joshfranco

March 4, 2017

I am pretty sure this did the job! Thanks ^-^

Zemana AntiMalware 2.72.2.101 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/3/4
Operating System       : Windows 10 64-bit
Processor              : 8X Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
BIOS Mode              : Legacy
CUID                   : 124AE72D12BC3FAF612536
Scan Type              : System Scan
Duration               : 11m 36s
Scanned Objects        : 95543
Detected Objects       : 8
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Enabled
Detect All Extensions : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Chrome Homepage
Status             : Scanned
Object             : http://www-mysearch.com/?pid=s&s=G1Nzamotn10924,5754eeea-ff51-401f-89a2-e12794a1fe75,&vp=ch&prd=set_ch
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Homepage

Ethernet
Status             : Scanned
Object             : Ethernet 82.163.143.176
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : DNS Hijack
Cleaning Action    : Repair
Related Objects    :
                DNS Server - Ethernet : 82.163.143.176

3a32b349-34a5-0
Status             : Scanned
Object             : NE->c:\programdata\3a32b349-34a5-0
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/DNSUnlocker.E!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

3a32b349-72a1-1
Status             : Scanned
Object             : NE->c:\programdata\3a32b349-72a1-1
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/DNSUnlocker.E!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

3a32b349-7445-0
Status             : Scanned
Object             : NE->c:\programdata\3a32b349-7445-0
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/DNSUnlocker.E!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

c
Status             : Scanned
Object             : NE->c:\users\owner\appdata\roaming\c
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/InterStat.E!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

{9e85448e-292e-f325-cbb2-da7e685917ed}
Status             : Scanned
Object             : NE->c:\windows\system32\tasks\{9e85448e-292e-f325-cbb2-da7e685917ed}
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/DNSUnlocker.H!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

{f0c799a2-4156-0acd-49b3-323a296c6c6d}
Status             : Scanned
Object             : NE->c:\windows\system32\tasks\{f0c799a2-4156-0acd-49b3-323a296c6c6d}
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/DNSUnlocker.I!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

Cleaning Result
-------------------------------------------------------
Cleaned               : 8
Reported as safe      : 0
Failed                : 0

March 2, 2017

Yes I have. I can take a screen shot when I am at my PC of what exactly is happening when I scan with Malwarebytes. It fails to quarantine the Trojan each time.

