Jump to content

Recommended Posts

          Story time. This morning, I got a warning from Malwarebytes saying there was an outbound request to a domain known as "istatic.eshopcomp.com". And its not just one popup. Its every time I click something. A bookmark, open a tab, anything. So I did the normal stuff, ran a custom scan, selecting every drive on my system, and it found nothing. Did the same thing on Avast, and a few other AV programs, they all found nothing. I also have Malwarebytes Anti-exploit if that matters, all settings checked. I checked the URL and the 2 or 3 IPs Malwarebytes said the domain was located at, in VirusTotal, and there was no known domain by the name.

          The warning only shows up in Chrome, which is my default browser. If I change to Firefox, the warnings no longer show up when I open my bookmarks in there. I did some Googling and deleted the few registry keys associated with the (supposedly) adware, and restarted my system, no effect. I tried deleting all my browser cookies/cache, and when that didn't work, even went to uninstall it completely, and reinstalled from scratch. Still getting the error. I don't have any suspicious browser extensions, and the ones I have are ones I've had for years.  I don't go on any suspicious sites, just Facebook, YouTube, Twitter, and some reputable tech forums.

          As a final resort, I have the thought that maybe no AV was detecting it, was because Malwarebytes was blocking it from fully initiating. So I temporarily disabled protection on Malwarebyes and Avast, to see if the program could execute, and then I could easily take it out later. The warning did stop, but 30 minutes later, I re-enabled protection, and I'm still getting the warning.

          What other steps could I possibly take?

post-190629-0-25655100-1449804800_thumb.

Link to post
Share on other sites

Hello Fluffyvoir and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…



Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

 
Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt and Shortcut.txt are checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make logs named (Addition.txt) and Shortcut.txt Please attach those logs to your reply.



Let me see those logs in your reply...

 

Thank you,

 

Kevin
 

Link to post
Share on other sites

I re-ran the scan you told me you do, but ran a custom scan, telling it to scan every single file in my system. That's what I do anyways though on a weekly schedule, and it found nothing, just like 

 

yesterday.

 

Malwarebytes Scan Results:


Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 12/11/2015

Scan Time: 8:24 PM

Logfile: 

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2015.12.11.06

Rootkit Database: v2015.12.07.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Enabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Robbie

 

Scan Type: Custom Scan

Result: Completed

Objects Scanned: 493123

Time Elapsed: 38 min, 26 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)


AdwCleaner Scan Results:


# AdwCleaner v5.024 - Logfile created 11/12/2015 at 21:06:56

# Updated 07/12/2015 by Xplode

# Database : 2015-12-07.3 [server]

# Operating system : Windows 7 Ultimate Service Pack 1 (x64)

# Username : Robbie - ROBBIE-PC

# Running from : C:\Users\Robbie\Downloads\AdwCleaner.exe

# Option : Cleaning


 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

[-] Folder Deleted : C:\ProgramData\ParetoLogic

 

***** [ Files ] *****

 

 

***** [ DLLs ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

[-] Key Deleted : HKCU\Software\ParetoLogic

 

***** [ Web browsers ] *****

 

[-] [C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ambjmeohlajelahhhniggkkceagdlcgj

 

*************************

 

:: "Tracing" keys removed

:: Winsock settings cleared

 

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [912 bytes] ##########


Junkware Removal Tool Scan Results:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.1 (11.24.2015)

Operating System: Windows 7 Ultimate x64 

Ran by Robbie (Administrator) on Fri 12/11/2015 at 21:17:33.08

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

File System: 0 

 

 

 

 

Registry: 1 

 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 12/11/2015 at 21:32:05.16

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 

The forum won't let me post all the logs in one post, so continued in the next post.

Link to post
Share on other sites

I've been trying for the past hour to copy and past the text into the forum, but it never works. Just uploaded a Notepad file, I hope that's alright, as I don't really have any other way to show you.

 

After all those scans, I'm still getting the warnings from Malwarebytes.

Farbar Removal Tool Scan Results.txt

Link to post
Share on other sites

UPDATE: Windows Firewall turned itself off, I don't have permission to turn it back on, and I get an "access denied" message whenever I try to uninstall a program. My webcam no longer works as well, and Avast is telling me that my router is open to the public, even though I have a password on it with WPA2 encryption, have it listed as a private network, and everything.

Link to post
Share on other sites

Windows Firewall should be OFF, you are running Avast Firewall

 

Reset you Router and attribute new password... basic instructions here: http://compnetworking.about.com/od/routers/a/reset-a-home-network-router.htm

 

Webcam: Uninstall/Reinstall software, if no software and using windows driver, uninstall driver in device manager then re-boot. Windows will attribute fresh driver...

