WINDOWSsystem32msmpeg2adec.dll
2016-01-13 10:05 - 2016-01-04 21:06 - 00119800 _____ (Microsoft Corporation) C:WINDOWSsystem32MP3DMOD.DLL
2016-01-13 10:05 - 2016-01-04 21:04 - 02824248 _____ (Microsoft Corporation) C:WINDOWSsystem32msmpeg2vdec.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 02641928 _____ (Microsoft Corporation) C:WINDOWSsystem32WMVDECOD.DLL
2016-01-13 10:05 - 2016-01-04 21:04 - 01591848 _____ (Microsoft Corporation) C:WINDOWSsystem32gdi32.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 01150816 _____ (Microsoft Corporation) C:WINDOWSsystem32aeinv.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00862056 _____ (Microsoft Corporation) C:WINDOWSsystem32mfnetcore.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00787720 _____ (Microsoft Corporation) C:WINDOWSsystem32WMADMOD.DLL
2016-01-13 10:05 - 2016-01-04 21:04 - 00784136 _____ (Microsoft Corporation) C:WINDOWSsystem32mfsvr.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00779928 _____ (Microsoft Corporation) C:WINDOWSsystem32evr.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00772448 _____ (Microsoft Corporation) C:WINDOWSsystem32invagent.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00751992 _____ (Microsoft Corporation) C:WINDOWSsystem32WMADMOE.DLL
2016-01-13 10:05 - 2016-01-04 21:04 - 00667856 _____ (Microsoft Corporation) C:WINDOWSsystem32advapi32.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00250520 _____ (Microsoft Corporation) C:WINDOWSsystem32MPG4DECD.DLL
2016-01-13 10:05 - 2016-01-04 21:04 - 00249464 _____ (Microsoft Corporation) C:WINDOWSsystem32RESAMPLEDMO.DLL
2016-01-13 10:05 - 2016-01-04 21:04 - 00243248 _____ (Microsoft Corporation) C:WINDOWSsystem32mfps.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00233992 _____ (Microsoft Corporation) C:WINDOWSsystem32mftranscode.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00115704 _____ (Microsoft Corporation) C:WINDOWSsystem32VIDRESZR.DLL
2016-01-13 10:05 - 2016-01-04 21:04 - 00090912 _____ (Microsoft Corporation) C:WINDOWSsystem32devenum.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00083704 _____ (Microsoft Corporation) C:WINDOWSsystem32mfvdsp.dll
2016-01-13 10:05 - 2016-01-04 20:59 - 00781976 _____ (Microsoft Corporation) C:WINDOWSsystem32mfds.dll
2016-01-13 10:05 - 2016-01-04 20:52 - 00441696 _____ (Microsoft Corporation) C:WINDOWSsystem32devinv.dll
2016-01-13 10:05 - 2016-01-04 20:50 - 01083072 _____ (Microsoft Corporation) C:WINDOWSsystem32appraiser.dll
2016-01-13 10:05 - 2016-01-04 20:50 - 00723648 _____ (Microsoft Corporation) C:WINDOWSsystem32generaltel.dll
2016-01-13 10:05 - 2016-01-04 20:50 - 00345080 _____ (Microsoft Corporation) C:WINDOWSsystem32WMVSDECD.DLL
2016-01-13 10:05 - 2016-01-04 20:50 - 00251544 _____ (Microsoft Corporation) C:WINDOWSsystem32MP43DECD.DLL
2016-01-13 10:05 - 2016-01-04 20:50 - 00205072 _____ (Microsoft Corporation) C:WINDOWSsystem32COLORCNV.DLL