March 1, 2017

ADDITION.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01
Ran by Owner (28-02-2017 18:27:14)
Running from C:\Users\Owner\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-08 03:06:25)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-644720202-386382277-852305080-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-644720202-386382277-852305080-503 - Limited - Disabled)
Guest (S-1-5-21-644720202-386382277-852305080-501 - Limited - Disabled)
krist (S-1-5-21-644720202-386382277-852305080-1002 - Limited - Enabled) => C:\Users\krist
Owner (S-1-5-21-644720202-386382277-852305080-1001 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Amazon 1Button App (HKLM-x32\...\{FA378CD1-F32D-4610-9884-3902DF8AF826}) (Version: 2.3.8 - Amazon) <==== ATTENTION
Ansel (Version: 376.33 - NVIDIA Corporation) Hidden
AVG (HKLM\...\AvgZen) (Version: 1.161.2.61210 - AVG Technologies)
AVG (Version: 1.161.2 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.74.2.60831 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.74.1 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Discord (HKU\S-1-5-21-644720202-386382277-852305080-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Evolve Stage 2 (HKLM\...\Steam App 273350) (Version: - Turtle Rock Studios)
FMW 1 (Version: 1.172.2 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.13.125.1 - Intel Security)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.209 - McAfee, Inc.)
McAfee® AntiVirus Plus (HKLM-x32\...\MSC) (Version: 14.0.12000 - McAfee, Inc.)
Microsoft OneDrive (HKU\S-1-5-21-644720202-386382277-852305080-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.2.0.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.0.96 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.0.0.0 - NVIDIA Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version: - Blizzard Entertainment)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7576 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0350 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.103 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Subnautica (HKLM-x32\...\Steam App 264710) (Version: - Unknown Worlds Entertainment)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05E5E8F4-8EE4-48F5-988F-057022B66089} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-12-09] (McAfee, Inc.)
Task: {097E6DA9-0186-47A4-8F1A-6FEAC93CAE9C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-12] (NVIDIA Corporation)
Task: {1201FF6B-5330-4EDC-8CFD-A2182C5A359E} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {1E6EAECE-B13A-4F91-9A36-F8CE71551F45} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-16] (Adobe Systems Incorporated)
Task: {20093A66-4726-4E95-AB4B-7E0C55AEB825} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-18] (Google Inc.)
Task: {27D2E774-D897-4645-96B6-4E50043A80C5} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-12] (NVIDIA Corporation)
Task: {4259358E-7BD9-4CAB-ABA8-3028A1EE5D9F} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {4E5B2D00-3B25-47C7-AFFC-1DE514C94FAF} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-12] (NVIDIA Corporation)
Task: {561DEE2D-703F-4EE9-96A1-9471148471AE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-02-22] (Microsoft Corporation)
Task: {5B1C89D1-918A-4DC7-ADC2-F09A0E0D9D7C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-18] (Google Inc.)
Task: {605526DE-6149-4A57-9A92-0DC2723CCE21} - System32\Tasks\{F0C799A2-4156-0ACD-49B3-323A296C6C6D} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\287b118d\126e6887.dll" <==== ATTENTION
Task: {6F2AB44E-F636-4452-ABC5-9099E95873C7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-12-12] (NVIDIA Corporation)
Task: {879E4CC7-1099-4634-8EBC-601F9BCCFB4A} - System32\Tasks\{5B1BE7C4-7478-49BD-80F1-968F8926FB41} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\"
Task: {8B6870BF-E76C-495F-97B9-D7D837330755} - System32\Tasks\{5C6BEC3A-B7EB-478F-9152-9EE9F433B69A} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\"
Task: {8F66B656-A3E8-4AF1-81A0-B5947F072726} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-12-12] (NVIDIA Corporation)
Task: {9B381CC5-A230-4FE2-8A6E-74AFECB8CB7B} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-02-21] (AVG Technologies CZ, s.r.o.)
Task: {C22B8E63-76BB-46B8-B13C-8469191BED95} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {E15C03B5-7A01-4688-874F-1D2C4F781D7D} - \{0F0D0A47-787E-790B-0F11-0D7D7A7E117D} -> No File <==== ATTENTION
Task: {E2C2097F-5F2E-47D2-AEEC-615BF5F408B8} - System32\Tasks\{765F7D8A-15B7-44C4-8578-3A83E2DD693E} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\"
Task: {E51EEC6A-B83B-43DF-9211-692A17ED55F3} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-12-12] (NVIDIA Corporation)
Task: {E984BEBE-0AF0-47C4-9DBD-1A23318E5D0E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-12] (NVIDIA Corporation)
Task: {F3F6B799-5F4A-47A1-AE00-DBFBB615D279} - System32\Tasks\{9E85448E-292E-F325-CBB2-DA7E685917ED} => C:\ProgramData\{4F005314-F8AB-E4BF-EA8F-F1475040674C}\D1A05AF5-660B-ED5E-8B08-CA8A4BA5700A.exe <==== ATTENTION
Task: {F9642ED4-B939-44F1-AB52-518FFB9DA536} - System32\Tasks\McAfee\McAfee Idle Detection Task

