Jump to content

joshfranco

Members
  • Posts

    7
  • Joined

  • Last visited

Everything posted by joshfranco

  1. I am pretty sure this did the job! Thanks ^-^ Zemana AntiMalware 2.72.2.101 (Installed) ------------------------------------------------------- Scan Result : Completed Scan Date : 2017/3/4 Operating System : Windows 10 64-bit Processor : 8X Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz BIOS Mode : Legacy CUID : 124AE72D12BC3FAF612536 Scan Type : System Scan Duration : 11m 36s Scanned Objects : 95543 Detected Objects : 8 Excluded Objects : 0 Read Level : Normal Auto Upload : Enabled Detect All Extensions : Disabled Scan Documents : Disabled Domain Info : WORKGROUP,0,2 Detected Objects ------------------------------------------------------- Chrome Homepage Status : Scanned Object : http://www-mysearch.com/?pid=s&s=G1Nzamotn10924,5754eeea-ff51-401f-89a2-e12794a1fe75,&vp=ch&prd=set_ch MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Related Objects : Browser Setting - Chrome Homepage Ethernet Status : Scanned Object : Ethernet 82.163.143.176 MD5 : - Publisher : - Size : - Version : - Detection : DNS Hijack Cleaning Action : Repair Related Objects : DNS Server - Ethernet : 82.163.143.176 3a32b349-34a5-0 Status : Scanned Object : NE->c:\programdata\3a32b349-34a5-0 MD5 : - Publisher : - Size : - Version : - Detection : Adware:Win32/DNSUnlocker.E!Neng Cleaning Action : Quarantine Related Objects : (null) - (null) 3a32b349-72a1-1 Status : Scanned Object : NE->c:\programdata\3a32b349-72a1-1 MD5 : - Publisher : - Size : - Version : - Detection : Adware:Win32/DNSUnlocker.E!Neng Cleaning Action : Quarantine Related Objects : (null) - (null) 3a32b349-7445-0 Status : Scanned Object : NE->c:\programdata\3a32b349-7445-0 MD5 : - Publisher : - Size : - Version : - Detection : Adware:Win32/DNSUnlocker.E!Neng Cleaning Action : Quarantine Related Objects : (null) - (null) c Status : Scanned Object : NE->c:\users\owner\appdata\roaming\c MD5 : - Publisher : - Size : - Version : - Detection : Adware:Win32/InterStat.E!Neng Cleaning Action : Quarantine Related Objects : (null) - (null) {9e85448e-292e-f325-cbb2-da7e685917ed} Status : Scanned Object : NE->c:\windows\system32\tasks\{9e85448e-292e-f325-cbb2-da7e685917ed} MD5 : - Publisher : - Size : - Version : - Detection : Adware:Win32/DNSUnlocker.H!Neng Cleaning Action : Quarantine Related Objects : (null) - (null) {f0c799a2-4156-0acd-49b3-323a296c6c6d} Status : Scanned Object : NE->c:\windows\system32\tasks\{f0c799a2-4156-0acd-49b3-323a296c6c6d} MD5 : - Publisher : - Size : - Version : - Detection : Adware:Win32/DNSUnlocker.I!Neng Cleaning Action : Quarantine Related Objects : (null) - (null) Cleaning Result ------------------------------------------------------- Cleaned : 8 Reported as safe : 0 Failed : 0
  2. Yes I have. I can take a screen shot when I am at my PC of what exactly is happening when I scan with Malwarebytes. It fails to quarantine the Trojan each time.