 

Next,

 

As the block ip issue is related to Chrome make a clean install of Chrome:

 

If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Remove all synced data from Chrome go here: http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/ follow those instructions...

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Install Google Chrome from here: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html

Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb
 

Next,

 

ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.


To perform the scan:

  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Under “Enable Stealth Technology select “Change” select any extra drives in that window.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.



Please include this logfile in your next reply.

Don't forget to re-enable protection software!
 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...
 

Post those logs, also let e know if any remaining issues or concerns...

 

Thank you,

 

Kevin

Link to post
Share on other sites

I forgot to include some information that may or may not be helpful. I'm using Windows 7 Ultimate 64-bit, all updates installed, all software up-to-date, including all browsers and all plugins of each browser.

 

ESET Online Scanner Scan Results:


ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=9751c38a2d698048ae98b000b9f46563

# end=init

# utc_time=2015-12-12 09:53:53

# local_time=2015-12-12 04:53:53 (-0500, Eastern Standard Time)

# country="United States"

# osver=6.1.7601 NT Service Pack 1

Update Init

Update Download

Update Finalize

Updated modules version: 27170

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=9751c38a2d698048ae98b000b9f46563

# end=updated

# utc_time=2015-12-12 09:57:09

# local_time=2015-12-12 04:57:09 (-0500, Eastern Standard Time)

# country="United States"

# osver=6.1.7601 NT Service Pack 1

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7777

# api_version=3.1.1

# EOSSerial=9751c38a2d698048ae98b000b9f46563

# engine=27170

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2015-12-12 10:29:44

# local_time=2015-12-12 05:29:44 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1=''

# compatibility_mode=5893 16776573 100 94 0 201502834 0 0

# scanned=182245

# found=0

# cleaned=0

# scan_time=1954


Security Check Scan Results:


 Results of screen317's Security Check version 1.009  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled!

 avast! Antivirus

 Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

 Java version 32-bit out of Date!

 Adobe Flash Player 20.0.0.235

 Google Chrome (47.0.2526.80)

````````Process Check: objlist.exe by Laurent````````

 Malwarebytes Anti-Malware mbamservice.exe

 Malwarebytes Anti-Malware mbam.exe

 Malwarebytes Anti-Exploit mbae-svc.exe

 Malwarebytes Anti-Malware mbamscheduler.exe

 Malwarebytes Anti-Exploit mbae64.exe

 Malwarebytes Anti-Exploit mbae.exe

 Avast AvastSvc.exe

 Avast afwServ.exe

 Avast AvastUI.exe

 Avast ng vbox AvastVBoxSVC.exe

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C: 7%

````````````````````End of Log``````````````````````


 

Security Check Scan says Java 32-bit is out of data, but I only have 64-bit Java installed. Last night, I woke my computer up from sleep, and my USB keyboard didn't work, so I couldn't log in. I had Windows boot to the last known good configuration, and now my keyboard works. I already reset Chrome and Firefox already (even though the issue doesn't happen in Firefox), including uninstalling and reinstalling. Still getting the warning from Malwarebytes, however, just as often as before. I don't have a System Restore point available at a point before the issue occurred.

Link to post
Share on other sites

Not sure where we`re at now since "Last known good configuration" was used. Also do not understand why the keyboard did not work, we make no changes to effect keyboard???

 

Can you post the last Protection log from Malwarebytes...

 

To get the Protection log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the Protection log which shows the Date of the most recent log
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

 

Next,

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under  "Optional scan" Select scan, when done post the new logs....

 

Thank you,

 

Kevin..


 

Link to post
Share on other sites

The last known good configuration booted me to a very recent time, to a point that was just after I ran those scans. Just to be sure, I re-ran all previous scans and got the exact same results. I Ctrl + F'ed the documents and they were a 100% match, minus the time/date of scan. The keyboard not working had nothing to do with anything you had me do, its just the longer I have this virus, the more things it destroys. I had something similar under a different name last year before I had Malwarebytes and Avast. The longer I had it, the more things it broke, until my computer was so un-usable I had to format and start over. I'm really hoping that doesn't happen again.

 

Not sure if you do this, but if you can't figure it out, I am 100% okay with doing a remote session with you. I totally understand if that's something you don't do. I appreciate the help nonetheless.

Link to post
Share on other sites

Run the following please:

 

1.Download Malwarebytes Anti-Rootkit from this link:

 http://www.malwarebytes.org/products/mbar/

2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe

Image1.png

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

mbarwm.png

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

Image2.png

7. The following image opens, select Update

Image3.png

8. When the update completes select Next.

Image4.png

9. In the following window ensure "Targets" are ticked. Then select "Scan"

Image5.png

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

MBAntiRKcleanA.png

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.
12. If no threats were found you will see the following image, Select Exit:

Image6.png

13. Verify that your system is now running normally, making sure that the following items are functional:
 

  •      
  • Internet access
         
  • Windows Update
         
  • Windows Firewall


14.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

15. Select "Y" from your Keyboard, tap Enter.

16. The fix will be applied, select any key to Exit.

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log   Date and time of scan will also be shown
 

 

Next,

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!