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Owner\Desktop\google\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 22:49 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-07 20:44 - 2016-12-29 06:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-01-25 19:52 - 2017-01-25 21:20 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2015-05-19 09:11 - 2015-05-19 09:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2016-12-16 01:21 - 2016-12-12 17:30 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-16 01:21 - 2016-12-12 17:30 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-12-13 22:49 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-14 20:46 - 2016-09-06 22:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 17:53 - 2016-12-21 01:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-02-22 10:38 - 2017-02-22 10:38 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 10:38 - 2017-02-22 10:38 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 10:38 - 2017-02-22 10:38 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 14:39 - 2017-02-06 14:39 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2016-10-03 11:32 - 2016-09-15 11:29 - 03388256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2016-09-14 20:45 - 2016-09-06 23:36 - 02263904 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2017-02-15 16:56 - 2017-02-15 16:57 - 36984320 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_24.26.14000.0_x64__8wekyb3d8bbwe\XboxApp.dll
2016-11-10 22:18 - 2016-11-10 22:19 - 00879104 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_24.26.14000.0_x64__8wekyb3d8bbwe\sqlite3.dll
2017-01-10 17:53 - 2016-12-21 00:47 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2017-01-10 17:53 - 2016-12-21 00:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 17:53 - 2016-12-21 00:47 - 00115712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\DeviceSideServicesActionUriHandler.dll
2017-01-10 17:53 - 2016-12-21 00:47 - 00522752 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2016-07-16 05:43 - 2016-07-16 08:27 - 00040448 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2016-07-16 05:43 - 2016-07-16 08:26 - 00813056 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2016-07-16 05:43 - 2016-07-16 08:27 - 00963584 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2016-07-16 05:43 - 2016-07-16 08:27 - 00249344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2016-07-16 05:43 - 2016-07-16 08:27 - 00572416 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2016-07-16 05:43 - 2016-07-16 08:27 - 00403968 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2016-07-16 05:43 - 2016-07-16 08:27 - 00183296 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2016-07-16 05:43 - 2016-07-16 08:26 - 00288256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2017-01-23 12:27 - 2017-01-23 12:27 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2017-01-26 13:13 - 2017-01-26 13:13 - 02561536 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.3410.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2017-01-26 13:13 - 2017-01-26 13:13 - 00139264 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.3410.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll
2017-01-10 17:53 - 2016-12-21 00:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 17:53 - 2016-12-21 00:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 17:53 - 2016-12-21 00:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 17:53 - 2016-12-21 00:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 17:53 - 2016-12-21 00:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-18 13:44 - 2016-12-12 17:30 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-12-16 01:21 - 2016-12-12 17:30 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-16 01:21 - 2016-12-12 17:30 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-12-16 01:21 - 2016-12-12 17:27 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-12-16 01:21 - 2016-12-12 08:36 - 00525760 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-12-16 01:21 - 2016-12-12 08:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-12-16 01:21 - 2016-12-12 08:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-12-16 01:21 - 2016-12-12 08:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-12-16 01:21 - 2016-12-12 08:36 - 00447424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-12-16 01:21 - 2016-12-12 08:36 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-12-16 01:21 - 2016-12-12 08:36 - 01003456 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-16 01:21 - 2016-12-12 08:36 - 00956472 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2015-07-10 23:37 - 2015-07-10 23:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-01-25 19:51 - 2017-01-25 19:50 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\amazon.com -> hxxps://amazon.com
IE trusted site: HKU\S-1-5-21-644720202-386382277-852305080-1001\...\amazon.ca -> hxxps://amazon.ca