  3. ADDITION.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01 Ran by Owner (28-02-2017 18:27:14) Running from C:\Users\Owner\Desktop Windows 10 Home Version 1607 (X64) (2016-09-08 03:06:25) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-644720202-386382277-852305080-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-644720202-386382277-852305080-503 - Limited - Disabled) Guest (S-1-5-21-644720202-386382277-852305080-501 - Limited - Disabled) krist (S-1-5-21-644720202-386382277-852305080-1002 - Limited - Enabled) => C:\Users\krist Owner (S-1-5-21-644720202-386382277-852305080-1001 - Administrator - Enabled) => C:\Users\Owner ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501} FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated) Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios) Amazon 1Button App (HKLM-x32\...\{FA378CD1-F32D-4610-9884-3902DF8AF826}) (Version: 2.3.8 - Amazon) <==== ATTENTION Ansel (Version: 376.33 - NVIDIA Corporation) Hidden AVG (HKLM\...\AvgZen) (Version: 1.161.2.61210 - AVG Technologies) AVG (Version: 1.161.2 - AVG Technologies) Hidden AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.74.2.60831 - AVG Technologies) AVG PC TuneUp (x32 Version: 16.74.1 - AVG Technologies) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) Discord (HKU\S-1-5-21-644720202-386382277-852305080-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) Evolve Stage 2 (HKLM\...\Steam App 273350) (Version: - Turtle Rock Studios) FMW 1 (Version: 1.172.2 - AVG Technologies) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Intel Security True Key (HKLM\...\TrueKey) (Version: 4.13.125.1 - Intel Security) Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve) Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.209 - McAfee, Inc.) McAfee® AntiVirus Plus (HKLM-x32\...\MSC) (Version: 14.0.12000 - McAfee, Inc.) Microsoft OneDrive (HKU\S-1-5-21-644720202-386382277-852305080-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation) NVIDIA GeForce Experience 3.2.0.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.0.96 - NVIDIA Corporation) NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NvNodejs (Version: 3.2.0.96 - NVIDIA Corporation) Hidden NvTelemetry (Version: 2.0.0.0 - NVIDIA Corporation) Hidden Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment) Overwatch Test (HKLM-x32\...\Overwatch Test) (Version: - Blizzard Entertainment) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7576 - Realtek Semiconductor Corp.) SHIELD Streaming (Version: 7.1.0350 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 3.2.0.96 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.103 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Subnautica (HKLM-x32\...\Steam App 264710) (Version: - Unknown Worlds Entertainment) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH) Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {05E5E8F4-8EE4-48F5-988F-057022B66089} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-12-09] (McAfee, Inc.) Task: {097E6DA9-0186-47A4-8F1A-6FEAC93CAE9C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-12] (NVIDIA Corporation) Task: {1201FF6B-5330-4EDC-8CFD-A2182C5A359E} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {1E6EAECE-B13A-4F91-9A36-F8CE71551F45} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-16] (Adobe Systems Incorporated) Task: {20093A66-4726-4E95-AB4B-7E0C55AEB825} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-18] (Google Inc.) Task: {27D2E774-D897-4645-96B6-4E50043A80C5} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-12] (NVIDIA Corporation) Task: {4259358E-7BD9-4CAB-ABA8-3028A1EE5D9F} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {4E5B2D00-3B25-47C7-AFFC-1DE514C94FAF} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-12] (NVIDIA Corporation) Task: {561DEE2D-703F-4EE9-96A1-9471148471AE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-02-22] (Microsoft Corporation) Task: {5B1C89D1-918A-4DC7-ADC2-F09A0E0D9D7C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-18] (Google Inc.) Task: {605526DE-6149-4A57-9A92-0DC2723CCE21} - System32\Tasks\{F0C799A2-4156-0ACD-49B3-323A296C6C6D} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\287b118d\126e6887.dll" <==== ATTENTION Task: {6F2AB44E-F636-4452-ABC5-9099E95873C7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-12-12] (NVIDIA Corporation) Task: {879E4CC7-1099-4634-8EBC-601F9BCCFB4A} - System32\Tasks\{5B1BE7C4-7478-49BD-80F1-968F8926FB41} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\" Task: {8B6870BF-E76C-495F-97B9-D7D837330755} - System32\Tasks\{5C6BEC3A-B7EB-478F-9152-9EE9F433B69A} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\" Task: {8F66B656-A3E8-4AF1-81A0-B5947F072726} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-12-12] (NVIDIA Corporation) Task: {9B381CC5-A230-4FE2-8A6E-74AFECB8CB7B} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-02-21] (AVG Technologies CZ, s.r.o.) Task: {C22B8E63-76BB-46B8-B13C-8469191BED95} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe Task: {E15C03B5-7A01-4688-874F-1D2C4F781D7D} - \{0F0D0A47-787E-790B-0F11-0D7D7A7E117D} -> No File <==== ATTENTION Task: {E2C2097F-5F2E-47D2-AEEC-615BF5F408B8} - System32\Tasks\{765F7D8A-15B7-44C4-8578-3A83E2DD693E} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\" Task: {E51EEC6A-B83B-43DF-9211-692A17ED55F3} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-12-12] (NVIDIA Corporation) Task: {E984BEBE-0AF0-47C4-9DBD-1A23318E5D0E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-12] (NVIDIA Corporation) Task: {F3F6B799-5F4A-47A1-AE00-DBFBB615D279} - System32\Tasks\{9E85448E-292E-F325-CBB2-DA7E685917ED} => C:\ProgramData\{4F005314-F8AB-E4BF-EA8F-F1475040674C}\D1A05AF5-660B-ED5E-8B08-CA8A4BA5700A.exe <==== ATTENTION Task: {F9642ED4-B939-44F1-AB52-518FFB9DA536} - System32\Tasks\McAfee\McAfee