Jump to content

Search the Community

Showing results for tags 'dnsunlocker'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 11 results

  1. So i have a dns trojan that keeps coming back before i quarantine and remove them again what can i do. thx. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 3/12/2017 Scan Time: 8:34 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2017.03.12.08 Rootkit Database: v2017.03.11.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: Matthew Scan Type: Threat Scan Result: Completed Objects Scanned: 403117 Time Elapsed: 11 min, 8 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 Adware.Agent.Generic, C:\ProgramData\{8996A20F-3E3D-15A4-7753-5E77D64D8D0C}\C5348AEC-729F-3D47-890E-43103692C699.exe, 11968, , [50d84089466283b3bb1093d5ae52d12f] Modules: 0 (No malicious items detected) Registry Keys: 3 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, , [64c43e8bffa9d0660c4aedf1966d29d7], PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, , [9593d1f8aefad26491c521bd6a99e719], PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{82958181}, , [86a2a6230c9c7eb8b6a2e1fd0300bb45], Registry Values: 4 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{82958181}|1, 1489363697, , [86a2a6230c9c7eb8b6a2e1fd0300bb45] Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{0b3fda46-98a1-4a12-b173-31952fbcb724}|NameServer, 82.163.143.176 82.163.142.178, , [b8709f2a46621f17a2a924ba0bf8ca36] Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{1d618a3d-4b0e-45af-8d98-4030b890fa18}|NameServer, 82.163.143.176 82.163.142.178, , [9791f2d7f2b63006bc8f2ab4cb388c74] Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{3f936b53-ab15-4cd4-85be-f849788de36b}|NameServer, 82.163.143.176 82.163.142.178, , [5ace04c5486055e10e3d26b8af54e11f] Registry Data: 1 Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, 82.163.143.176 82.163.142.178, Good: (8.8.8.8), Bad: (82.163.143.176 82.163.142.178),,[bc6c29a0e1c7aa8c0523250b45bf1ce4] Folders: 5 Adware.Agent.Generic, C:\ProgramData\{8996A20F-3E3D-15A4-7753-5E77D64D8D0C}, , [50d84089466283b3bb1093d5ae52d12f], Rogue.Agent.D.Generic, C:\ProgramData\82958181, , [a97f16b34d5b57dfd5c5766e05fbc739], PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\6fc278e9-4575-1, , [161204c5a9ffc1759256c2281de56799], PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\6fc278e9-5051-0, , [a2869d2cf9af62d434b419d1b84ab54b], PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\6fc278e9-7e91-0, , [bf690cbd66428ea82abeb931eb1739c7], Files: 2 Adware.Elex, C:\ProgramData\82958181\8ee79d0b.dll, , [bd6bcdfcf8b00c2a9e922bd9d13018e8], Adware.Agent.Generic, C:\ProgramData\{8996A20F-3E3D-15A4-7753-5E77D64D8D0C}\C5348AEC-729F-3D47-890E-43103692C699.exe, , [50d84089466283b3bb1093d5ae52d12f], Physical Sectors: 0 (No malicious items detected) (end)
  2. Download Source: http://www.sordum.org/7952/dns-jumper-v2-1/ Imgur Link: Software: Windows 10 AU Malwarebytes PRO Norton Internet Security May I check with other users as to whether this program is being falsely identified as a PUP? There's been no other reports of the issue. I've recently started using DNS Jumper again to rapidly switch between various DNS servers as opposed to command prompt / restarting. I don't recall trying any new software in the past 72 hours. However I've just gotten this message overnight that it's being viewed by Malwarebytes as a PUP and it needs to be quarantined / removed. It's found in the scheduled task because I've checked the box asking it be started with Windows as I login (i.e. expected behaviour). There's been no unusual DNS changes / redirecting during the past 24 hours that I've used it and I was wondering if this software has been mistakenly flagged or should I be looking harder for something else instead. log.txt
  3. What is VidsquarE? The Malwarebytes research team has determined that VidsquarE is adware. These adware applications display advertisements not originating from the sites you are browsing. This one uses a DNS hijack to accomplish that and belongs to the DNS Unlocker family. How do I know if my computer is affected by VidsquarE? You may see these entries in your list of installed programs: and this type of scheduled tasks: and you may have seen this warning during install: How did VidsquarE get on my computer? Adware applications use different methods for distributing themselves. This particular one was bundled with other software. How do I remove VidsquarE? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of VidsquarE? No, Malwarebytes removes VidsquarE completely. This adware creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this adware. As you can see below the full version of Malwarebytes would have protected you against the VidsquarE adware. It would have warned you before the adware could install itself, giving you a chance to stop it before it became too late. The web protection module also blocks some of the connections the installer tries to make: Technical details for experts Possible signs in FRST logs: () C:\Program Files (x86)\GTFHAUGHTON Updater\GTFHAUGHTON Updater.exe (dffdff) C:\Program Files (x86)\GTFHAUGHTON\gtfhaughton.exe Tcpip\..\Interfaces\{EDB0D6D8-B1F7-496F-A023-44DF7155F1CD}: [NameServer] 82.163.143.174,82.163.142.176 R2 GTFHAUGHTON Updater; C:\Program Files (x86)\GTFHAUGHTON Updater\GTFHAUGHTON Updater.exe [313344 2016-11-29] () [File not signed] <==== ATTENTION C:\Windows\System32\Tasks\GTFHAUGHTON C:\Program Files (x86)\GTFHAUGHTON Updater C:\Program Files (x86)\GTFHAUGHTON GTFHAUGHTON Updater version 1.2.0.4 (HKLM-x32\...\GTFHAUGHTON Updater_is1) (Version: 1.2.0.4 - ) VidsqaurE (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.4 - ) Task: {10C0F82F-64F5-4051-9161-5D63A156EE94} - System32\Tasks\GTFHAUGHTON => gtfhaughton.exe Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\GTFHAUGHTON Adds the file config.ini"="11/29/2016 9:23 AM, 484 bytes, A Adds the file GTFHAUGHTON.cer"="11/29/2016 9:23 AM, 1021 bytes, A Adds the file gtfhaughton.exe"="11/29/2016 9:23 AM, 650240 bytes, A Adds the file Info.rtf"="11/29/2016 9:23 AM, 1653 bytes, A Adds the file License.rtf"="11/29/2016 9:23 AM, 21115 bytes, A Adds the file settings.ini"="1/16/2017 8:44 AM, 73 bytes, A Adds the file unins000.dat"="1/16/2017 8:44 AM, 36580 bytes, A Adds the file unins000.exe"="1/16/2017 8:44 AM, 719521 bytes, A Adds the file UnInstall.exe"="11/29/2016 9:23 AM, 78336 bytes, A Adds the folder C:\Program Files (x86)\GTFHAUGHTON Updater Adds the file cfg.ini"="1/16/2017 8:44 AM, 324 bytes, A Adds the file GTFHAUGHTON Updater.exe"="11/29/2016 9:23 AM, 313344 bytes, A Adds the file unins000.dat"="1/16/2017 8:44 AM, 25614 bytes, A Adds the file unins000.exe"="1/16/2017 8:44 AM, 719521 bytes, A Adds the file updateStatus.ini"="1/16/2017 8:44 AM, 0 bytes, A Adds the folder C:\Program Files (x86)\GTFHAUGHTON Updater\temp Adds the file response.ini"="1/16/2017 8:44 AM, 238 bytes, A Adds the file update.ini"="1/16/2017 8:44 AM, 335 bytes, A Adds the folder C:\Program Files (x86)\GTFHAUGHTON Updater\update In the existing folder C:\Windows\System32\Tasks Adds the file GTFHAUGHTON"="1/16/2017 8:44 AM, 21538 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\5da059a482fd494db3f252126fbc3d5b] "DP"="REG_SZ", "57" "FX"="REG_SZ", "1" "install"="REG_SZ", "1" "SDP1"="REG_SZ", "00001" "SDP2"="REG_SZ", "00001" "status"="REG_SZ", "1" "UID"="REG_SZ", "000ae0824038458fa478469e5a615cb5" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E] "Blob"="REG_BINARY, ................ ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\5da059a482fd494db3f252126fbc3d5b] "DP"="REG_SZ", "57" "FX"="REG_SZ", "1" "install"="REG_SZ", "1" "SDP1"="REG_SZ", "00001" "SDP2"="REG_SZ", "00001" "UID"="REG_SZ", "000ae0824038458fa478469e5a615cb5" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GTFHAUGHTON Updater] "LastUpdateTimeMSec"="REG_DWORD", -685138016 "Version"="REG_SZ", "1.2.0.4" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1] "DisplayName"="REG_SZ", "VidsqaurE" "DisplayVersion"="REG_SZ", "1.4" "EstimatedSize"="REG_DWORD", 2137 "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\GTFHAUGHTON" "Inno Setup: Icon Group"="REG_SZ", "GTFHAUGHTON" "Inno Setup: Language"="REG_SZ", "english" "Inno Setup: Setup Version"="REG_SZ", "5.5.5 (a)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20160715" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\GTFHAUGHTON\" "MajorVersion"="REG_DWORD", 1 "MinorVersion"="REG_DWORD", 4 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\GTFHAUGHTON\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\GTFHAUGHTON\unins000.