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 01:24 - 2016-10-01 10:33 - 00000830 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-644720202-386382277-852305080-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\Downloads\genji.png
DNS Servers: 82.163.143.176 - 82.163.142.178
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-644720202-386382277-852305080-1001\...\StartupApproved\Run: => "uTorrent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{DE70B32F-1CBA-471C-8A6F-F3C54265AE41}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1 Open Beta\bf1.exe
FirewallRules: [{1CEED6C6-575B-42A6-8B5E-26816086B709}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1 Open Beta\bf1.exe
FirewallRules: [UDP Query User{A52D9F84-2926-486D-B443-C50F5EFB880F}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [TCP Query User{AEF0EAB8-51F8-4E9F-B338-107348D4EF1B}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [{689AE57C-85CB-4FF0-B19B-684E63707190}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{0212236A-BC8E-4777-8018-1FC4583A0DF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{6DCF6512-862B-4502-AF6C-1A639A0C5AB7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe
FirewallRules: [{989FCFFE-2980-479A-BC04-3839B84754AB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe
FirewallRules: [{D24A7BCE-2E1B-441F-AB6A-A180480496DA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe
FirewallRules: [{316AC27B-1C7A-4501-B42C-7C1F96A62B70}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe
FirewallRules: [{ED64C383-0D3F-40F4-924E-2D7901D0ECBA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
FirewallRules: [{FF909C55-E075-4F68-AF4D-B83E89DEB5DF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
FirewallRules: [{5FC9CD92-55D1-4C22-8E93-0823A22A4E0F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
FirewallRules: [{16A3488D-DA8E-4EA1-B8AF-7AD65DB36AD6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
FirewallRules: [UDP Query User{24EFE80E-7E46-4D76-ACB4-17C693DAC7DB}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{B9D033D4-D872-42DD-934D-77169555DFDB}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{F3247843-2E61-470B-8A1B-8E512EDBAA61}C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe
FirewallRules: [TCP Query User{AF0FA451-E9D7-4BD2-8E50-EFF8191BF9E6}C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe
FirewallRules: [{CD5E1815-1BBB-4F69-8C79-A9C4915D30C6}] => (Block) C:\users\owner\appdata\local\popcorn-time\nw.exe
FirewallRules: [{7B69FF48-9B37-49BE-8788-24E89379F487}] => (Block) C:\users\owner\appdata\local\popcorn-time\nw.exe
FirewallRules: [UDP Query User{6F1FFBF3-5568-4091-9177-73788F125D5E}C:\users\owner\appdata\local\popcorn-time\nw.exe] => (Allow) C:\users\owner\appdata\local\popcorn-time\nw.exe
FirewallRules: [TCP Query User{431DED84-C81D-4EB1-AA96-033064FE6A32}C:\users\owner\appdata\local\popcorn-time\nw.exe] => (Allow) C:\users\owner\appdata\local\popcorn-time\nw.exe
FirewallRules: [{1B002BF3-3C2E-433F-A14F-1D5231CD66F8}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{AC8C4BFB-7243-4D43-932A-E73722655EB6}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{4534249C-D401-482E-9C91-1C8CDF12820A}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{D545397C-F89F-4250-AC83-98F58FDC47C3}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{AC843180-AB3B-4F22-9AAA-F370B274C756}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AFB05BA9-A684-4CA3-8AE9-102D1D14430C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1E7E786B-84ED-4E6E-9849-34102EEF79A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{E7DA7288-6A0E-48BC-AAA8-38571FC31CC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{52C3BFAA-7C01-4483-A77C-C686ED112D99}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F0354090-FDB3-4005-BAC8-82B0DD263C7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{7F333E83-CFAB-49A5-8DD8-7B60BC874789}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{E3598927-BD81-4F63-876C-03D2B31D6C53}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B5208D03-7165-4474-8054-80216464431E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{50DC51A6-C3D9-4A61-BE07-A4688FEDD256}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2202BE77-CD6B-4BE4-98B8-EE5A5D036F04}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6C6B767B-C00D-4B25-A8A1-0C3C007E65F1}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{218135E8-5701-4873-B00B-D0FBFCC971E5}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2C90D0E3-6B30-45C9-A59B-6D296FBCD5F0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E27B9875-B880-40D0-B502-90329F9FA7FC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A5A2E5F2-FE4E-428B-AFE8-F6A0F8561F05}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{04215132-9EC8-4426-8311-374BA73F9FC0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{3B16D590-AD04-4D13-9337-26699BA013C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{097638DF-D133-4EBC-B176-FAE560F0DBA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{89BC3739-C93A-48E1-B37A-9FCB2E7F5682}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2A82ED0E-C2F9-4F42-87A3-2B8E31C3447F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BEAA99DF-B631-4A9B-B606-5D1BC756CE14}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [TCP Query User{38CA1A0D-F5F0-4F87-87C8-609D1986B532}C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Block) C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe
FirewallRules: [UDP Query User{D7E5A993-AE2F-464A-A533-47F05320AD8F}C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Block) C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe
FirewallRules: [{0E11F150-7A8B-40BB-9FC3-A7936C840011}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{79FDA3C2-687A-4B3C-BFEC-5D1F8FBB3658}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{9ACCEA18-5102-485A-9942-00109F127F30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{514E62FA-982B-4D15-A962-8710B446D8F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6D3F7F5E-3646-463F-BB5E-4C77B2BAF96E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{26D6BF89-6CDD-4AFF-9AF1-0B1AC0CB708C}C:\program files (x86)\overwatch\overwatch.exe] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{EACEDEEB-0D01-4865-B1ED-D76DB61CA400}C:\program files (x86)\overwatch\overwatch.exe] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{AE0A332A-0594-421B-8E30-04CFC13EEFD5}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