Idle Detection Task (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Owner\Desktop\google\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-13 22:49 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-09-07 20:44 - 2016-12-29 06:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2017-01-25 19:52 - 2017-01-25 21:20 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2015-05-19 09:11 - 2015-05-19 09:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe 2016-12-16 01:21 - 2016-12-12 17:30 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll 2016-12-16 01:21 - 2016-12-12 17:30 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2016-12-13 22:49 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-09-14 20:46 - 2016-09-06 22:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-01-10 17:53 - 2016-12-21 01:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-02-22 10:38 - 2017-02-22 10:38 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-02-22 10:38 - 2017-02-22 10:38 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-02-22 10:38 - 2017-02-22 10:38 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-02-06 14:39 - 2017-02-06 14:39 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll 2016-10-03 11:32 - 2016-09-15 11:29 - 03388256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll 2016-09-14 20:45 - 2016-09-06 23:36 - 02263904 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll 2017-02-15 16:56 - 2017-02-15 16:57 - 36984320 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_24.26.14000.0_x64__8wekyb3d8bbwe\XboxApp.dll 2016-11-10 22:18 - 2016-11-10 22:19 - 00879104 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_24.26.14000.0_x64__8wekyb3d8bbwe\sqlite3.dll 2017-01-10 17:53 - 2016-12-21 00:47 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll 2017-01-10 17:53 - 2016-12-21 00:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-01-10 17:53 - 2016-12-21 00:47 - 00115712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\DeviceSideServicesActionUriHandler.dll 2017-01-10 17:53 - 2016-12-21 00:47 - 00522752 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll 2016-07-16 05:43 - 2016-07-16 08:27 - 00040448 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node 2016-07-16 05:43 - 2016-07-16 08:26 - 00813056 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node 2016-07-16 05:43 - 2016-07-16 08:27 - 00963584 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node 2016-07-16 05:43 - 2016-07-16 08:27 - 00249344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node 2016-07-16 05:43 - 2016-07-16 08:27 - 00572416 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node 2016-07-16 05:43 - 2016-07-16 08:27 - 00403968 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node 2016-07-16 05:43 - 2016-07-16 08:27 - 00183296 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node 2016-07-16 05:43 - 2016-07-16 08:26 - 00288256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node 2017-01-23 12:27 - 2017-01-23 12:27 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll 2017-01-26 13:13 - 2017-01-26 13:13 - 02561536 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.3410.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll 2017-01-26 13:13 - 2017-01-26 13:13 - 00139264 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.3410.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll 2017-01-10 17:53 - 2016-12-21 00:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-01-10 17:53 - 2016-12-21 00:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-01-10 17:53 - 2016-12-21 00:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-01-10 17:53 - 2016-12-21 00:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-01-10 17:53 - 2016-12-21 00:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-01-18 13:44 - 2016-12-12 17:30 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-12-16 01:21 - 2016-12-12 17:30 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll 2016-12-16 01:21 - 2016-12-12 17:30 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2016-12-16 01:21 - 2016-12-12 17:27 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll 2016-12-16 01:21 - 2016-12-12 08:36 - 00525760 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node 2016-12-16 01:21 - 2016-12-12 08:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node 2016-12-16 01:21 - 2016-12-12 08:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node 2016-12-16 01:21 - 2016-12-12 08:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node 2016-12-16 01:21 - 2016-12-12 08:36 - 00447424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node 2016-12-16 01:21 - 2016-12-12 08:36 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node 2016-12-16 01:21 - 2016-12-12 08:36 - 01003456 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node 2016-12-16 01:21 - 2016-12-12 08:36 - 00956472 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node 2015-07-10 23:37 - 2015-07-10 23:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2017-01-25 19:51 - 2017-01-25 19:50 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\amazon.com -> hxxps://amazon.com IE trusted site: HKU\S-1-5-21-644720202-386382277-852305080-1001\...\amazon.ca -> hxxps://amazon.ca ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 01:24 - 2016-10-01 10:33 - 00000830 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-644720202-386382277-852305080-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\Downloads\genji.png DNS Servers: 82.163.143.176 - 82.163.142.178 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKU\S-1-5-21-644720202-386382277-852305080-1001\...