2016-01-13 10:05 - 2016-01-04 20:31 - 01365576 _____ (Microsoft Corporation) C:WINDOWSSysWOW64gdi32.dll
2016-01-13 10:05 - 2016-01-04 20:30 - 02459096 _____ (Microsoft Corporation) C:WINDOWSSysWOW64WMVDECOD.DLL
2016-01-13 10:05 - 2016-01-04 20:30 - 02162064 _____ (Microsoft Corporation) C:WINDOWSSysWOW64WMVENCOD.DLL
2016-01-13 10:05 - 2016-01-04 20:30 - 02152744 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfcore.dll
Mac
2016-01-13 10:05 - 2016-01-04 20:30 - 01106872 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfnetsrc.dll
2016-01-13 10:05 - 2016-01-04 20:30 - 00882208 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msmpeg2adec.dll
2016-01-13 10:05 - 2016-01-04 20:30 - 00368776 _____ (Microsoft Corporation) C:WINDOWSSysWOW64MP4SDECD.DLL
2016-01-13 10:05 - 2016-01-04 20:30 - 00232896 _____ (Microsoft Corporation) C:WINDOWSSysWOW64RESAMPLEDMO.DLL
2016-01-13 10:05 - 2016-01-04 20:30 - 00100712 _____ (Microsoft Corporation) C:WINDOWSSysWOW64MP3DMOD.DLL
2016-01-13 10:05 - 2016-01-04 20:29 - 00208688 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mftranscode.dll
2016-01-13 10:05 - 2016-01-04 20:28 - 02445128 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msmpeg2vdec.dll
2016-01-13 10:05 - 2016-01-04 20:28 - 00714808 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfnetcore.dll
2016-01-13 10:05 - 2016-01-04 20:28 - 00696192 _____ (Microsoft Corporation) C:WINDOWSSysWOW64WMADMOE.DLL
2016-01-13 10:05 - 2016-01-04 20:28 - 00695752 _____ (Microsoft Corporation) C:WINDOWSSysWOW64WMADMOD.DLL
2016-01-13 10:05 - 2016-01-04 20:28 - 00645144 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfsvr.dll
2016-01-13 10:05 - 2016-01-04 20:28 - 00635312 _____ (Microsoft Corporation) C:WINDOWSSysWOW64evr.dll
2016-01-13 10:05 - 2016-01-04 20:28 - 00497896 _____ (Microsoft Corporation) C:WINDOWSSysWOW64advapi32.dll
2016-01-13 10:05 - 2016-01-04 20:28 - 00277400 _____ (Microsoft Corporation) C:WINDOWSSysWOW64MPG4DECD.DLL
Trojan.zbot Removal Tool For Mac
2016-01-13 10:05 - 2016-01-04 20:28 - 00116728 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfps.dll
2016-01-13 10:05 - 2016-01-04 20:28 - 00107952 _____ (Microsoft Corporation) C:WINDOWSSysWOW64VIDRESZR.DLL
2016-01-13 10:05 - 2016-01-04 20:28 - 00082096 _____ (Microsoft Corporation) C:WINDOWSSysWOW64devenum.dll
2016-01-13 10:05 - 2016-01-04 20:28 - 00072808 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfvdsp.dll
2016-01-13 10:05 - 2016-01-04 20:21 - 00658528 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfds.dll
2016-01-13 10:05 - 2016-01-04 20:18 - 21873152 _____ (Microsoft Corporation) C:WINDOWSsystem32edgehtml.dll
2016-01-13 10:05 - 2016-01-04 20:15 - 24592896 _____ (Microsoft Corporation) C:WINDOWSsystem32mshtml.dll
2016-01-13 10:05 - 2016-01-04 20:15 - 00931328 _____ (Microsoft Corporation) C:WINDOWSsystem32MSMPEG2ENC.DLL
2016-01-13 10:05 - 2016-01-04 20:15 - 00235008 _____ (Microsoft Corporation) C:WINDOWSsystem32UserMgrProxy.dll