==================== Restore Points =========================

08-02-2017 15:13:07 Windows Update
17-02-2017 15:25:39 Scheduled Checkpoint
22-02-2017 17:56:55 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/27/2017 10:01:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 56.0.2924.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3020

Start Time: 01d291775b3f8831

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: a35af015-fd6a-11e6-a5b6-305a3a7c1420

Faulting package full name:

Faulting package-relative application ID:

Error: (02/27/2017 10:01:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 56.0.2924.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 35d0

Start Time: 01d29177450406b8

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 99536f30-fd6a-11e6-a5b6-305a3a7c1420

Faulting package full name:

Faulting package-relative application ID:

Error: (02/27/2017 08:17:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-4FS135R)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/27/2017 08:11:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uTorrent.exe version 3.4.9.43295 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1bb4

Start Time: 01d291666d673f38

Termination Time: 4294967295

Application Path: C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe

Report Id: 3d504919-fd5b-11e6-a5b6-305a3a7c1420

Faulting package full name:

Faulting package-relative application ID:

Error: (02/27/2017 07:45:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-4FS135R)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/27/2017 07:18:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files (x86)\ubisoft\ubisoft game launcher\cache\patch\4810\Uplay.exe".
Dependent Assembly XAudio2_7.X,processorArchitecture="X86",type="Win32",version="9.29.1962.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/27/2017 07:05:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 56.0.2924.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 997c

Start Time: 01d2915e5a361adf

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: e30a006a-fd51-11e6-a5b4-305a3a7c1420

Faulting package full name:

Faulting package-relative application ID:

Error: (02/27/2017 07:04:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 56.0.2924.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 937c

Start Time: 01d2915ea49e7224

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: e6b53caa-fd51-11e6-a5b4-305a3a7c1420

Faulting package full name:

Faulting package-relative application ID:

Error: (02/26/2017 03:24:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-4FS135R)
Description: Activation of app Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/22/2017 05:57:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

System errors:
=============
Error: (02/28/2017 06:26:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee Home Network service hung on starting.

Error: (02/28/2017 06:21:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/28/2017 06:19:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/28/2017 06:03:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/28/2017 05:53:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/28/2017 12:31:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/27/2017 10:06:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/27/2017 10:06:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/27/2017 10:01:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/27/2017 08:17:13 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-4FS135R)
Description: The server App did not register with DCOM within the required timeout.

CodeIntegrity:
===================================
Date: 2017-02-28 18:00:46.038
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-28 18:00:13.504
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-27 18:52:14.611
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-27 18:51:50.341
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-27 18:51:35.706
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-19 15:32:28.125
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-01-25 20:30:37.822
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-01-25 20:29:10.583
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-01-25 19:53:09.208
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
Percentage of memory in use: 27%
Total physical RAM: 8109.52 MB
Available physical RAM: 5844.61 MB
Total Virtual: 9389.52 MB
Available Virtual: 7157.03 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.02 GB) (Free:669.09 GB) NTFS
Drive f: (Jan 18 2017) (CDROM) (Total:4.38 GB) (Free:4.23 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C49EAF1E)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