\StartupApproved\Run: => "uTorrent" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{DE70B32F-1CBA-471C-8A6F-F3C54265AE41}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1 Open Beta\bf1.exe FirewallRules: [{1CEED6C6-575B-42A6-8B5E-26816086B709}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1 Open Beta\bf1.exe FirewallRules: [UDP Query User{A52D9F84-2926-486D-B443-C50F5EFB880F}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe FirewallRules: [TCP Query User{AEF0EAB8-51F8-4E9F-B338-107348D4EF1B}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe FirewallRules: [{689AE57C-85CB-4FF0-B19B-684E63707190}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe FirewallRules: [{0212236A-BC8E-4777-8018-1FC4583A0DF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe FirewallRules: [{6DCF6512-862B-4502-AF6C-1A639A0C5AB7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe FirewallRules: [{989FCFFE-2980-479A-BC04-3839B84754AB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe FirewallRules: [{D24A7BCE-2E1B-441F-AB6A-A180480496DA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe FirewallRules: [{316AC27B-1C7A-4501-B42C-7C1F96A62B70}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe FirewallRules: [{ED64C383-0D3F-40F4-924E-2D7901D0ECBA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe FirewallRules: [{FF909C55-E075-4F68-AF4D-B83E89DEB5DF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe FirewallRules: [{5FC9CD92-55D1-4C22-8E93-0823A22A4E0F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe FirewallRules: [{16A3488D-DA8E-4EA1-B8AF-7AD65DB36AD6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe FirewallRules: [UDP Query User{24EFE80E-7E46-4D76-ACB4-17C693DAC7DB}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [TCP Query User{B9D033D4-D872-42DD-934D-77169555DFDB}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [UDP Query User{F3247843-2E61-470B-8A1B-8E512EDBAA61}C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe FirewallRules: [TCP Query User{AF0FA451-E9D7-4BD2-8E50-EFF8191BF9E6}C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe FirewallRules: [{CD5E1815-1BBB-4F69-8C79-A9C4915D30C6}] => (Block) C:\users\owner\appdata\local\popcorn-time\nw.exe FirewallRules: [{7B69FF48-9B37-49BE-8788-24E89379F487}] => (Block) C:\users\owner\appdata\local\popcorn-time\nw.exe FirewallRules: [UDP Query User{6F1FFBF3-5568-4091-9177-73788F125D5E}C:\users\owner\appdata\local\popcorn-time\nw.exe] => (Allow) C:\users\owner\appdata\local\popcorn-time\nw.exe FirewallRules: [TCP Query User{431DED84-C81D-4EB1-AA96-033064FE6A32}C:\users\owner\appdata\local\popcorn-time\nw.exe] => (Allow) C:\users\owner\appdata\local\popcorn-time\nw.exe FirewallRules: [{1B002BF3-3C2E-433F-A14F-1D5231CD66F8}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{AC8C4BFB-7243-4D43-932A-E73722655EB6}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{4534249C-D401-482E-9C91-1C8CDF12820A}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{D545397C-F89F-4250-AC83-98F58FDC47C3}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{AC843180-AB3B-4F22-9AAA-F370B274C756}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{AFB05BA9-A684-4CA3-8AE9-102D1D14430C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1E7E786B-84ED-4E6E-9849-34102EEF79A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe FirewallRules: [{E7DA7288-6A0E-48BC-AAA8-38571FC31CC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe FirewallRules: [{52C3BFAA-7C01-4483-A77C-C686ED112D99}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{F0354090-FDB3-4005-BAC8-82B0DD263C7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe FirewallRules: [{7F333E83-CFAB-49A5-8DD8-7B60BC874789}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe FirewallRules: [{E3598927-BD81-4F63-876C-03D2B31D6C53}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{B5208D03-7165-4474-8054-80216464431E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{50DC51A6-C3D9-4A61-BE07-A4688FEDD256}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{2202BE77-CD6B-4BE4-98B8-EE5A5D036F04}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{6C6B767B-C00D-4B25-A8A1-0C3C007E65F1}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{218135E8-5701-4873-B00B-D0FBFCC971E5}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{2C90D0E3-6B30-45C9-A59B-6D296FBCD5F0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{E27B9875-B880-40D0-B502-90329F9FA7FC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{A5A2E5F2-FE4E-428B-AFE8-F6A0F8561F05}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{04215132-9EC8-4426-8311-374BA73F9FC0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{3B16D590-AD04-4D13-9337-26699BA013C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe FirewallRules: [{097638DF-D133-4EBC-B176-FAE560F0DBA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe FirewallRules: [{89BC3739-C93A-48E1-B37A-9FCB2E7F5682}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{2A82ED0E-C2F9-4F42-87A3-2B8E31C3447F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{BEAA99DF-B631-4A9B-B606-5D1BC756CE14}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [TCP Query User{38CA1A0D-F5F0-4F87-87C8-609D1986B532}C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Block) C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe FirewallRules: [UDP Query User{D7E5A993-AE2F-464A-A533-47F05320AD8F}C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Block) C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe FirewallRules: [{0E11F150-7A8B-40BB-9FC3-A7936C840011}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{79FDA3C2-687A-4B3C-BFEC-5D1F8FBB3658}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{9ACCEA18-5102-485A-9942-00109F127F30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{514E62FA-982B-4D15-A962-8710B446D8F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{6D3F7F5E-3646-463F-BB5E-4C77B2BAF96E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{26D6BF89-6CDD-4AFF-9AF1-0B1AC0CB708C}C:\program files (x86)\overwatch\overwatch.exe] => (Block) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [UDP Query User{EACEDEEB-0D01-4865-B1ED-D76DB61CA400}C:\program files (x86)\overwatch\overwatch.exe] => (Block) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [{AE0A332A-0594-421B-8E30-04CFC13EEFD5}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe ==================== Restore Points ========================= 08-02-2017 15:13:07 Windows Update 17-02-2017 15:25:39 Scheduled Checkpoint 22-02-2017 17:56:55 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/27/2017 10:01:54 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program chrome.exe version 56.0.2924.