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GTFHAUGHTON Updater_is1] "DisplayName"="REG_SZ", "GTFHAUGHTON Updater version 1.2.0.4" "DisplayVersion"="REG_SZ", "1.2.0.4" "EstimatedSize"="REG_DWORD", 997 "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\GTFHAUGHTON Updater" "Inno Setup: Icon Group"="REG_SZ", "GTFHAUGHTON Updater" "Inno Setup: Language"="REG_SZ", "default" "Inno Setup: Setup Version"="REG_SZ", "5.5.5 (a)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20170116" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\GTFHAUGHTON Updater\" "MajorVersion"="REG_DWORD", 1 "MinorVersion"="REG_DWORD", 2 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\GTFHAUGHTON Updater\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\GTFHAUGHTON Updater\unins000.exe"" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\GTFHAUGHTON Updater] "DisplayName"="REG_SZ", "GTFHAUGHTON Updater" "ErrorControl"="REG_DWORD", 1 "ImagePath"="REG_EXPAND_SZ, "C:\Program Files (x86)\GTFHAUGHTON Updater\GTFHAUGHTON Updater.exe" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16 "WOW64"="REG_DWORD", 1 Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/16/17 Scan Time: 8:53 AM Logfile: mbamVidsquare.txt Administrator: Yes -Software Information- Version: 3.0.5.1299 Components Version: 1.0.43 Update Package Version: 1.0.1023 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 355795 Time Elapsed: 7 min, 43 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 2 Adware.CloudGuard, C:\PROGRAM FILES (X86)\GTFHAUGHTON\GTFHAUGHTON.EXE, Quarantined, [648], [354242],1.0.1023 Adware.VidSquare.BrwsrFlsh, C:\Program Files (x86)\GTFHAUGHTON Updater\GTFHAUGHTON Updater.exe, Quarantined, [3051], [361181],1.0.1023 Module: 2 Adware.CloudGuard, C:\PROGRAM FILES (X86)\GTFHAUGHTON\GTFHAUGHTON.EXE, Quarantined, [648], [354242],1.0.1023 Adware.VidSquare.BrwsrFlsh, C:\Program Files (x86)\GTFHAUGHTON Updater\GTFHAUGHTON Updater.exe, Quarantined, [3051], [361181],1.0.1023 Registry Key: 10 Adware.VidSquare.BrwsrFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E1527582-8509-4011-B922-29E3FB548882}_is1, Delete-on-Reboot, [3051], [361184],1.0.1023 Adware.VidSquare.BrwsrFlsh, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GTFHAUGHTON Updater, Delete-on-Reboot, [3051], [361181],1.0.1023 Adware.VidSquare.BrwsrFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GTFHAUGHTON Updater_is1, Delete-on-Reboot, [3051], [361181],1.0.1023 Adware.VidSquare.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{10C0F82F-64F5-4051-9161-5D63A156EE94}, Delete-on-Reboot, [3051], [361180],1.0.1023 Adware.VidSquare.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GTFHAUGHTON, Delete-on-Reboot, [3051], [361177],1.0.1023 PUP.Optional.CloudScout, HKLM\SOFTWARE\WOW6432NODE\5da059a482fd494db3f252126fbc3d5b, Delete-on-Reboot, [12029], [246387],1.0.1023 Adware.VidSquare.BrwsrFlsh, HKLM\SOFTWARE\WOW6432NODE\GTFHAUGHTON Updater, Delete-on-Reboot, [3051], [361201],1.0.1023 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Delete-on-Reboot, [45], [260247],1.0.1023 PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, Delete-on-Reboot, [12029], [246387],1.0.1023 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Delete-on-Reboot, [45], [260247],1.0.1023 Registry Value: 7 Adware.VidSquare.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{10C0F82F-64F5-4051-9161-5D63A156EE94}|PATH, Delete-on-Reboot, [3051], [361180],1.0.1023 Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EDB0D6D8-B1F7-496F-A023-44DF7155F1CD}|NameServer, Delete-on-Reboot, [17907], [260227],1.0.1023 Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Replace-on-Reboot, [17907], [-1],0.0.0 Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Replace-on-Reboot, [17907], [-1],0.0.0 Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{EDB0D6D8-B1F7-496F-A023-44DF7155F1CD}|NameServer, Replace-on-Reboot, [17907], [-1],0.0.0 Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{EDB0D6D8-B1F7-496F-A023-44DF7155F1CD}|DhcpNameServer, Replace-on-Reboot, [17907], [-1],0.0.0 Adware.VidSquare.BrwsrFlsh, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GTFHAUGHTON Updater|IMAGEPATH, Delete-on-Reboot, [3051], [361179],1.0.1023 Data Stream: 0 (No malicious items detected) Folder: 4 Adware.VidSquare.BrwsrFlsh, C:\PROGRAM FILES (X86)\GTFHAUGHTON, Delete-on-Reboot, [3051], [361184],1.0.1023 Adware.VidSquare.BrwsrFlsh, C:\Program Files (x86)\GTFHAUGHTON Updater\update, Delete-on-Reboot, [3051], [361181],1.0.1023 Adware.VidSquare.BrwsrFlsh, C:\Program Files (x86)\GTFHAUGHTON Updater\temp, Delete-on-Reboot, [3051], [361181],1.0.1023 Adware.VidSquare.BrwsrFlsh, C:\PROGRAM FILES (X86)\GTFHAUGHTON UPDATER, Delete-on-Reboot, [3051], [361181],1.0.1023 File: 18 Adware.CloudGuard, C:\PROGRAM FILES (X86)\GTFHAUGHTON\GTFHAUGHTON.EXE, Delete-on-Reboot, [648], [354242],1.0.1023 Adware.DNSUnlocker, C:\USERS\{username}\DESKTOP\SETUP.EXE, Delete-on-Reboot, [2298], [356407],1.0.1023 Adware.VidSquare.BrwsrFlsh, C:\PROGRAM FILES (X86)\GTFHAUGHTON\LICENSE.RTF, Delete-on-Reboot, [3051], [361184],1.0.1023 Adware.VidSquare.BrwsrFlsh, C:\Program Files (x86)\GTFHAUGHTON\config.ini, Delete-on-Reboot, [3051], [361184],1.0.1023 Adware.VidSquare.BrwsrFlsh, C:\Program Files (x86)\GTFHAUGHTON\GTFHAUGHTON.cer, Delete-on-Reboot, [3051], [361184],1.0.1023 Adware.VidSquare.BrwsrFlsh, C:\Program Files (x86)\GTFHAUGHTON\Info.rtf, Delete-on-Reboot, [3051], [361184],1.0.1023 Adware.VidSquare.BrwsrFlsh, C:\Program Files (x86)\GTFHAUGHTON\settings.ini, Delete-on-Reboot, [3051], [361184],1.0.1023 Adware.VidSquare.BrwsrFlsh, C:\Program Files (x86)\GTFHAUGHTON\unins000.dat, Delete-on-Reboot, [3051], [361184],1.0.1023 Adware.VidSquare.BrwsrFlsh, C:\Program Files (x86)\GTFHAUGHTON\unins000.exe, Delete-on-Reboot, [3051], [361184],1.0.1023 Adware.VidSquare.BrwsrFlsh, C:\Program Files (x86)\GTFHAUGHTON\UnInstall.exe, Delete-on-Reboot, [3051], [361184],1.0.1023 Adware.VidSquare.BrwsrFlsh, C:\PROGRAM FILES (X86)\GTFHAUGHTON UPDATER\UNINS000.DAT, Delete-on-Reboot, [3051], [361181],1.0.1023 Adware.VidSquare.BrwsrFlsh, C:\Program Files (x86)\GTFHAUGHTON Updater\temp\response.ini, Delete-on-Reboot, [3051], [361181],1.0.1023 Adware.VidSquare.BrwsrFlsh, C:\Program Files (x86)\GTFHAUGHTON Updater\temp\update.ini, Delete-on-Reboot, [3051], [361181],1.0.1023 Adware.VidSquare.BrwsrFlsh, C:\Program Files (x86)\GTFHAUGHTON Updater\cfg.ini, Delete-on-Reboot, [3051], [361181],1.0.1023 Adware.VidSquare.BrwsrFlsh, C:\Program Files (x86)\GTFHAUGHTON Updater\GTFHAUGHTON Updater.exe, Delete-on-Reboot, [3051], [361181],1.0.1023 Adware.VidSquare.BrwsrFlsh, C:\Program Files (x86)\GTFHAUGHTON Updater\unins000.exe, Delete-on-Reboot, [3051], [361181],1.0.1023 Adware.VidSquare.BrwsrFlsh, C:\Program Files (x86)\GTFHAUGHTON Updater\updateStatus.ini, Delete-on-Reboot, [3051], [361181],1.0.1023 Adware.VidSquare.BrwsrFlsh, C:\WINDOWS\SYSTEM32\TASKS\GTFHAUGHTON, Delete-on-Reboot, [3051], [361175],1.0.1023 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  4. Okay so I have been trying to get rid of this NASTY guy with NO luck. This is crazy. I reinstalleed WINDOWS have downloaded several different checkers (AVast, Bitdefender, Malwarebytes). Once I install them they find it and delete them, but then find out later it renamed itself to an identical Windows file and camouflaged itself I guess. What the hell do I do? Now it looks like my other laptop could have something too....could this booger have 'jumped' to my other laptop? PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! derek
  5. Hi everyone, I hope you had a good day. All of my devices recently had infected to a stubborn adware that labels its ads to "Ads by DNSUnlocker". I tried using lots and lots of malware detection softwares and sites, including MalwareBytes, with no success! I tried reinstalling my browser (Opera) plus deleting all the data from AppData and nothing solved. When I go to the extensions part, it says no extensions are installed on my browser. When I go to "Programs and Features" part in Control Panel, I see no suspicious, new program there. Also this adware had infected all the devices in my network! I tried hard reseting the router, with no success. I tried Norton's secure dns on all my devices, with no success. I attached a screenshot of the adware (Special Offers part on the right side of the page) under this topic. The OS I use is Windows 7 Ultimate x86 and the browser I use is Opera 31. Thanks for reading this, Alirezatm.