March 1, 2017

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2017 01
Ran by Owner (administrator) on DESKTOP-4FS135R (28-02-2017 18:25:23)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & krist)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.SmartMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.7909.7600.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7920.40507.0_x64__8wekyb3d8bbwe\HxTsr.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8521968 2015-08-06] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239672 2017-02-27] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1178400 2015-07-10] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-644720202-386382277-852305080-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-644720202-386382277-852305080-1001\...\MountPoints2: {1affd6cb-e737-11e6-a5b1-305a3a7c1420} - "D:\VZW_Software_upgrade_assistant.exe"
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Owner\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Owner\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Owner\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Owner\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Owner\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Owner\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{18446095-7576-11e6-9b2f-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9853df5e-e033-40ad-9b01-8417b126caaa}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{9853df5e-e033-40ad-9b01-8417b126caaa}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{c08aeb4c-c284-4287-bd40-ebb810d3701b}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-644720202-386382277-852305080-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-644720202-386382277-852305080-1001 -> DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.ca/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_ca_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_ff1c97cb_1201_1401_20160502_CA_ie_ds_&tag=bds-p10-serp-ca-ie-20&query={searchTerms}
SearchScopes: HKU\S-1-5-21-644720202-386382277-852305080-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.ca/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_ca_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_ff1c97cb_1201_1401_20160502_CA_ie_ds_&tag=bds-p10-serp-ca-ie-20&query={searchTerms}
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-07] (Intel Security)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-18] (Oracle Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-18] (Oracle Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-07] (Intel Security)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-02-10] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-02-10] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: 4fvnax9c.default
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4fvnax9c.default [2017-02-28]
FF NewTab: Mozilla\Firefox\Profiles\4fvnax9c.default -> hxxps://www.amazon.ca/gp/bit/amazonserp/ref=bit_bds-p10_serp_ff_ca_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_ff1c97cb_1201_1401_20160502_CA_ff_nt_
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\4fvnax9c.default -> Amazon
FF Homepage: Mozilla\Firefox\Profiles\4fvnax9c.default -> hxxps://www.amazon.ca/gp/bit/amazonserp/ref=bit_bds-p10_serp_ff_ca_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_ff1c97cb_1201_1401_20160502_CA_ff_sp_
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4fvnax9c.default\features\{3fc2c517-afe0-4f9d-ba27-899157568517}\disableSHA1rollout@mozilla.org.xpi [2017-02-24]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-28]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-16] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-02-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-18] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-02-10] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> amazon.ca/gp/bit/amazonserp/?ie=UTF8__PARAM__
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2017-02-28]
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-18]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-18]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-18]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-18]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-18]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-18]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-02-27]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (AdBlock) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-24]
CHR Extension: (Skype) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-02-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2016-10-17]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-02]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\System Profile [2016-01-18]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-644720202-386382277-852305080-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lcfkhollddheikkajijpaceofefckjii] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-644720202-386382277-852305080-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1257384 2017-02-27] (AVG Technologies CZ, s.r.o.)
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1747800 2017-02-16] (Intel Security)
U2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-01-09] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-23] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\\McCSPServiceHost.exe [2054080 2017-02-03] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1342904 2017-02-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-12] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2016-12-12] (NVIDIA Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996824 2017-02-06] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-02-06] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-02-06] (McAfee, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5906704 2017-02-21] (AVG Technologies CZ, s.r.o.)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2017-01-25] ()
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-01-25] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2017-02-04] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-04] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-02-28] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2016-11-18] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-12-12] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-01-09] (AVG Netherlands B.V.)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2016-07-16] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [26200 2016-06-15] (SplitmediaLabs Limited)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-28 18:25 - 2017-02-28 18:25 - 00025137 _____ C:\Users\Owner\Desktop\FRST.txt
2017-02-28 18:13 - 2017-02-28 18:25 - 00000000 ____D C:\FRST