2016-01-13 10:05 - 2016-01-04 20:15 - 00042496 _____ (Microsoft Corporation) C:WINDOWSsystem32usermgrcli.dll
2016-01-13 10:05 - 2016-01-04 20:10 - 00539136 _____ (Microsoft Corporation) C:WINDOWSsystem32mfh264enc.dll
2016-01-13 10:05 - 2016-01-04 20:10 - 00305776 _____ (Microsoft Corporation) C:WINDOWSSysWOW64WMVSDECD.DLL
2016-01-13 10:05 - 2016-01-04 20:10 - 00278424 _____ (Microsoft Corporation) C:WINDOWSSysWOW64MP43DECD.DLL
2016-01-13 10:05 - 2016-01-04 20:10 - 00188032 _____ (Microsoft Corporation) C:WINDOWSSysWOW64COLORCNV.DLL
2016-01-13 10:05 - 2016-01-04 20:09 - 01234944 _____ (Microsoft Corporation) C:WINDOWSsystem32aitstatic.exe
2016-01-13 10:05 - 2016-01-04 20:09 - 00205312 _____ (Microsoft Corporation) C:WINDOWSsystem32aepic.dll
2016-01-13 10:05 - 2016-01-04 20:02 - 01672192 _____ (Microsoft Corporation) C:WINDOWSsystem32quartz.dll
2016-01-13 10:05 - 2016-01-04 20:02 - 00678912 _____ (Microsoft Corporation) C:WINDOWSsystem32qedit.dll
2016-01-13 10:05 - 2016-01-04 20:02 - 00379392 _____ (Microsoft Corporation) C:WINDOWSsystem32qdvd.dll
2016-01-13 10:05 - 2016-01-04 20:01 - 00305664 _____ (Microsoft Corporation) C:WINDOWSsystem32ksproxy.ax
2016-01-13 10:05 - 2016-01-04 20:00 - 00826880 _____ (Microsoft Corporation) C:WINDOWSsystem32jscript.dll
2016-01-13 10:05 - 2016-01-04 20:00 - 00771072 _____ (Microsoft Corporation) C:WINDOWSsystem32Chakradiag.dll
2016-01-13 10:05 - 2016-01-04 19:59 - 00572928 _____ (Microsoft Corporation) C:WINDOWSsystem32vbscript.dll
2016-01-13 10:05 - 2016-01-04 19:57 - 00712704 _____ (Microsoft Corporation) C:WINDOWSsystem32usermgr.dll
2016-01-13 10:05 - 2016-01-04 19:57 - 00578560 _____ (Microsoft Corporation) C:WINDOWSsystem32winlogon.exe
2016-01-13 10:05 - 2016-01-04 19:57 - 00455168 _____ (Microsoft Corporation) C:WINDOWSsystem32schannel.dll
2016-01-13 10:05 - 2016-01-04 19:56 - 07523840 _____ (Microsoft Corporation) C:WINDOWSsystem32Chakra.dll
2016-01-13 10:05 - 2016-01-04 19:51 - 01255936 _____ (Microsoft Corporation) C:WINDOWSsystem32WMSPDMOE.DLL
2016-01-13 10:05 - 2016-01-04 19:51 - 01009664 _____ (Microsoft Corporation) C:WINDOWSsystem32WMSPDMOD.DLL
2016-01-13 10:05 - 2016-01-04 19:51 - 00634368 _____ (Microsoft Corporation) C:WINDOWSsystem32WMVXENCD.DLL
2016-01-13 10:05 - 2016-01-04 19:51 - 00463872 _____ (Microsoft Corporation) C:WINDOWSsystem32MFWMAAEC.DLL
2016-01-13 10:05 - 2016-01-04 19:51 - 00447488 _____ (Microsoft Corporation) C:WINDOWSsystem32WMVSENCD.DLL
2016-01-13 10:05 - 2016-01-04 19:44 - 00159744 _____ (Microsoft Corporation) C:WINDOWSSysWOW64UserMgrProxy.dll
2016-01-13 10:05 - 2016-01-04 19:44 - 00033280 _____ (Microsoft Corporation) C:WINDOWSSysWOW64usermgrcli.dll
2016-01-13 10:05 - 2016-01-04 19:43 - 19324928 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mshtml.dll
2016-01-13 10:05 - 2016-01-04 19:42 - 00871936 _____ (Microsoft Corporation) C:WINDOWSSysWOW64MSMPEG2ENC.DLL
2016-01-13 10:05 - 2016-01-04 19:38 - 00556032 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfh264enc.dll