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 3020 Start Time: 01d291775b3f8831 Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Report Id: a35af015-fd6a-11e6-a5b6-305a3a7c1420 Faulting package full name: Faulting package-relative application ID: Error: (02/27/2017 10:01:52 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program chrome.exe version 56.0.2924.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 35d0 Start Time: 01d29177450406b8 Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Report Id: 99536f30-fd6a-11e6-a5b6-305a3a7c1420 Faulting package full name: Faulting package-relative application ID: Error: (02/27/2017 08:17:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-4FS135R) Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (02/27/2017 08:11:43 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program uTorrent.exe version 3.4.9.43295 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1bb4 Start Time: 01d291666d673f38 Termination Time: 4294967295 Application Path: C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe Report Id: 3d504919-fd5b-11e6-a5b6-305a3a7c1420 Faulting package full name: Faulting package-relative application ID: Error: (02/27/2017 07:45:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-4FS135R) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (02/27/2017 07:18:40 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "c:\program files (x86)\ubisoft\ubisoft game launcher\cache\patch\4810\Uplay.exe". Dependent Assembly XAudio2_7.X,processorArchitecture="X86",type="Win32",version="9.29.1962.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (02/27/2017 07:05:34 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program chrome.exe version 56.0.2924.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 997c Start Time: 01d2915e5a361adf Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Report Id: e30a006a-fd51-11e6-a5b4-305a3a7c1420 Faulting package full name: Faulting package-relative application ID: Error: (02/27/2017 07:04:50 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program chrome.exe version 56.0.2924.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 937c Start Time: 01d2915ea49e7224 Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Report Id: e6b53caa-fd51-11e6-a5b4-305a3a7c1420 Faulting package full name: Faulting package-relative application ID: Error: (02/26/2017 03:24:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-4FS135R) Description: Activation of app Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (02/22/2017 05:57:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . System errors: ============= Error: (02/28/2017 06:26:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The McAfee Home Network service hung on starting. Error: (02/28/2017 06:21:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/28/2017 06:19:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/28/2017 06:03:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/28/2017 05:53:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/28/2017 12:31:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/27/2017 10:06:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/27/2017 10:06:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/27/2017 10:01:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/27/2017 08:17:13 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-4FS135R) Description: The server App did not register with DCOM within the required timeout. CodeIntegrity: =================================== Date: 2017-02-28 18:00:46.038 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-02-28 18:00:13.504 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-02-28 18:00:13.504 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-02-27 18:52:14.611 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-02-27 18:51:50.341 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-02-27 18:51:35.706 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-02-19 15:32:28.125 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-01-25 20:30:37.822 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-01-25 20:29:10.583 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-01-25 19:53:09.208 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz Percentage of memory in use: 27% Total physical RAM: 8109.52 MB Available physical RAM: 5844.61 MB Total Virtual: 9389.52 MB Available Virtual: 7157.03 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.02 GB) (Free:669.09 GB) NTFS Drive f: (Jan 18 2017) (CDROM) (Total:4.38 GB) (Free:4.23 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C49EAF1E) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  4. FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2017 01 Ran by Owner (administrator) on DESKTOP-4FS135R (28-02-2017 18:25:23) Running from C:\Users\Owner\Desktop Loaded Profiles: Owner (Available Profiles: Owner & krist) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\McCSPServiceHost.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.SmartMonitor.