2017-02-28 18:13 - 2017-02-28 18:13 - 02423296 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2017-02-27 19:19 - 2017-02-27 19:19 - 00002117 _____ C:\Users\Public\Desktop\McAfee® AntiVirus Plus.lnk
2017-02-27 19:19 - 2017-02-27 19:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-02-27 19:18 - 2016-08-02 01:03 - 00216704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2017-02-27 19:16 - 2017-02-27 19:16 - 00003142 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-02-27 19:16 - 2017-02-27 19:16 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-02-27 19:16 - 2017-02-27 19:16 - 00000000 ____D C:\ProgramData\Intel Security
2017-02-27 19:15 - 2017-02-27 19:20 - 00000000 ____D C:\Program Files\McAfee
2017-02-27 19:15 - 2017-02-27 19:15 - 00000000 ____D C:\Program Files\McAfee.com
2017-02-27 19:14 - 2017-02-27 19:14 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2017-02-27 18:58 - 2016-11-14 17:41 - 00342768 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2017-02-27 18:56 - 2017-02-27 18:57 - 35961640 _____ (McAfee, Inc.) C:\Users\Owner\Downloads\CSISSetup.exe
2017-02-27 18:37 - 2017-02-27 18:51 - 00000000 ____D C:\ProgramData\3a32b349-72a1-1
2017-02-27 18:37 - 2017-02-27 18:50 - 00000000 ____D C:\ProgramData\3a32b349-7445-0
2017-02-27 18:31 - 2017-02-27 21:42 - 00000000 ____D C:\ProgramData\{4F005314-F8AB-E4BF-EA8F-F1475040674C}
2017-02-27 18:31 - 2017-02-27 18:32 - 00000000 ____D C:\ProgramData\3a32b349-34a5-0
2017-02-27 18:31 - 2017-02-27 18:31 - 00003972 _____ C:\WINDOWS\System32\Tasks\{9E85448E-292E-F325-CBB2-DA7E685917ED}
2017-02-23 16:31 - 2017-02-23 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-02-20 21:09 - 2017-02-28 18:12 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2017-02-14 16:51 - 2017-02-14 16:51 - 00000000 ____D C:\Users\Default\AppData\Local\AVG
2017-02-14 16:51 - 2017-02-14 16:51 - 00000000 ____D C:\Users\Default User\AppData\Local\AVG
2017-02-10 14:53 - 2017-02-27 20:01 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\uTorrent
2017-02-10 09:38 - 2017-02-10 09:38 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\22800088.sys
2017-02-08 15:16 - 2017-02-08 15:16 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-08 15:16 - 2016-12-29 06:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-08 15:16 - 2016-09-09 12:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-08 15:16 - 2016-09-09 12:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-08 15:16 - 2016-09-09 12:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-08 15:16 - 2016-09-09 12:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-01-30 22:38 - 2017-01-30 22:38 - 00002904 _____ C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-28 18:24 - 2016-01-19 14:26 - 00000000 ____D C:\Program Files (x86)\Image-Line
2017-02-28 18:23 - 2016-09-07 20:44 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-28 18:23 - 2016-05-17 10:11 - 00000000 ____D C:\Users\Owner\Desktop\my stuff
2017-02-28 18:22 - 2016-01-23 13:44 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-28 18:21 - 2017-01-25 19:52 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-28 18:21 - 2017-01-25 19:51 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-02-28 18:20 - 2016-09-07 20:57 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-28 18:20 - 2016-05-02 13:27 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-28 18:19 - 2016-12-16 01:22 - 00005943 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-02-28 18:19 - 2016-07-16 00:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-28 18:16 - 2016-01-19 14:30 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2017-02-28 18:16 - 2016-01-19 14:30 - 00000000 ____D C:\Program Files\Image-Line
2017-02-28 18:15 - 2016-01-19 14:31 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2017-02-28 17:53 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-27 22:16 - 2016-05-02 13:18 - 00000000 ____D C:\ProgramData\McAfee
2017-02-27 22:08 - 2016-05-05 20:07 - 00000000 ____D C:\Users\Owner\AppData\Local\Battle.net
2017-02-27 22:07 - 2016-05-05 20:06 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-02-27 21:42 - 2016-03-16 17:30 - 00000000 ____D C:\ProgramData\287b118d
2017-02-27 21:26 - 2016-09-07 20:42 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-27 20:14 - 2016-09-07 20:47 - 00000000 ____D C:\Users\Owner
2017-02-27 20:09 - 2016-05-02 13:18 - 00000000 ____D C:\Program Files\TrueKey
2017-02-27 19:23 - 2017-01-20 18:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-27 19:23 - 2016-02-20 12:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-27 19:19 - 2016-07-16 00:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-27 19:17 - 2016-05-02 13:27 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-02-27 19:16 - 2016-07-16 05:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-02-27 18:31 - 2016-09-07 20:57 - 00003882 _____ C:\WINDOWS\System32\Tasks\{F0C799A2-4156-0ACD-49B3-323A296C6C6D}
2017-02-27 00:31 - 2016-05-05 21:07 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-02-26 23:19 - 2016-11-07 23:25 - 00000000 ____D C:\Program Files (x86)\Overwatch Test
2017-02-26 14:21 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-25 13:25 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-23 16:31 - 2017-01-25 19:52 - 00000955 _____ C:\Users\Public\Desktop\AVG.lnk
2017-02-23 16:29 - 2016-05-02 13:18 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-22 18:00 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 17:59 - 2016-01-18 14:07 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-22 17:57 - 2016-01-18 14:07 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-21 14:57 - 2016-01-18 17:40 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2017-02-21 09:29 - 2017-01-25 20:25 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
2017-02-16 20:19 - 2017-01-25 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2017-02-16 16:53 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-16 16:53 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-08 15:16 - 2016-09-07 20:43 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-08 15:16 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-08 15:16 - 2016-01-18 13:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-06 13:48 - 2017-01-11 16:11 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 13:48 - 2017-01-11 16:11 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-04 10:35 - 2016-01-24 17:16 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-04 10:35 - 2016-01-24 17:16 - 00000000 ____D C:\ProgramData\Skype
2017-02-04 10:24 - 2017-01-25 19:52 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-04 10:24 - 2017-01-25 19:52 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-02 16:34 - 2016-09-07 20:47 - 00000000 ____D C:\Users\krist
2017-02-02 15:32 - 2016-01-18 17:48 - 00002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-01 16:45 - 2016-04-24 13:41 - 00002083 _____ C:\Users\Owner\Desktop\PopcornTime.lnk