2016-01-13 10:05 - 2016-01-04 19:32 - 01541632 _____ (Microsoft Corporation) C:WINDOWSSysWOW64quartz.dll
2016-01-13 10:05 - 2016-01-04 19:32 - 00573440 _____ (Microsoft Corporation) C:WINDOWSSysWOW64qedit.dll
2016-01-13 10:05 - 2016-01-04 19:31 - 00563200 _____ (Microsoft Corporation) C:WINDOWSSysWOW64qdvd.dll
2016-01-13 10:05 - 2016-01-04 19:31 - 00235008 _____ (Microsoft Corporation) C:WINDOWSSysWOW64ksproxy.ax
2016-01-13 10:05 - 2016-01-04 19:30 - 18802176 _____ (Microsoft Corporation) C:WINDOWSSysWOW64edgehtml.dll
2016-01-13 10:05 - 2016-01-04 19:29 - 00650240 _____ (Microsoft Corporation) C:WINDOWSSysWOW64jscript.dll
2016-01-13 10:05 - 2016-01-04 19:29 - 00503296 _____ (Microsoft Corporation) C:WINDOWSSysWOW64vbscript.dll
2016-01-13 10:05 - 2016-01-04 19:26 - 00373760 _____ (Microsoft Corporation) C:WINDOWSSysWOW64schannel.dll
2016-01-13 10:05 - 2016-01-04 19:24 - 05454848 _____ (Microsoft Corporation) C:WINDOWSSysWOW64Chakra.dll
2016-01-13 10:05 - 2016-01-04 19:20 - 00890880 _____ (Microsoft Corporation) C:WINDOWSSysWOW64WMSPDMOD.DLL
2016-01-13 10:05 - 2016-01-04 19:19 - 01070080 _____ (Microsoft Corporation) C:WINDOWSSysWOW64WMSPDMOE.DLL
2016-01-13 10:05 - 2016-01-04 19:19 - 00747008 _____ (Microsoft Corporation) C:WINDOWSSysWOW64WMVXENCD.DLL
2016-01-13 10:05 - 2016-01-04 19:19 - 00409088 _____ (Microsoft Corporation) C:WINDOWSSysWOW64WMVSENCD.DLL
2016-01-13 10:05 - 2016-01-04 19:19 - 00404992 _____ (Microsoft Corporation) C:WINDOWSSysWOW64MFWMAAEC.DLL
One Month Modified files and folders
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-06 21:34 - 2015-08-23 11:34 - 00000949 _____ C:WINDOWSTasksEPSON XP-410 Series Update {1D02BD40-7F38-4062-8A74-FB427937982D}.job
2016-02-06 21:34 - 2015-08-23 11:34 - 00000763 _____ C:WINDOWSTasksEPSON XP-410 Series Invitation {1D02BD40-7F38-4062-8A74-FB427937982D}.job
2016-02-06 20:43 - 2015-08-07 12:18 - 00000936 _____ C:WINDOWSTasksGoogleUpdateTaskMachineUA.job
2016-02-06 18:12 - 2015-12-20 13:40 - 00000000 ____D C:UsersMementoMoriAppDataLocalCrashDumps
2016-02-06 17:12 - 2015-08-07 14:53 - 00000000 ____D C:WINDOWSAppReadiness
2016-02-06 17:07 - 2015-08-07 14:53 - 00000000 ___HD C:Program FilesWindowsApps
2016-02-06 16:35 - 2015-08-10 10:37 - 00004174 _____ C:WINDOWSSystem32TasksUser_Feed_Synchronization-{4987DB4F-5564-4BBE-B68D-3D71E3C7E474}
2016-02-06 10:49 - 2015-09-05 23:14 - 00000000 ____D C:ProgramDataOracle
2016-02-06 10:49 - 2015-09-05 23:14 - 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsJava
2016-02-06 10:49 - 2015-09-05 23:14 - 00000000 ____D C:Program Files (x86)Java
2016-02-06 10:48 - 2015-09-05 23:14 - 00097888 _____ (Oracle Corporation) C:WINDOWSSysWOW64WindowsAccessBridge-32.dll
2016-02-06 10:48 - 2015-09-05 23:14 - 00000000 ____D C:UsersMementoMori.oracle_jre_usage
2016-02-06 10:43 - 2015-08-07 12:18 - 00000932 _____ C:WINDOWSTasksGoogleUpdateTaskMachineCore.job