  6. A few days ago i experienced some sort of adware whil browsing using chrom. I ran Malewarebytes Anti-Maleware and it found some files which i then removed. The problem seem to be solved. Today while using Steam, Malewarebytes started to block some sites, while some new Steam windows opend with ads (with the "powered by dnsunlocker" line) as well as some suspicious "JavaScript Confirm" window. The Task Manager revealed that three instances of "SteamWebHelper.exe" were running. As i tried to terminate those proccesses the "JavaScript Confirm" window dissapeared only to reappear along with the proccesses. I once again ran both Malewarebytes Anti-Maleware and Avast Free Antivirus Scan but nothing was found although i am sure i am still infected in some way. Any help would be appreciated. As a side question, if i were to update to Windows 10 is it possible that Viruses are carried over or does it have the same effect as completly reinstalling the OS? Addition.txt FRST.txt
  7. I recently found that DNSUnlocker was on my computer. I uninstalled it, and soon started having issues where I would be redirected to unwanted web pages from normal pages in Chrome. I installed the trial version of Malwarebytes and did a scan, and it found 2 malware files and a bunch of PUP files, which I then deleted using the tool. I also ran HitmanPro and Adware Cleaner, which also both found files that I deleted. Now Chrome appears to be working normally, but the instant I open up the "store" page from Steam, Malwarebytes informs me that it has blocked the domain "m77.dnsqa.me". Earlier, when this happened I was redirected to a dell support page where I was told to call a certain number for help because my information was being stolen, but we determined that this was a scam. Basically, for some reason it keeps trying to redirect me to this domain from inside the Steam application (going to the Steam store online doesn't bring up the problem), and nowhere else. I believe that DNSUnlocker hasn't been completely removed, and I need help getting rid of it for good. I have tried uninstalling Steam, but that hasn't fixed it. None of the scans come up with anything at this point. I believe some people have had this problem resolved using the Farbar Recovery Scan Tool, it just looks like I need a specific "fix" file that only someone here can give me, because they are user-specific. This person had a similar problem: https://forums.malwarebytes.org/topic/179404-struggling-with-dnsunlocker/#comment-1022700 I downloaded the tool and did a scan, here are the two resulting files, if anyone is able to help: FRST.txt Addition.txt
  8. Hi, A while back I was getting CloudScout pop-ups and ads in Chrome (no other browser). I did everything I could to remove them, even posting on BleepingComputer, but I just gave up in the end because they were intermittent and eventually disappeared entirely on their own. Now I have the same pop-ups and ads but this time they're marked "Ads by DNSUnlocker". My brother's computer gets the ads at exactly the same time as I do, every time. We're on the same network. Sometimes using Chrome's reset settings feature removes the ads for a few days, but sometimes it does nothing. I've run a fully updated Malwarebytes several times and it has found nothing. Your DNSUnlocker Removal Guide, as with every single other guide on the internet, is completely pointless and just annoying. I have never once seen any virus actually show up as an installed program. That just never happens, which is why I get annoyed at all of those copy-cat, nonsense guides that say to look for the virus in Programs and Features or Task Manager. Our internet setup is a bit unusual because of where we live. We have satellite internet, but it's too delayed (600ms to 2s of ping) for online gaming, so my brother and I have our own separate internet connection using a Samsung Galaxy S3 with a patch lead going to an external antenna. We enable the portable hotspot on the phone and connect that way. It's possible the phone is infected, but I don't know how to find out on Android. Maybe it could be the router - I guess I can test that by not bridging my network at all today (and therefore relying on the separate wifi network from the phone) and seeing if the ads appear. Whatever happens, I can't reinstall Windows. Not until I go to Windows 10, anyway. I have hundreds of programs installed and set up and it would take weeks to get it all back up and running again. Reinstalling Windows is always a nightmare. The following are the FRST logs. In the logs there are a few programs that I know seem suspicious; SoundSwitch, XboxStat, ClipX, Win7 Taskbar Tweaker, DisplayFusion and the shell extension that allows me to remove the shortcut arrows on some symbolic links are all genuine programs - but I can't vouch that they are virus-free. I used to use Acronis TrueImage 2014, but I will admit I illegally pirated it. I no longer use it and it's now removed, but it still has traces on the computer so it's possible it was the cause of the virus because it was pirated. I paid (quite a lot!) for a much better (and not illegal) backup solution (Bvckup 2). At the time of making the logs my network connection was bridged in such a way as to allow me to connect to the 3G internet but still access our home network and 20TB NAS for file sharing. Well, great. The ads have all disappeared. That's annoying. I wish they'd just be consistent. Oh well, here's the FRST logs anyway (hmm, was told the post was too long to post, so Addition.txt is now attached): Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-09-2015 Ran by David (administrator) on HAROLD (06-09-2015 12:36:56) Running from C:\Users\David\Desktop Loaded Profiles: David (Available Profiles: David) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (RaMMicHaeL) C:\Users\David\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe (Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe () C:\Program Files (x86)\ClipX\clipx.exe (Codeusa Software) C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe (Pipemetrics SA) C:\Program Files\Bvckup 2\bvckup2.exe (Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe (Jeroen Pelgrims) C:\Users\David\AppData\Local\Apps\2.0\4G2TEA0W.YEX\HJK8QHO4.E2X\soun..tion_0000000000000000_0002.0004_f839aedc2aa2d7a7\SoundSwitch.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe () C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe () C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel® Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [samsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281312 2014-05-19] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805888 2014-08-19] (Acronis) HKLM-x32\...\Run: [Corsair Headset Software] => C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe [3167544 2014-02-12] (Corsair Components, Inc.) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation) HKLM-x32\...\Run: [ClipX] => C:\Program Files (x86)\ClipX\clipx.exe [68608 2005-12-01] () HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-715575704-4020683070-549173419-1000\...\Run: [7 Taskbar Tweaker] => C:\Users\David\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [382976 2015-04-08] (RaMMicHaeL) HKU\S-1-5-21-715575704-4020683070-549173419-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [6886752 2015-01-07] (Binary Fortress Software) HKU\S-1-5-21-715575704-4020683070-549173419-1000\...\Run: [spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-31] (Spotify Ltd) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] () ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) ShellIconOverlayIdentifiers: [iconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) ShellIconOverlayIdentifiers: [iconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) ShellIconOverlayIdentifiers-x32: [iconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) ShellIconOverlayIdentifiers-x32: [iconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Borderless Gaming.lnk [2015-08-01] ShortcutTarget: Borderless Gaming.lnk -> C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe (Codeusa Software) Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bvckup2.lnk [2015-07-12] ShortcutTarget: Bvckup2.lnk -> C:\Program Files\Bvckup 2\bvckup2.exe (Pipemetrics SA) Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk [2015-03-09] ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation) Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SoundSwitch.appref-ms [2015-03-09] () Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk [2015-03-09] ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 07 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2013-05-11] (National Instruments Corporation) Winsock: Catalog5-x64 07 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2013-05-11] (National Instruments Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.11 Tcpip\..\Interfaces\{4F3C7CA5-7803-41F3-86CC-3327492FE7E6}: [DhcpNameServer] 192.168.0.11 Tcpip\..\Interfaces\{7B1CEF77-DDB6-42E8-B017-8F1562B1DF55}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{B597B79E-1A3E-4CB1-8674-E3D4E441BBA8}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{BBFF37E3-B1E9-4A3F-800F-8FDAE3F72FEE}: [DhcpNameServer] 192.168.43.