==================== Files in the root of some directories =======

2016-01-22 18:50 - 2016-01-22 18:50 - 0000110 _____ () C:\Users\Owner\AppData\Local\dottmpfile.txt
2016-01-22 19:59 - 2016-01-22 19:59 - 0000017 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
2016-09-07 20:43 - 2016-09-07 20:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-16 01:22 - 2017-02-28 18:20 - 0002938 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-16 01:22 - 2017-02-28 18:19 - 0005943 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Some files in TEMP:
====================
2017-02-27 19:14 - 2017-02-10 10:30 - 1027864 _____ (McAfee, Inc.) C:\Users\Owner\AppData\Local\Temp\0270651488244457mcinst.exe
2017-01-18 23:43 - 2017-01-18 23:43 - 0739904 _____ (Oracle Corporation) C:\Users\Owner\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-02-03 22:06 - 2017-02-03 22:06 - 0244264 _____ (McAfee, Inc.) C:\Users\Owner\AppData\Local\Temp\McCSPInstall.dll
2016-09-03 17:25 - 2016-08-25 14:53 - 0745904 _____ (NVIDIA Corporation) C:\Users\Owner\AppData\Local\Temp\nvSCPAPI.dll
2016-09-03 17:25 - 2016-09-16 16:36 - 0860960 _____ (NVIDIA Corporation) C:\Users\Owner\AppData\Local\Temp\nvSCPAPI64.dll
2016-09-23 08:51 - 2016-09-16 16:36 - 0346680 _____ (NVIDIA Corporation) C:\Users\Owner\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-26 20:58

==================== End of FRST.txt ============================

February 28, 2017

Thanks I will post the logs later today when I am at that PC.

February 28, 2017

I am new to this. What exactly will this do? I understand that it will create 2 .txt files but I am confused to where I will find them. Thanks!

February 28, 2017

My Malwarebytes software scan my computer and finds a few TrojanDNSChanger threats. When I attempt to quarantine them, Malwarebytes sits on "quarantining threats 0 of 15" all night. I tried removing it 3 times now but Malwarebytes seems to freeze whenever I make an attempt. It is extremely annoying adware that I want gone so I have more disk space. Please help.

Sign In

joshfranco

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Posts posted by joshfranco

TrojanDNS.Changer is unable to be removed

TrojanDNS.Changer is unable to be removed

TrojanDNS.Changer is unable to be removed

TrojanDNS.Changer is unable to be removed

TrojanDNS.Changer is unable to be removed

TrojanDNS.Changer is unable to be removed

TrojanDNS.Changer is unable to be removed

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information