2016-02-04 15:43 - 2015-08-07 12:19 - 00002272 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2016-02-04 14:12 - 2015-08-23 11:34 - 00000000 ___HD C:Program Files (x86)InstallShield Installation Information
2016-02-04 13:10 - 2015-12-12 11:24 - 00000000 ____D C:UsersMementoMoriAppDataRoamingAwesomium
2016-02-03 20:21 - 2015-10-11 09:54 - 00000000 ____D C:Mod Organizer TESV
2016-02-03 20:21 - 2014-12-30 10:17 - 00000000 ____D C:Mod Organizer NV
2016-02-02 10:38 - 2015-08-07 12:18 - 00003994 _____ C:WINDOWSSystem32TasksGoogleUpdateTaskMachineUA
2016-02-02 10:38 - 2015-08-07 12:18 - 00003762 _____ C:WINDOWSSystem32TasksGoogleUpdateTaskMachineCore
2016-01-31 11:36 - 2015-08-07 14:48 - 00032768 ___SH C:WINDOWSsystem32configELAM
2016-01-28 21:36 - 2015-09-05 11:13 - 00000000 ____D C:Program Files (x86)Mozilla Firefox
2016-01-28 21:36 - 2015-08-07 22:30 - 00001228 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMozilla Firefox.lnk
2016-01-28 21:36 - 2015-08-07 22:30 - 00000000 ____D C:Program Files (x86)Mozilla Maintenance Service
2016-01-23 17:44 - 2015-08-07 14:53 - 00000000 ___HD C:WINDOWSELAMBKUP
2016-01-23 14:22 - 2015-08-07 14:52 - 00000000 ____D C:WINDOWSINF
2016-01-23 14:22 - 2015-08-07 12:05 - 00875126 _____ C:WINDOWSsystem32PerfStringBackup.INI
2016-01-23 14:16 - 2015-08-07 14:48 - 00524288 ___SH C:WINDOWSsystem32configBBI
2016-01-23 14:16 - 2015-08-07 11:59 - 00000000 ____D C:ProgramDataNVIDIA
2016-01-23 14:16 - 2015-08-07 11:58 - 00000006 ____H C:WINDOWSTasksSA.DAT
2016-01-17 14:54 - 2015-11-10 10:31 - 00000000 ____D C:UsersMementoMoriAppDataLocalNVIDIA
2016-01-16 22:40 - 2015-09-21 09:31 - 00000000 ____D C:UsersMementoMoriAppDataLocalElevatedDiagnostics
2016-01-16 21:26 - 2015-08-07 23:21 - 00000000 ____D C:Program FilesMicrosoft Silverlight
2016-01-16 21:26 - 2015-08-07 23:21 - 00000000 ____D C:Program Files (x86)Microsoft Silverlight
2016-01-14 21:34 - 2015-09-29 00:57 - 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsNCSOFT
2016-01-14 21:34 - 2015-09-29 00:55 - 00000000 ____D C:UsersMementoMoriAppDataLocalNCSOFT
2016-01-14 21:34 - 2014-05-09 08:09 - 00000000 ____D C:UsersMementoMoriDocumentsNCSOFT
2016-01-13 13:40 - 2015-08-09 19:21 - 00003972 _____ C:WINDOWSSystem32TasksAdobe Acrobat Update Task
2016-01-13 13:39 - 2015-08-09 19:21 - 00002457 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAcrobat Reader DC.lnk
2016-01-13 10:12 - 2015-08-12 10:19 - 00000000 ____D C:WINDOWSsystem32MRT
2016-01-13 10:12 - 2015-08-07 14:50 - 00000000 ____D C:WINDOWSCbsTemp
2016-01-13 10:07 - 2015-08-12 10:19 - 143671360 _____ (Microsoft Corporation) C:WINDOWSsystem32MRT.exe
2016-01-13 10:07 - 2015-08-07 23:21 - 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Silverlight
2016-01-11 22:41 - 2015-11-10 10:31 - 01542600 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvspcap.dll
2016-01-11 22:41 - 2015-11-10 10:31 - 01316184 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvspbridge.dll
2016-01-11 22:40 - 2015-12-18 22:24 - 00112032 _____ C:WINDOWSsystem32NvRtmpStreamer64.dll