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.7909.7600.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7920.40507.0_x64__8wekyb3d8bbwe\HxTsr.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8521968 2015-08-06] (Realtek Semiconductor) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239672 2017-02-27] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1178400 2015-07-10] (Intel Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKU\S-1-5-21-644720202-386382277-852305080-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation) HKU\S-1-5-21-644720202-386382277-852305080-1001\...\MountPoints2: {1affd6cb-e737-11e6-a5b1-305a3a7c1420} - "D:\VZW_Software_upgrade_assistant.exe" Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Owner\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Owner\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Owner\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Owner\AppData\Local\MEGAsync\ShellExtX32.dll -> No File ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Owner\AppData\Local\MEGAsync\ShellExtX32.dll -> No File ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Owner\AppData\Local\MEGAsync\ShellExtX32.dll -> No File GroupPolicy: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178 Tcpip\..\Interfaces\{18446095-7576-11e6-9b2f-806e6f6e6963}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{9853df5e-e033-40ad-9b01-8417b126caaa}: [NameServer] 82.163.143.176 82.163.142.178 Tcpip\..\Interfaces\{9853df5e-e033-40ad-9b01-8417b126caaa}: [DhcpNameServer] 209.18.47.61 209.18.47.62 Tcpip\..\Interfaces\{c08aeb4c-c284-4287-bd40-ebb810d3701b}: [NameServer] 8.8.8.8 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-644720202-386382277-852305080-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\S-1-5-21-644720202-386382277-852305080-1001 -> DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.ca/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_ca_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_ff1c97cb_1201_1401_20160502_CA_ie_ds_&tag=bds-p10-serp-ca-ie-20&query={searchTerms} SearchScopes: HKU\S-1-5-21-644720202-386382277-852305080-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.ca/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_ca_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_ff1c97cb_1201_1401_20160502_CA_ie_ds_&tag=bds-p10-serp-ca-ie-20&query={searchTerms} BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.) BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-07] (Intel Security) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-18] (Oracle Corporation) BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-18] (Oracle Corporation) Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-07] (Intel Security) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-02-10] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-02-10] (McAfee, Inc.) FireFox: ======== FF DefaultProfile: 4fvnax9c.default FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4fvnax9c.default [2017-02-28] FF NewTab: Mozilla\Firefox\Profiles\4fvnax9c.default -> hxxps://www.amazon.ca/gp/bit/amazonserp/ref=bit_bds-p10_serp_ff_ca_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_ff1c97cb_1201_1401_20160502_CA_ff_nt_ FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\4fvnax9c.default -> Amazon FF Homepage: Mozilla\Firefox\Profiles\4fvnax9c.default -> hxxps://www.amazon.ca/gp/bit/amazonserp/ref=bit_bds-p10_serp_ff_ca_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_ff1c97cb_1201_1401_20160502_CA_ff_sp_ FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4fvnax9c.default\features\{3fc2c517-afe0-4f9d-ba27-899157568517}\disableSHA1rollout@mozilla.org.xpi [2017-02-24] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-28] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-16] () FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-02-10] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-18] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-18] (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-02-10] () FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) Chrome: ======= CHR HomePage: Default -> amazon.ca/gp/bit/amazonserp/?ie=UTF8__PARAM__ CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2017-02-28] CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-18] CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-18] CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-18] CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-18] CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-18] CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-18] CHR Extension: (McAfee® WebAdvisor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-02-27] CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14] CHR Extension: (AdBlock) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-24] CHR Extension: (Skype) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-02-26] CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18] CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2016-10-17] CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-18] CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-02] CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\System Profile [2016-01-18] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-644720202-386382277-852305080-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lcfkhollddheikkajijpaceofefckjii] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-644720202-386382277-852305080-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1257384 2017-02-27] (AVG Technologies CZ, s.r.o.) R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1747800 2017-02-16] (Intel Security) U2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed] R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-01-09] (McAfee, Inc.) R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-23] (McAfee, Inc.) R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\\McCSPServiceHost.exe [2054080 2017-02-03] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1342904 2017-02-01] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.) R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation) R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-12] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2016-12-12] (NVIDIA Corporation) R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.) R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996824 2017-02-06] (McAfee, Inc.) R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-02-06] (McAfee, Inc.) S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-02-06] (McAfee, Inc.) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5906704 2017-02-21] (AVG Technologies CZ, s.r.o.) R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2017-01-25] () S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.) R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-01-25] (Malwarebytes) S3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2017-02-04] (Malwarebytes) S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-04] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-02-28] (Malwarebytes) R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.) R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.) S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2016-11-18] (McAfee, Inc.) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.) R3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.) S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.) R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.) R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-12] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-12-12] (NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-01-09] (AVG Netherlands B.V.) S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2016-07-16] (Microsoft Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [26200 2016-06-15] (SplitmediaLabs Limited) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-28 18:25 - 2017-02-28 18:25 - 00025137 _____ C:\Users\Owner\Desktop\FRST.txt 2017-02-28 18:13 - 2017-02-28 18:25 - 00000000 ____D C:\FRST 2017-02-28 18:13 - 2017-02-28 18:13 - 02423296 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe 2017-02-27 19:19 - 2017-02-27 19:19 - 00002117 _____ C:\Users\Public\Desktop\McAfee® AntiVirus Plus.lnk 2017-02-27 19:19 - 2017-02-27 19:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2017-02-27 19:18 - 2016-08-02 01:03 - 00216704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys 2017-02-27 19:16 - 2017-02-27 19:16 - 00003142 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon 2017-02-27 19:16 - 2017-02-27 19:16 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee 2017-02-27 19:16 - 2017-02-27 19:16 - 00000000 ____D C:\ProgramData\Intel Security 2017-02-27 19:15 - 2017-02-27 19:20 - 00000000 ____D C:\Program Files\McAfee 2017-02-27 19:15 - 2017-02-27 19:15 - 00000000 ____D C:\Program Files\McAfee.com 2017-02-27 19:14 - 2017-02-27 19:14 - 00000000 ____D C:\Program Files\Common Files\Intel Security 2017-02-27 18:58 - 2016-11-14 17:41 - 00342768 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe 2017-02-27 18:56 - 2017-02-27 18:57 - 35961640 _____ (McAfee, Inc.) C:\Users\Owner\Downloads\CSISSetup.exe 2017-02-27 18:37 - 2017-02-27 18:51 - 00000000 ____D C:\ProgramData\3a32b349-72a1-1 2017-02-27 18:37 - 2017-02-27 18:50 - 00000000 ____D C:\ProgramData\3a32b349-7445-0 2017-02-27 18:31 - 2017-02-27 21:42 - 00000000 ____D C:\ProgramData\{4F005314-F8AB-E4BF-EA8F-F1475040674C} 2017-02-27 18:31 - 2017-02-27 18:32 - 00000000 ____D C:\ProgramData\3a32b349-34a5-0 2017-02-27 18:31 - 2017-02-27 18:31 - 00003972 _____ C:\WINDOWS\System32\Tasks\{9E85448E-292E-F325-CBB2-DA7E685917ED} 2017-02-23 16:31 - 2017-02-23 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2017-02-20 21:09 - 2017-02-28 18:12 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla 2017-02-14 16:51 - 2017-02-14 16:51 - 00000000 ____D C:\Users\Default\AppData\Local\AVG 2017-02-14 16:51 - 2017-02-14 16:51 - 00000000 ____D C:\Users\Default User\AppData\Local\AVG 2017-02-10 14:53 - 2017-02-27 20:01 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\uTorrent 2017-02-10 09:38 - 2017-02-10 09:38 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\22800088.sys 2017-02-08 15:16 - 2017-02-08 15:16 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2017-02-08 15:16 - 2016-12-29 06:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2017-02-08 15:16 - 2016-09-09 12:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2017-02-08 15:16 - 2016-09-09 12:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll 2017-02-08 15:16 - 2016-09-09 12:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2017-02-08 15:16 - 2016-09-09 12:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe 2017-01-30 22:38 - 2017-01-30 22:38 - 00002904 _____ C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-28 18:24 - 2016-01-19 14:26 - 00000000 ____D C:\Program Files (x86)\Image-Line 2017-02-28 18:23 - 2016-09-07 20:44 - 00000000 ____D C:\ProgramData\NVIDIA 2017-02-28 18:23 - 2016-05-17 10:11 - 00000000 ____D C:\Users\Owner\Desktop\my stuff 2017-02-28 18:22 - 2016-01-23 13:44 - 00000000 ____D C:\Program Files (x86)\Steam 2017-02-28 18:21 - 2017-01-25 19:52 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-02-28 18:21 - 2017-01-25 19:51 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task 2017-02-28 18:20 - 2016-09-07 20:57 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-02-28 18:20 - 2016-05-02 13:27 - 00000000 ____D C:\Program Files (x86)\McAfee 