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-715575704-4020683070-549173419-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-715575704-4020683070-549173419-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-16] (Oracle Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-11-11] (LastPass) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-16] (Oracle Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-16] (Oracle Corporation) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-11-11] (LastPass) BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-09-13] (FreeDownloadManager.ORG) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-16] (Oracle Corporation) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-11-11] (LastPass) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-11-11] (LastPass) FireFox: ======== FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-04-23] (EA Digital Illusions CE AB) FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-16] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-16] (Oracle Corporation) FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-11-11] (LastPass) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-06-09] (Adobe Systems) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.) FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-04-23] (EA Digital Illusions CE AB) FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-16] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-16] (Oracle Corporation) FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-11-11] (LastPass) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-09] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-09] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-06-09] (Adobe Systems) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom) FF Plugin HKU\S-1-5-21-715575704-4020683070-549173419-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\David\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-22] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2012win32.dll [2013-05-29] (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2013win32.dll [2013-06-20] (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Extension: LastPass - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\support@lastpass.com [2014-11-11] FF Extension: Classic Theme Restorer (Customize UI) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2015-07-03] FF Extension: Omnibar - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\omnibar@ajitk.com.xpi [2015-07-03] FF Extension: FXChrome - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi [2015-07-03] FF Extension: Adblock Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-03] Chrome: ======= CHR HomePage: Default -> hxxp://google.com/ CHR StartupUrls: Default -> "hxxp://google.com/" CHR DefaultSearchKeyword: Default -> lp CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-07] CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-07] CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-07] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-07] CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-07] CHR Extension: (Adblock Plus) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-07] CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-07] CHR Extension: (Backtick) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\daiejhinmmfgincamkeeobmpffhdljim [2015-03-07] CHR Extension: (Session Buddy) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2015-03-07] CHR Extension: (Google Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-07] CHR Extension: (Google Docs Offline) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04] CHR Extension: (LastPass: Free Password Manager) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-07] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-07] CHR Extension: (Better YouTube Watch History) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleajdkalfbohpinoaekajagdefaeckd [2015-03-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-07] CHR Extension: (Google Tone) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnckehldicaciogcbchegobnafnjkcne [2015-05-28] CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-07] CHR Extension: (RSS Feed Reader) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2015-03-07] CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-06-09] (Adobe Systems Incorporated) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1060352 2015-06-19] () S4 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed] R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [3169648 2015-01-07] (Binary Fortress Software) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [238376 2015-07-14] (EasyAntiCheat Ltd) S2 Foundry FLEXlm Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe [1392016 2012-10-30] (Acresso Software Inc.) S4 Foundry License Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe [1474560 2014-04-04] (Reprise Software Inc.) [File not signed] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation) S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed] S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation) S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation) S4 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] () S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation) S4 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.) S4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation) S4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation) S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation) S4 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-06-08] (National Instruments Corporation) S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-06-08] (National Instruments Corporation) S4 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [380720 2013-06-12] (National Instruments Corporation) S4 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation) S4 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation) S4 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-06-07] (National Instruments Corporation) S4 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-06-08] (National Instruments Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-02] (Electronic Arts) S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-06-02] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-06-03] () S4 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [File not signed] R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [27872 2014-05-19] (Samsung Electronics Co., Ltd.) S4 SVLAdminServiceX64; C:\Program Files (x86)\Software Verification\SVL Service x64\svlService_x64.exe [21792 2014-06-03] () S4 SVLAdminServiceX86; C:\Program Files (x86)\Software Verification\SVL Service x86\svlService.exe [24928 2014-05-23] () S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672024 2015-02-27] (Wacom Technology, Corp.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 BioNTDrv; C:\Program Files (x86)\Paragon Software\Migrate OS to SSD\program\BioNTDrv.SYS [19024 2011-03-01] (Paragon Software GmbH) R3 CorsairAudioFilter; C:\Windows\System32\DRIVERS\corsveng2kamd64.sys [109912 2014-02-03] (Corsair Components, Inc.) R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] () R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] () R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-31] (Logitech Inc.) S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [43456 2012-07-26] (http://libusb-win32.sourceforge.net) S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2014-07-08] (http://libusb-win32.sourceforge.net) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation) S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [12288 2009-08-23] () [File not signed] S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.) R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13480 2014-06-10] () R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [986728 2012-02-10] (Realtek Semiconductor Corporation ) R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [265952 2014-05-19] (Samsung Electronics Co., Ltd.) R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111328 2014-05-19] (Samsung Electronics Co., Ltd.) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-02-10] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2015-02-10] (Acronis International GmbH) R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [125640 2014-04-30] (High Criteria inc.) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-01] () R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows ® Win 7 DDK provider) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116296 2014-09-09] (Oracle Corporation) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2015-02-10] (Acronis International GmbH) R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 moufiltr; system32\DRIVERS\moufiltr.sys [X] S3 vhidmini; system32\DRIVERS\walvhid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-06 12:36 - 2015-09-06 12:37 - 00035976 _____ C:\Users\David\Desktop\FRST.txt 2015-09-06 12:11 - 2015-09-06 12:12 - 02188800 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe 2015-09-03 10:56 - 2015-09-03 10:57 - 12455424 _____ (Frontier Developments ) C:\Users\David\Desktop\EliteDangerous-Client-Installer.exe 2015-08-31 17:22 - 2015-08-31 17:47 - 255525815 _____ (Fleet Operations Development Team ) C:\Users\David\Desktop\FOSetup327.exe 2015-08-31 17:22 - 2015-08-31 17:28 - 54894709 _____ ( ) C:\Users\David\Desktop\FleetOpsMultimedia3.exe 2015-08-31 17:16 - 2015-08-31 17:17 - 00895868 _____ C:\Users\David\Desktop\3danalyzer-v236.zip 2015-08-30 11:51 - 2015-08-30 11:51 - 00154956 _____ C:\Users\David\Desktop\d l4d2.aup 2015-08-30 11:51 - 2015-08-30 11:51 - 00000000 ____D C:\Users\David\Desktop\d l4d2_data 2015-08-29 16:55 - 2015-08-29 16:55 - 00001679 _____ C:\Users\David\Desktop\left4gore.exe - Shortcut.lnk 2015-08-29 16:55 - 2015-08-29 16:55 - 00001099 _____ C:\Users\David\Desktop\left4dead2.exe - Shortcut.lnk 2015-08-29 15:21 - 2015-08-29 15:21 - 00000785 _____ C:\Users\David\Desktop\Star Citizen Launcher.lnk 2015-08-29 15:21 - 2015-08-29 15:21 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Citizen Launcher 2015-08-29 15:21 - 2015-08-29 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Citizen Launcher 2015-08-23 18:14 - 2015-08-23 18:48 - 00000000 ____D C:\Users\David\Desktop\DSTwo 2015-08-22 13:26 - 2015-08-31 21:22 - 00000000 ____D C:\Users\David\AppData\Local\Spotify 2015-08-22 13:26 - 2015-08-22 13:26 - 00001793 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-08-22 13:22 - 2015-08-31 21:22 - 00000000 ____D C:\Users\David\AppData\Roaming\Spotify 2015-08-22 11:47 - 2015-08-22 11:47 - 00077373 _____ C:\Users\David\Desktop\d_rocketleague_3.aup 2015-08-22 11:47 - 2015-08-22 11:47 - 00000000 ____D C:\Users\David\Desktop\d_rocketleague_3_data 2015-08-15 11:33 - 2015-08-15 11:33 - 00078360 _____ C:\Users\David\Desktop\d_minecraft_pp_1.aup 2015-08-15 11:33 - 2015-08-15 11:33 - 00000000 ____D C:\Users\David\Desktop\d_minecraft_pp_1_data 2015-08-07 22:38 - 2015-08-07 22:38 - 00000000 ____D C:\Users\David\Documents\PCSX2 2015-08-07 22:38 - 2015-08-07 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2 2015-08-07 21:59 - 2015-08-07 21:59 - 00866384 _____ C:\Users\David\Desktop\OpenPS2Loader 0.9.2.zip 2015-08-07 21:55 - 2015-08-07 21:55 - 00100490 _____ C:\Users\David\Desktop\ESRDiscPatcher.zip 2015-08-07 21:55 - 2015-08-07 21:55 - 00028642 _____ C:\Users\David\Desktop\ESR.zip 2015-08-07 14:55 - 2015-08-07 14:55 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PS2 Save Builder 0.8 2015-08-07 14:54 - 2015-08-07 14:54 - 00000000 ____D C:\Program Files (x86)\PS2 Save Builder 0.8 2015-08-07 14:37 - 2015-08-07 14:38 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyMC 2015-08-07 14:36 - 2015-08-07 14:36 - 00000000 ____D C:\Program Files (x86)\MyMC 2015-08-07 14:24 - 2015-08-07 14:24 - 04710029 _____ C:\Users\David\Desktop\mymc-alpha-2.6.zip 2015-08-07 13:57 - 2015-08-07 13:58 - 05116874 _____ C:\Users\David\Desktop\[140629]FMCB-0194-bin.7z 2015-08-07 13:54 - 2015-08-07 14:12 - 00000000 ____D C:\Users\David\Desktop\PS2 Saves ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-06 12:36 - 2015-03-11 11:11 - 00000000 ____D C:\FRST 2015-09-06 12:35 - 2014-02-28 11:35 - 01150434 _____ C:\Windows\WindowsUpdate.log 2015-09-06 12:21 - 2015-03-07 14:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-06 12:06 - 2009-07-14 14:45 - 00022784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-06 12:06 - 2009-07-14 14:45 - 00022784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-06 12:05 - 2009-07-14 15:13 - 00801230 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-06 12:02 - 2014-06-23 14:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-06 11:59 - 2015-07-12 21:28 - 00000000 ____D C:\Users\David\AppData\Local\Bvckup2 2015-09-06 11:59 - 2015-03-13 13:04 - 00017430 _____ C:\Windows\setupact.log 2015-09-06 11:59 - 2015-03-07 14:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-06 11:59 - 2015-01-10 12:41 - 00003018 _____ C:\Windows\System32\Tasks\MSIAfterburner 2015-09-06 11:59 - 2015-01-09 22:44 - 00000000 ____D C:\Program Files (x86)\SpeedFan 2015-09-06 11:59 - 2014-10-04 10:02 - 00000000 ____D C:\ProgramData\VMware 2015-09-06 11:59 - 2014-06-23 16:53 - 00000000 ____D C:\ProgramData\NVIDIA 2015-09-06 11:59 - 2014-03-01 08:43 - 01192302 _____ C:\Windows\PFRO.log 2015-09-06 11:59 - 2013-09-26 16:39 - 00000000 ____D C:\Users\David\AppData\Local\Deployment 2015-09-06 11:59 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-06 00:37 - 2013-10-01 12:36 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner 2015-09-05 23:15 - 2014-11-20 16:21 - 00000000 ____D C:\Program Files (x86)\Steam 2015-09-05 12:43 - 2014-02-28 23:06 - 00000000 ____D C:\ProgramData\Unity 2015-09-04 16:47 - 2015-03-12 08:37 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2015-09-04 14:42 - 2015-06-21 21:03 - 00000000 ____D C:\Users\David\Desktop\Keygen-CRD 2015-09-04 14:42 - 2009-07-14 15:32 - 00000000 ____D C:\Windows\Performance 2015-09-04 09:18 - 2014-02-13 12:45 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-08-30 21:38 - 2014-11-22 12:00 - 00000000 ____D C:\Users\David\Desktop\Stiff to Sort 2015-08-30 12:05 - 2014-08-07 16:56 - 00000000 ____D C:\Users\David\AppData\Roaming\Audacity 2015-08-30 11:57 - 2014-03-03 11:07 - 00000000 ____D C:\Users\David\AppData\Roaming\HandBrake 2015-08-30 11:53 - 2013-10-06 10:26 - 00000000 ____D C:\Users\David\AppData\Roaming\Mumble 2015-08-29 16:16 - 2015-03-07 14:45 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-08-29 16:16 - 2015-03-07 14:45 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-08-26 09:26 - 2009-07-14 15:08 - 00032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-08-24 14:41 - 2013-12-25 23:19 - 00000000 ____D C:\Users\David\AppData\Roaming\.minecraft 2015-08-24 11:34 - 2015-05-24 16:31 - 00000080 _____ C:\Users\David\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 2015-08-24 07:15 - 2015-03-12 08:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2015-08-24 07:15 - 2015-03-12 08:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit 2015-08-23 15:07 - 2015-04-12 09:56 - 00000000 ____D C:\Program Files (x86)\Rockstar Games 2015-08-23 15:07 - 2015-04-12 09:55 - 00000000 ____D C:\Program Files\Rockstar Games 2015-08-22 14:06 - 2013-10-26 23:09 - 00000000 ____D C:\Users\David\AppData\Roaming\Unity 2015-08-22 13:21 - 2013-10-05 10:17 - 00000000 ____D C:\Users\David\AppData\Roaming\vlc 2015-08-22 09:48 - 2015-06-28 11:35 - 00000328 _____ C:\Users\David\Desktop\costs.txt 2015-08-16 16:42 - 2015-03-16 12:26 - 00000000 ____D C:\Users\David\AppData\Local\CrashDumps 2015-08-09 13:42 - 2013-11-09 13:20 - 00007631 _____ C:\Users\David\AppData\Local\Resmon.ResmonCfg 2015-08-07 22:38 - 2014-03-11 09:16 - 00000000 ____D C:\Windows\SysWOW64\directx ==================== Files in the root of some directories ======= 2014-11-11 19:55 - 2014-11-11 19:55 - 14147584 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe 2015-05-23 00:40 - 2015-05-23 00:43 - 0000132 _____ () C:\Users\David\AppData\Roaming\Adobe PNG Format CS6 Prefs 2013-12-31 22:52 - 2013-12-31 23:02 - 0065617 _____ () C:\Users\David\AppData\Roaming\Camdata.ini 2013-12-31 22:52 - 2013-12-31 23:02 - 0000408 _____ () C:\Users\David\AppData\Roaming\CamLayout.ini 2013-12-31 22:52 - 2013-12-31 23:02 - 0000408 _____ () C:\Users\David\AppData\Roaming\CamShapes.ini 2013-12-31 22:52 - 2013-12-31 23:02 - 0004548 _____ () C:\Users\David\AppData\Roaming\CamStudio.cfg 2015-01-17 13:22 - 2015-01-18 12:18 - 0000699 _____ () C:\Users\David\AppData\Roaming\DriveCalculator Preferences 2014-12-28 09:08 - 2014-12-28 21:57 - 0003982 _____ () C:\Users\David\AppData\Roaming\LTspiceIV.ini 2014-02-07 08:30 - 2014-05-14 17:22 - 0000813 _____ () C:\Users\David\AppData\Roaming\MPQEditor.ini 2013-12-31 22:51 - 2013-12-31 22:52 - 0000096 _____ () C:\Users\David\AppData\Roaming\version2.xml 2014-04-05 14:22 - 2014-04-18 17:18 - 0003584 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-14 16:28 - 2014-08-14 16:28 - 1065984 _____ () C:\Users\David\AppData\Local\file__0.localstorage 2013-10-24 10:05 - 2013-10-24 10:05 - 0000093 _____ () C:\Users\David\AppData\Local\fusioncache.dat 2013-10-25 13:19 - 2013-10-25 13:19 - 0000000 ___SH () C:\Users\David\AppData\Local\LumaEmu 2015-07-26 14:16 - 2015-07-26 14:16 - 0006667 _____ () C:\Users\David\AppData\Local\recently-used.xbel 2013-11-09 13:20 - 2015-08-09 13:42 - 0007631 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg 2015-02-22 19:52 - 2015-02-22 19:52 - 0000080 _____ () C:\Users\David\AppData\Local\X-Plane Installer.prf 2015-02-22 19:27 - 2015-02-22 19:27 - 0000036 _____ () C:\Users\David\AppData\Local\x-plane_install_10.txt 2014-08-31 11:26 - 2014-08-31 11:26 - 0000044 _____ () C:\ProgramData\.SimImages 2015-04-09 12:49 - 2015-04-09 12:49 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Some files in TEMP: ==================== C:\Users\David\AppData\Local\Temp\bzfclean.exe C:\Users\David\AppData\Local\Temp\installerdll783592140.dll C:\Users\David\AppData\Local\Temp\jre-8u60-windows-au.exe C:\Users\David\AppData\Local\Temp\sfamcc00001.dll C:\Users\David\AppData\Local\Temp\sfareca00001.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-01 00:31 ==================== End of FRST.txt ============================ Addition.txt
  9. I have been getting Cloudscout adverts, popups, and page redirects in Chrome for a long time. I would run Malwarebytes, and adwcleaner, the would find nothing, but adwcleaner would reboot my computer and the adverts would be gone for a while. Tried clearing my cache, resetting my browsers etc. but they still kept coming back. Then I started getting DNSUnlocker adverts, and decided to try and get help getting rid of these adverts altogether. (link to the attempt to fix here:http://www.techspot.com/community/topics/cloudscout-dnsunlocker.218944/) The guy who helped me couldn't find anything and told me I wasn't infected. In the end I just stopped using google Chrome and starting using firefox. I have since upgraded to Windows 10 Pro and I am now getting these adverts/popups/redirects often In all the browsers I use (IE, Firefox, Edge). It's driving me crazy and making it impossible to browse the internet. Please help. FRST.txt Addition.txt
  10. PC's at our office have been hit by DNS Unlocker. Its only Chrome (Edge, IE and Firefox are fine). We have downloaded the trail version as well as the paid version of Malwarebytes but the scans don't find anything. What do I need to do to resolve the issue?