2016-01-11 22:40 - 2015-11-10 10:31 - 01860120 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvspcap64.dll
2016-01-11 22:40 - 2015-11-10 10:31 - 01756608 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvspbridge64.dll
2016-01-10 13:53 - 2015-04-22 15:19 - 00000000 ____D C:UsersMementoMori.minion
2016-01-10 13:53 - 2015-04-22 15:19 - 00000000 ____D C:UsersMementoMori.junique
2016-01-08 15:32 - 2015-11-21 14:33 - 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsNexus Mod Manager
2016-01-08 12:18 - 2015-08-07 14:58 - 00000000 ___DC C:WINDOWSPanther

Zbot Virus

2016-01-08 12:16 - 2015-10-30 03:42 - 00000000 ___HD C:$WINDOWS.~BT
Files in the root of some directories
2016-01-23 21:58 - 2016-01-24 14:29 - 0007626 _____ () C:UsersMementoMoriAppDataLocalResmon.ResmonCfg
Some files in TEMP:
C:UsersMementoMoriAppDataLocalTemp0166071453592607mcinst.exe
C:UsersMementoMoriAppDataLocalTemp4ca8e46d0a3b512fe2b857a8406ceabe.dll
C:UsersMementoMoriAppDataLocalTemp6699d3ee8dd9cf775caae782c8f44f03.dll
C:UsersMementoMoriAppDataLocalTempjre-8u65-windows-au.exe
C:UsersMementoMoriAppDataLocalTempjre-8u66-windows-au.exe
C:UsersMementoMoriAppDataLocalTempjre-8u71-windows-au.exe
C:UsersMementoMoriAppDataLocalTempjre-8u73-windows-au.exe
C:UsersMementoMoriAppDataLocalTempMcCSPInstall.dll
C:UsersMementoMoriAppDataLocalTempNexus Mod Manager-0.61.2.exe
C:UsersMementoMoriAppDataLocalTempNexus Mod Manager-0.61.3.exe

License Removal Tool For Mac

C:UsersMementoMoriAppDataLocalTempNexus Mod Manager-0.61.4.exe
C:UsersMementoMoriAppDataLocalTempNexus Mod Manager-0.61.5.exe
C:UsersMementoMoriAppDataLocalTempnvSCPAPI.dll
C:UsersMementoMoriAppDataLocalTempnvSCPAPI64.dll
C:UsersMementoMoriAppDataLocalTempnvStInst.exe
C:UsersMementoMoriAppDataLocalTempxmlUpdater.exe
C:UsersMementoMoriAppDataLocalTemp__pythonRunner.dll

Trojan.zbot Removal Tool For Mac

Bamital & volsnap
(There is no automatic fix for files that do not pass verification.)
C:WINDOWSsystem32winlogon.exe => File is digitally signed
C:WINDOWSsystem32wininit.exe => File is digitally signed
C:WINDOWSexplorer.exe => File is digitally signed
C:WINDOWSSysWOW64explorer.exe => File is digitally signed
C:WINDOWSsystem32svchost.exe => File is digitally signed
C:WINDOWSSysWOW64svchost.exe => File is digitally signed
C:WINDOWSsystem32services.exe => File is digitally signed
C:WINDOWSsystem32User32.dll => File is digitally signed
C:WINDOWSSysWOW64User32.dll => File is digitally signed
C:WINDOWSsystem32userinit.exe => File is digitally signed

Trojan.zbot Removal Tool For Mac

C:WINDOWSSysWOW64userinit.exe => File is digitally signed
C:WINDOWSsystem32rpcss.dll => File is digitally signed
C:WINDOWSsystem32dnsapi.dll => File is digitally signed
C:WINDOWSSysWOW64dnsapi.dll => File is digitally signed
C:WINDOWSsystem32Driversvolsnap.sys => File is digitally signed
End of FRST.txt

Bitdefender Adware Removal Tool For Mac


Coments are closed