2017-02-28 18:19 - 2016-12-16 01:22 - 00005943 _____ C:\ProgramData\NvTelemetryContainer.log_backup1 2017-02-28 18:19 - 2016-07-16 00:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI 2017-02-28 18:16 - 2016-01-19 14:30 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line 2017-02-28 18:16 - 2016-01-19 14:30 - 00000000 ____D C:\Program Files\Image-Line 2017-02-28 18:15 - 2016-01-19 14:31 - 00000000 ____D C:\Program Files (x86)\VstPlugins 2017-02-28 17:53 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-02-27 22:16 - 2016-05-02 13:18 - 00000000 ____D C:\ProgramData\McAfee 2017-02-27 22:08 - 2016-05-05 20:07 - 00000000 ____D C:\Users\Owner\AppData\Local\Battle.net 2017-02-27 22:07 - 2016-05-05 20:06 - 00000000 ____D C:\Program Files (x86)\Battle.net 2017-02-27 21:42 - 2016-03-16 17:30 - 00000000 ____D C:\ProgramData\287b118d 2017-02-27 21:26 - 2016-09-07 20:42 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-02-27 20:14 - 2016-09-07 20:47 - 00000000 ____D C:\Users\Owner 2017-02-27 20:09 - 2016-05-02 13:18 - 00000000 ____D C:\Program Files\TrueKey 2017-02-27 19:23 - 2017-01-20 18:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-02-27 19:23 - 2016-02-20 12:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-02-27 19:19 - 2016-07-16 00:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM 2017-02-27 19:17 - 2016-05-02 13:27 - 00000000 ____D C:\Program Files\Common Files\McAfee 2017-02-27 19:16 - 2016-07-16 05:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2017-02-27 18:31 - 2016-09-07 20:57 - 00003882 _____ C:\WINDOWS\System32\Tasks\{F0C799A2-4156-0ACD-49B3-323A296C6C6D} 2017-02-27 00:31 - 2016-05-05 21:07 - 00000000 ____D C:\Program Files (x86)\Overwatch 2017-02-26 23:19 - 2016-11-07 23:25 - 00000000 ____D C:\Program Files (x86)\Overwatch Test 2017-02-26 14:21 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-02-25 13:25 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-02-23 16:31 - 2017-01-25 19:52 - 00000955 _____ C:\Users\Public\Desktop\AVG.lnk 2017-02-23 16:29 - 2016-05-02 13:18 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-02-22 18:00 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-02-22 17:59 - 2016-01-18 14:07 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-02-22 17:57 - 2016-01-18 14:07 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-02-21 14:57 - 2016-01-18 17:40 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps 2017-02-21 09:29 - 2017-01-25 20:25 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe 2017-02-16 20:19 - 2017-01-25 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2017-02-16 16:53 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-02-16 16:53 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-02-08 15:16 - 2016-09-07 20:43 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2017-02-08 15:16 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF 2017-02-08 15:16 - 2016-01-18 13:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2017-02-06 13:48 - 2017-01-11 16:11 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-02-06 13:48 - 2017-01-11 16:11 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-02-04 10:35 - 2016-01-24 17:16 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-02-04 10:35 - 2016-01-24 17:16 - 00000000 ____D C:\ProgramData\Skype 2017-02-04 10:24 - 2017-01-25 19:52 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-02-04 10:24 - 2017-01-25 19:52 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-02-02 16:34 - 2016-09-07 20:47 - 00000000 ____D C:\Users\krist 2017-02-02 15:32 - 2016-01-18 17:48 - 00002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-01 16:45 - 2016-04-24 13:41 - 00002083 _____ C:\Users\Owner\Desktop\PopcornTime.lnk ==================== Files in the root of some directories ======= 2016-01-22 18:50 - 2016-01-22 18:50 - 0000110 _____ () C:\Users\Owner\AppData\Local\dottmpfile.txt 2016-01-22 19:59 - 2016-01-22 19:59 - 0000017 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg 2016-09-07 20:43 - 2016-09-07 20:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-12-16 01:22 - 2017-02-28 18:20 - 0002938 _____ () C:\ProgramData\NvTelemetryContainer.log 2016-12-16 01:22 - 2017-02-28 18:19 - 0005943 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1 Some files in TEMP: ==================== 2017-02-27 19:14 - 2017-02-10 10:30 - 1027864 _____ (McAfee, Inc.) C:\Users\Owner\AppData\Local\Temp\0270651488244457mcinst.exe 2017-01-18 23:43 - 2017-01-18 23:43 - 0739904 _____ (Oracle Corporation) C:\Users\Owner\AppData\Local\Temp\jre-8u121-windows-au.exe 2017-02-03 22:06 - 2017-02-03 22:06 - 0244264 _____ (McAfee, Inc.) C:\Users\Owner\AppData\Local\Temp\McCSPInstall.dll 2016-09-03 17:25 - 2016-08-25 14:53 - 0745904 _____ (NVIDIA Corporation) C:\Users\Owner\AppData\Local\Temp\nvSCPAPI.dll 2016-09-03 17:25 - 2016-09-16 16:36 - 0860960 _____ (NVIDIA Corporation) C:\Users\Owner\AppData\Local\Temp\nvSCPAPI64.dll 2016-09-23 08:51 - 2016-09-16 16:36 - 0346680 _____ (NVIDIA Corporation) C:\Users\Owner\AppData\Local\Temp\nvStInst.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-02-26 20:58 ==================== End of FRST.txt ============================
  5. Thanks I will post the logs later today when I am at that PC.
  6. I am new to this. What exactly will this do? I understand that it will create 2 .txt files but I am confused to where I will find them. Thanks!
  7. My Malwarebytes software scan my computer and finds a few TrojanDNSChanger threats. When I attempt to quarantine them, Malwarebytes sits on "quarantining threats 0 of 15" all night. I tried removing it 3 times now but Malwarebytes seems to freeze whenever I make an attempt. It is extremely annoying adware that I want gone so I have more disk space. Please help.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.