  11. Have been plagued by multiple adware popups from DNSUnlocker and n1.smartyads. I continually get redirected to the point that I spend more time blocking the redirects than browsing. I'm not sure if the redirects are related to these adware items or not. Have used MBAM and other adware/malware programs to no avail. Standard removal guides for these malware items are not effective. Any help you could provide would be appreciated. FRST txt file is pasted below, addition.txt file is attached due to size Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-09-2015 Ran by Gods family (administrator) on GODSFAMILY-HP (12-09-2015 23:21:19) Running from C:\Users\Gods family\Downloads Loaded Profiles: Gods family (Available Profiles: Gods family) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_18_0_0_232_ActiveX.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-02-15] (IDT, Inc.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET) HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-11-13] (Apple Inc.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-27] (Easybits) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-05-01] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{195B3174-F1C4-40F9-A657-9F8C1F4BF288}: [DhcpNameServer] 69.170.120.194 216.114.44.34 Tcpip\..\Interfaces\{DA0C7320-AFE8-42E0-813F-D903862434E4}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-3153944161-608105611-1829901464-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp URLSearchHook: HKLM-x32 -> Default = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {21A09A26-3F3C-4786-97CB-7495A1C6C36A} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-3153944161-608105611-1829901464-1001 -> DefaultScope {6852DF0A-6942-41DF-876B-7CB905831405} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20150607&p={searchTerms} SearchScopes: HKU\S-1-5-21-3153944161-608105611-1829901464-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3153944161-608105611-1829901464-1001 -> {6852DF0A-6942-41DF-876B-7CB905831405} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20150607&p={searchTerms} SearchScopes: HKU\S-1-5-21-3153944161-608105611-1829901464-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-3153944161-608105611-1829901464-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = BHO: ProShaopper -> {6CC0F2D1-3A18-4321-B14A-72CEAB98F17E} -> C:\Program Files (x86)\ProShaopper\eU3FtIMn7SbptZ.x64.dll No File BHO: PrroShopper -> {7A15F800-26EA-442B-B07E-C1EF84DCF9CB} -> C:\Program Files (x86)\PrroShopper\6EgZJ2D8FWsLzJ.x64.dll No File Toolbar: HKU\S-1-5-21-3153944161-608105611-1829901464-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-3153944161-608105611-1829901464-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://vpnb-hdc.kroger.com/dana-cached/sc/JuniperSetupClient.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-10] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-10] (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-10] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-10] (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-08-11] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-08-11] (McAfee, Inc.) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-22] () FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-11] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-22] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File] FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-10-05] () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-03] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-03] (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-11] () FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2015-08-18] (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-06-07] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Gods family\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (No Name) - C:\Users\Gods family\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp [2015-04-12] CHR Extension: (SiteAdvisor) - C:\Users\Gods family\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-31] CHR Extension: (No Name) - C:\Users\Gods family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (No Name) - C:\Users\Gods family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojonjicgjpbngchmepoeahpfpkehenef [2015-05-31] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-11] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-11] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-02] (Advanced Micro Devices, Inc.) [File not signed] R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET) R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed] S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-09-10] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-11] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.) R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.) S3 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-13] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [168208 2015-07-13] (ESET) S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2011-11-12] (LeapFrog) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-12] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-09-10] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) S3 clwvd; system32\DRIVERS\clwvd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-12 22:34 - 2015-09-12 22:36 - 00049728 _____ C:\Users\Gods family\Downloads\Addition.txt 2015-09-12 22:33 - 2015-09-12 23:21 - 00020585 _____ C:\Users\Gods family\Downloads\FRST.txt 2015-09-12 22:32 - 2015-09-12 23:21 - 00000000 ____D C:\FRST 2015-09-12 22:25 - 2015-09-12 22:25 - 00001173 _____ C:\Users\Gods family\Desktop\FRST64.exe - Shortcut.lnk 2015-09-12 22:24 - 2015-09-12 22:25 - 02190848 _____ (Farbar) C:\Users\Gods family\Downloads\FRST64.exe 2015-09-12 11:42 - 2015-09-12 11:42 - 00375736 _____ C:\Windows\Minidump\091215-46815-01.dmp 2015-09-12 11:08 - 2015-09-12 11:08 - 00000882 _____ C:\Users\Gods family\Desktop\ESET scan 2.xml 2015-09-12 11:07 - 2015-09-12 11:07 - 00000882 _____ C:\Users\Gods family\Desktop\ESET scan.xml 2015-09-12 11:06 - 2015-09-12 11:06 - 00284083 _____ C:\Users\Gods family\Desktop\ESET scan 1.xml 2015-09-12 00:09 - 2015-09-12 00:09 - 00000000 ____D C:\Users\Gods family\AppData\Local\ESET 2015-09-11 23:29 - 2015-09-11 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2015-09-11 23:29 - 2015-09-11 23:29 - 00000000 ____D C:\ProgramData\ESET 2015-09-11 23:29 - 2015-09-11 23:29 - 00000000 ____D C:\Program Files\ESET 2015-09-11 22:16 - 2015-09-11 22:22 - 00000000 ____D C:\AdwCleaner 2015-09-11 22:09 - 2015-09-11 22:09 - 01660416 _____ C:\Users\Gods family\Desktop\adwcleaner_5.007.exe 2015-09-11 21:36 - 2015-09-11 21:36 - 00375808 _____ C:\Windows\Minidump\091115-38454-01.dmp 2015-09-11 21:17 - 2015-09-11 21:17 - 00027333 _____ C:\Users\Gods family\Desktop\JRT.txt 2015-09-11 21:07 - 2015-09-11 21:07 - 00001142 _____ C:\Users\Gods family\Desktop\JRT.exe - Shortcut.lnk 2015-09-11 21:02 - 2015-09-11 21:02 - 01101640 _____ (Bleeping Computer, LLC) C:\Users\Gods family\Desktop\rkill64.exe 2015-09-11 20:59 - 2015-09-11 20:59 - 01800104 _____ (Malwarebytes Corporation) C:\Users\Gods family\Downloads\JRT.exe 2015-09-11 20:43 - 2015-09-11 20:43 - 00375768 _____ C:\Windows\Minidump\091115-36956-01.dmp 2015-09-11 20:22 - 2015-09-11 20:22 - 01702992 _____ C:\Windows\Minidump\091115-31122-01.dmp 2015-09-11 18:49 - 2015-09-11 18:49 - 00000000 ____D C:\Windows\ERDNT 2015-09-11 18:46 - 2015-09-11 18:46 - 00000924 _____ C:\Users\Gods family\Desktop\NTREGOPT.lnk 2015-09-11 18:46 - 2015-09-11 18:46 - 00000905 _____ C:\Users\Gods family\Desktop\ERUNT.lnk 2015-09-11 18:46 - 2015-09-11 18:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2015-09-11 18:46 - 2015-09-11 18:46 - 00000000 ____D C:\Program Files (x86)\ERUNT 2015-09-11 18:41 - 2015-09-11 18:41 - 00791393 _____ (Lars Hederer ) C:\Users\Gods family\Downloads\erunt-setup.exe 2015-09-11 18:30 - 2015-09-12 22:03 - 00001666 _____ C:\Users\Gods family\Desktop\Rkill.txt 2015-09-11 18:16 - 2015-09-11 18:16 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Gods family\Desktop\rkill.exe 2015-09-11 18:15 - 2015-09-11 23:07 - 00000000 ____D C:\Users\Gods family\Documents\Virus Removal stuff 2015-09-11 18:09 - 2015-09-11 18:09 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Gods family\Downloads\rkill.exe 2015-09-08 23:07 - 2015-09-08 23:07 - 00509976 _____ C:\Windows\Minidump\090815-31730-01.dmp 2015-09-08 22:43 - 2015-09-08 22:43 - 01702992 _____ C:\Windows\Minidump\090815-30435-01.dmp 2015-09-08 17:25 - 2015-08-17 20:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-09-08 17:25 - 2015-08-17 20:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-09-08 17:25 - 2015-08-15 01:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-09-08 17:25 - 2015-08-15 01:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-09-08 17:25 - 2015-08-15 01:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-09-08 17:25 - 2015-08-15 01:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-09-08 17:25 - 2015-08-15 01:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-09-08 17:25 - 2015-08-15 01:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-09-08 17:25 - 2015-08-15 01:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-09-08 17:25 - 2015-08-15 01:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-09-08 17:25 - 2015-08-15 01:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-09-08 17:25 - 2015-08-15 01:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-09-08 17:25 - 2015-08-15 01:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-09-08 17:25 - 2015-08-15 01:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-09-08 17:25 - 2015-08-15 01:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-09-08 17:25 - 2015-08-15 01:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-09-08 17:25 - 2015-08-15 01:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-09-08 17:25 - 2015-08-15 01:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-09-08 17:25 - 2015-08-15 01:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-09-08 17:25 - 2015-08-15 01:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-09-08 17:25 - 2015-08-15 00:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-09-08 17:25 - 2015-08-15 00:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-09-08 17:25 - 2015-08-15 00:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-09-08 17:25 - 2015-08-15 00:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-09-08 17:25 - 2015-08-15 00:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-09-08 17:25 - 2015-08-15 00:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-09-08 17:25 - 2015-08-15 00:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-09-08 17:25 - 2015-08-15 00:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-09-08 17:25 - 2015-08-15 00:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-09-08 17:25 - 2015-08-15 00:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-09-08 17:25 - 2015-08-15 00:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-09-08 17:25 - 2015-08-15 00:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-09-08 17:25 - 2015-08-15 00:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-09-08 17:25 - 2015-08-15 00:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-09-08 17:25 - 2015-08-15 00:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-09-08 17:25 - 2015-08-15 00:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-09-08 17:25 - 2015-08-15 00:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-09-08 17:25 - 2015-08-15 00:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-09-08 17:25 - 2015-08-15 00:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-09-08 17:25 - 2015-08-15 00:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-09-08 17:25 - 2015-08-15 00:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-09-08 17:25 - 2015-08-15 00:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-09-08 17:25 - 2015-08-15 00:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-09-08 17:25 - 2015-08-15 00:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-09-08 17:25 - 2015-08-15 00:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-09-08 17:25 - 2015-08-15 00:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-09-08 17:25 - 2015-08-15 00:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-09-08 17:25 - 2015-08-15 00:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-09-08 17:25 - 2015-08-15 00:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-09-08 17:25 - 2015-08-15 00:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-09-08 17:25 - 2015-08-15 00:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-09-08 17:25 - 2015-08-15 00:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-09-08 17:25 - 2015-08-15 00:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-09-08 17:25 - 2015-08-15 00:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-09-08 17:25 - 2015-08-15 00:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-09-08 17:25 - 2015-08-14 23:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-09-08 17:25 - 2015-08-14 23:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-09-08 17:25 - 2015-08-14 23:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-09-08 17:25 - 2015-08-14 23:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-09-08 17:25 - 2015-08-14 23:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-09-08 17:25 - 2015-08-05 12:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-09-08 17:25 - 2015-08-05 12:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-09-08 17:25 - 2015-08-05 12:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-09-08 17:25 - 2015-07-22 19:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-09-08 17:25 - 2015-07-22 19:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-09-08 17:25 - 2015-07-22 19:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-09-08 17:25 - 2015-07-22 19:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-09-08 17:25 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-09-08 17:25 - 2015-07-22 12:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-09-08 17:25 - 2015-07-22 11:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-09-08 17:25 - 2015-07-14 22:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-09-08 17:25 - 2015-07-14 21:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2015-09-08 17:25 - 2015-07-09 12:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2015-09-08 17:25 - 2015-07-09 12:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll 2015-09-08 17:25 - 2015-07-09 12:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2015-09-08 17:25 - 2015-07-09 12:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll 2015-09-08 17:25 - 2015-06-25 05:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-09-08 17:25 - 2015-06-25 05:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-09-08 17:25 - 2015-06-25 05:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2015-09-08 17:25 - 2015-06-25 04:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-09-08 17:24 - 2015-07-22 19:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-09-08 17:24 - 2015-07-22 19:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-09-08 17:24 - 2015-07-22 19:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-09-08 17:24 - 2015-07-22 19:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-09-08 17:24 - 2015-07-22 19:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-09-08 17:24 - 2015-07-22 19:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-09-08 17:24 - 2015-07-22 19:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-09-08 17:24 - 2015-07-22 19:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-09-08 17:24 - 2015-07-22 19:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-09-08 17:24 - 2015-07-22 19:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-09-08 17:24 - 2015-07-22 19:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-09-08 17:24 - 2015-07-22 18:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-09-08 17:24 - 2015-07-22 18:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-09-08 17:24 - 2015-07-22 12:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-09-08 17:24 - 2015-07-22 12:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-09-08 17:24 - 2015-07-22 12:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-09-08 17:24 - 2015-07-22 12:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-09-08 17:24 - 2015-07-22 12:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-09-08 17:24 - 2015-07-22 12:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-09-08 17:24 - 2015-07-22 12:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-09-08 17:24 - 2015-07-22 12:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-09-08 17:24 - 2015-07-22 12:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-09-08 17:24 - 2015-07-22 12:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-09-08 17:24 - 2015-07-22 12:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 11:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-09-08 17:24 - 2015-07-22 11:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-09-08 17:24 - 2015-07-22 11:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-09-08 17:24 - 2015-07-22 11:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-09-08 17:24 - 2015-07-22 11:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-09-08 17:24 - 2015-07-22 11:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 11:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-09-08 17:23 - 2015-08-27 13:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-09-08 17:23 - 2015-08-27 13:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-09-08 17:23 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2015-09-08 17:23 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-09-08 17:23 - 2015-08-27 12:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-09-08 17:23 - 2015-08-27 12:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-09-08 17:23 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2015-09-08 17:23 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2015-09-08 17:23 - 2015-08-04 13:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-09-08 17:23 - 2015-08-04 13:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-09-08 17:23 - 2015-08-04 12:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-09-08 17:23 - 2015-08-04 12:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-09-08 17:23 - 2015-08-04 12:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-09-08 17:23 - 2015-08-04 12:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-09-08 17:23 - 2015-08-04 12:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-09-08 17:23 - 2015-08-04 12:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-09-08 17:23 - 2015-08-04 11:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-09-08 17:22 - 2015-09-01 22:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-09-08 17:22 - 2015-09-01 22:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-09-08 17:22 - 2015-09-01 22:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-09-08 17:22 - 2015-09-01 22:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-09-08 17:22 - 2015-09-01 21:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-09-08 17:22 - 2015-09-01 21:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-09-08 17:22 - 2015-09-01 21:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-09-08 17:22 - 2015-09-01 21:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-09-08 17:22 - 2015-09-01 20:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-09-08 17:22 - 2015-09-01 20:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-09-08 17:22 - 2015-09-01 20:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-09-08 17:22 - 2015-08-26 13:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-09-08 17:22 - 2015-08-26 13:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-09-08 17:22 - 2015-08-26 13:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-09-08 17:22 - 2015-08-26 13:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-09-08 17:22 - 2015-08-26 13:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-09-08 17:22 - 2015-08-26 13:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-09-08 17:22 - 2015-08-26 13:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-09-08 17:22 - 2015-08-26 13:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-09-08 17:22 - 2015-08-26 13:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-09-08 17:22 - 2015-08-26 13:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-09-08 17:22 - 2015-08-26 13:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-09-08 17:22 - 2015-08-26 12:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-09-08 17:22 - 2015-08-26 12:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-09-08 17:22 - 2015-08-26 12:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-09-08 17:22 - 2015-08-26 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-09-08 17:22 - 2015-08-26 12:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-08-30 17:38 - 2015-08-30 17:38 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-08-30 16:51 - 2015-09-12 21:14 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-30 16:50 - 2015-08-30 17:37 - 00001096 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-08-30 16:50 - 2015-08-30 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-08-30 16:50 - 2015-08-30 16:50 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-08-30 16:50 - 2015-08-30 16:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-08-30 16:50 - 2015-06-18 09:38 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-08-30 16:50 - 2015-06-18 09:38 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-08-30 16:50 - 2015-06-18 09:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-08-30 15:44 - 2015-08-30 15:44 - 00000000 ____D C:\Users\Gods family\AppData\Roaming\McAfee 2015-08-23 09:43 - 2015-07-30 08:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-23 09:43 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-08-21 18:01 - 2015-08-21 22:22 - 00000356 _____ C:\Windows\Tasks\HPCeeScheduleForGods family.job 2015-08-21 18:01 - 2015-08-21 18:01 - 00003222 _____ C:\Windows\System32\Tasks\HPCeeScheduleForGods family 2015-08-16 14:45 - 2015-07-28 15:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-08-16 14:45 - 2015-07-28 15:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-08-16 14:45 - 2015-07-28 15:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-08-16 14:45 - 2015-07-28 15:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-08-16 14:45 - 2015-07-28 15:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-08-16 14:45 - 2015-07-28 15:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-08-16 14:45 - 2015-07-28 15:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-08-16 14:45 - 2015-07-28 14:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-08-16 14:45 - 2015-07-15 13:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-08-16 14:45 - 2015-07-15 13:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2015-08-16 14:45 - 2015-07-15 13:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-08-16 14:44 - 2015-07-10 12:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-08-16 14:44 - 2015-07-10 12:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2015-08-16 14:44 - 2015-07-10 12:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-08-16 14:44 - 2015-07-10 12:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-08-16 14:44 - 2015-07-10 12:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2015-08-16 14:44 - 2015-07-10 12:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2015-08-16 14:43 - 2015-07-14 22:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-08-16 14:40 - 2015-07-30 13:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-08-16 14:40 - 2015-07-30 13:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-16 14:40 - 2015-07-30 13:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-16 14:40 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2015-08-16 14:40 - 2015-07-30 12:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-08-16 14:40 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-08-16 14:40 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-08-16 14:40 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe 2015-08-16 14:40 - 2015-07-01 15:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-08-16 14:40 - 2015-07-01 15:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2015-08-16 14:40 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2015-08-16 14:40 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2015-08-16 14:39 - 2015-07-10 12:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-08-16 14:39 - 2015-07-10 12:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-12 23:10 - 2011-08-24 18:05 - 00000000 ____D C:\Users\Gods family\AppData\Local\CrashDumps 2015-09-12 23:08 - 2015-04-27 05:36 - 00001028 _____ C:\Windows\Tasks\3awInI4mXB1OZnoR.job 2015-09-12 22:32 - 2013-01-27 20:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-09-12 21:33 - 2009-07-13 23:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-12 21:33 - 2009-07-13 23:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-12 21:15 - 2011-07-11 18:09 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5A98DA96-D311-4286-82A0-74355D954CFC} 2015-09-12 21:14 - 2015-06-19 07:34 - 00000332 _____ C:\Windows\Tasks\PhraseAnalyzer.job 2015-09-12 11:58 - 2011-06-20 16:39 - 01766550 _____ C:\Windows\WindowsUpdate.log 2015-09-12 11:42 - 2011-12-28 18:48 - 451807167 _____ C:\Windows\MEMORY.DMP 2015-09-12 11:42 - 2011-12-28 18:48 - 00000000 ____D C:\Windows\Minidump 2015-09-12 11:42 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-12 11:42 - 2009-07-13 23:51 - 00095875 _____ C:\Windows\setupact.log 2015-09-11 22:24 - 2010-11-20 22:47 - 01019088 _____ C:\Windows\PFRO.log 2015-09-11 22:22 - 2014-02-02 11:01 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2015-09-11 22:22 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System 2015-09-11 18:10 - 2012-01-22 22:07 - 00026112 ___SH C:\Users\Gods family\Documents\Thumbs.db 2015-09-10 19:53 - 2009-07-14 00:13 - 00783464 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-10 19:44 - 2009-07-13 23:45 - 00286112 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-10 19:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-09-10 19:35 - 2011-07-13 15:53 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2015-09-10 19:20 - 2013-07-16 06:17 - 00000000 ____D C:\Windows\system32\MRT 2015-09-08 21:25 - 2014-08-17 09:39 - 00000000 ____D C:\Windows\pss 2015-09-08 19:58 - 2011-07-21 17:45 - 00000000 ____D C:\Users\Gods family\AppData\Roaming\SoftGrid Client 2015-08-30 17:40 - 2015-07-24 13:24 - 00000000 ____D C:\Program Files (x86)\Little Group 2015-08-30 17:40 - 2015-07-07 22:06 - 00000000 ____D C:\Program Files (x86)\Convoluted Editor 2015-08-30 17:39 - 2011-07-11 18:09 - 00001389 _____ C:\Users\Gods family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-08-30 17:38 - 2011-09-04 12:11 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2015-08-30 17:38 - 2011-07-11 18:05 - 00002092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Download Store.lnk 2015-08-30 17:38 - 2011-07-11 18:05 - 00002062 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk 2015-08-30 17:38 - 2011-06-20 16:36 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2015-08-30 17:38 - 2011-06-20 16:36 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2015-08-30 17:38 - 2011-05-17 15:10 - 00001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk 2015-08-30 17:38 - 2011-05-17 15:10 - 00001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk 2015-08-30 17:38 - 2011-05-17 15:09 - 00002474 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk 2015-08-30 17:38 - 2011-05-17 15:09 - 00001446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2015-08-30 17:38 - 2011-05-17 15:06 - 00002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk 2015-08-30 17:38 - 2009-07-13 23:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-08-30 17:38 - 2009-07-13 23:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk 2015-08-30 17:38 - 2009-07-13 23:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 2015-08-30 17:38 - 2009-07-13 23:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 2015-08-30 17:38 - 2009-07-13 23:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk 2015-08-30 17:37 - 2015-06-07 16:47 - 00001868 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk 2015-08-30 17:37 - 2015-04-24 11:06 - 00001839 _____ C:\Users\Public\Desktop\QuickTime Player.lnk 2015-08-30 17:37 - 2014-12-13 12:16 - 00002013 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2015-08-30 17:37 - 2014-08-06 19:49 - 00001740 _____ C:\Users\Gods family\Desktop\istation - Shortcut.lnk 2015-08-30 17:37 - 2014-08-06 19:32 - 00001001 _____ C:\Users\Public\Desktop\The Imagination Station LF972113.lnk 2015-08-30 17:37 - 2014-02-15 17:49 - 00001212 _____ C:\Users\Gods family\Desktop\Calculator.lnk 2015-08-30 17:37 - 2014-01-26 14:58 - 00002052 _____ C:\Users\Public\Desktop\EPSON XP-400 User's Guide.lnk 2015-08-30 17:37 - 2014-01-26 14:29 - 00000924 _____ C:\Users\Public\Desktop\EPSON Scan.lnk 2015-08-30 17:37 - 2013-12-19 18:54 - 00002217 _____ C:\Users\Gods family\Desktop\HP Support Assistant.lnk 2015-08-30 17:37 - 2013-07-11 16:41 - 00002162 _____ C:\Users\Public\Desktop\education.com website.lnk 2015-08-30 17:37 - 2013-07-11 16:41 - 00002105 _____ C:\Users\Public\Desktop\JumpStart Typing.lnk 2015-08-30 17:37 - 2012-03-11 15:23 - 00001111 _____ C:\Users\Public\Desktop\Nitto 1320 Legends.lnk 2015-08-30 17:37 - 2011-11-18 21:24 - 00001777 _____ C:\Users\Public\Desktop\iTunes.lnk 2015-08-30 17:37 - 2011-08-10 14:11 - 00002159 _____ C:\Users\Public\Desktop\Pencil-Pal Preschool.lnk 2015-08-30 17:37 - 2011-07-21 16:53 - 00001134 _____ C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk 2015-08-30 17:37 - 2011-05-17 14:58 - 00002388 _____ C:\Users\Public\Desktop\WildTangent Games App - hp.lnk 2015-08-30 17:37 - 2009-07-14 00:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 2015-08-30 17:37 - 2009-07-13 23:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2015-08-30 15:44 - 2015-06-07 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2015-08-30 15:44 - 2015-06-07 16:45 - 00000000 ____D C:\Program Files (x86)\McAfee 2015-08-30 15:44 - 2011-11-02 19:35 - 00000000 ____D C:\ProgramData\McAfee 2015-08-29 14:38 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-08-26 18:37 - 2011-11-08 09:07 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-23 14:28 - 2011-10-14 17:19 - 00000000 ____D C:\Program Files (x86)\iTunes 2015-08-23 13:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2015-08-23 10:24 - 2012-05-14 05:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-08-23 10:24 - 2012-05-14 05:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-08-23 10:20 - 2014-12-14 04:27 - 00000000 ____D C:\Windows\system32\appraiser 2015-08-23 10:20 - 2014-05-06 09:45 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-08-23 10:14 - 2015-06-07 18:19 - 00007597 _____ C:\Users\Gods family\AppData\Local\Resmon.ResmonCfg 2015-08-23 10:12 - 2015-04-19 07:20 - 00000626 _____ C:\Users\Gods family\AppData\Roaming\3awInI4mXB1OZnoR 2015-08-23 09:42 - 2012-05-14 05:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-08-22 18:10 - 2013-01-27 20:00 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-08-22 18:10 - 2013-01-27 20:00 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-08-22 18:10 - 2011-07-17 12:23 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-08-22 15:33 - 2007-01-01 20:25 - 00000000 ____D C:\Windows\Panther 2015-08-22 15:29 - 2015-07-10 08:39 - 00000000 ___HD C:\$Windows.~BT 2015-08-22 14:46 - 2015-06-07 16:06 - 00000000 ____D C:\Program Files\Common Files\McAfee 2015-08-22 14:45 - 2015-06-28 17:56 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon 2015-08-21 17:54 - 2015-07-15 20:18 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare) 2015-08-16 13:58 - 2011-07-11 18:03 - 00000000 ____D C:\Users\Gods family ==================== Files in the root of some directories ======= 2015-04-19 07:20 - 2015-08-23 10:12 - 0000626 _____ () C:\Users\Gods family\AppData\Roaming\3awInI4mXB1OZnoR 2011-07-11 22:26 - 2011-07-11 22:26 - 0000236 _____ () C:\Users\Gods family\AppData\Local\LaunchHomeCenter.log 2015-06-07 18:19 - 2015-08-23 10:14 - 0007597 _____ () C:\Users\Gods family\AppData\Local\Resmon.ResmonCfg 2015-04-19 14:01 - 2015-04-19 20:12 - 0011778 _____ () C:\Users\Gods family\AppData\Local\Temp-log.txt 2015-06-05 16:46 - 2015-06-05 16:46 - 0000000 _____ () C:\Users\Gods family\AppData\Local\Temp.dat 2015-02-26 23:05 - 2015-02-26 23:05 - 0001623 _____ () C:\ProgramData\tempimage.bmp Some files in TEMP: ==================== C:\Users\Gods family\AppData\Local\Temp\InstHelper.exe C:\Users\Gods family\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-01 20:08 ==================== End of FRST.txt ============================ Addition.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.