 

Post those logs....

 

Thank you,

 

Kevin...
 

Link to post
Share on other sites

Malwarebytes Anti-Rootkit Scan Results:
          system-log.txt

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18124
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.500000 GHz
Memory total: 17057959936, free: 12946644992
 
Downloaded database version: v2015.12.13.03
Downloaded database version: v2015.12.07.01
Downloaded database version: v2015.12.06.02
=======================================
Initializing...
------------ Kernel report ------------
     12/13/2015 11:14:44
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\aswNdisFlt.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\ngvss.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\system32\drivers\aswSnx.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\aswKbd.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\SbFw.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1d62x64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ISCTD64.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\xspltspk.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\SBFWIM.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LEqdUsb.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\sbapifs.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\RMCAST.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\Avast\ng\vbox\VBoxAswDrv.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\??\C:\Windows\system32\drivers\mwac.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\semav6msr64.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2015.12.13.03
  rootkit: v2015.12.07.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800d825060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d825b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d825060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800d1f3680, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D74C706B
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 499908608
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 256060514304 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800d826060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d826b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d826060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800d202060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 297323729
    GPT Header CurrentLba = 1 BackupLba 5860533167
    GPT Header FirstUsableLba 34  LastUsableLba 5860533134
    GPT Header Guid feabd3b2-a982-4643-8bd6-624d838a35b7
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 297323729
    Backup GPT header CurrentLba = 5860533167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 5860533134
    Backup GPT header Guid feabd3b2-a982-4643-8bd6-624d838a35b7
    Backup GPT header Contains 128 partition entries starting at LBA 5860533135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID d54f1fc7-4292-41b4-b0e-83ded92b1da0
    FirstLBA 2048  Last LBA 5860532223
    Attributes 0
    Partition Name                 Basic data partition
 
Disk Size: 3000592982016 bytes
Sector size: 512 bytes
 
Done!
File "C:\ProgramData\AVAST Software\Avast\log\AvastSvc.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\AvastUI.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\Cleanup.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\CommChannel.Protocol.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\event_manager.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\SpamEngine.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\StreamFilter.log" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-1E671C2F1CDEA8DE1687EED5EA8D02A165F6B2B7.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-1E671C2F1CDEA8DE1687EED5EA8D02A165F6B2B7.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-1E671C2F1CDEA8DE1687EED5EA8D02A165F6B2B7.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-1E671C2F1CDEA8DE1687EED5EA8D02A165F6B2B7.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-1E671C2F1CDEA8DE1687EED5EA8D02A165F6B2B7.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-1E671C2F1CDEA8DE1687EED5EA8D02A165F6B2B7.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-1E671C2F1CDEA8DE1687EED5EA8D02A165F6B2B7.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-1E671C2F1CDEA8DE1687EED5EA8D02A165F6B2B7.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-1E671C2F1CDEA8DE1687EED5EA8D02A165F6B2B7.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-1E671C2F1CDEA8DE1687EED5EA8D02A165F6B2B7.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-1E671C2F1CDEA8DE1687EED5EA8D02A165F6B2B7.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-1E671C2F1CDEA8DE1687EED5EA8D02A165F6B2B7.bin.83" is compressed (flags = 1)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

          Mbar-log.txt

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2015.12.13.03
  rootkit: v2015.12.07.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18124
Robbie :: ROBBIE-PC [administrator]
 
12/13/2015 11:14:49 AM
mbar-log-2015-12-13 (11-14-49).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 381254
Time elapsed: 6 minute(s), 45 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)

Farbar Recovery Scan Tool Scan Results:
          FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01
Ran by Robbie (administrator) on ROBBIE-PC (13-12-2015 11:27:30)
Running from C:\Users\Robbie\Downloads
Loaded Profiles: Robbie (Available Profiles: Robbie & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\Avast\afwServ.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Oracle Corporation) C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\java.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-12] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Avast\AvastUI.exe [7021880 2015-12-05] (AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2227631131-1546878665-2220001412-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-2227631131-1546878665-2220001412-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50755200 2015-12-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2227631131-1546878665-2220001412-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-10-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast\ashShA64.dll [2015-12-05] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\Users\Robbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-12-05]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{8B65E7B4-7DD1-4CE2-BA22-CC7B031FDF01}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{8B65E7B4-7DD1-4CE2-BA22-CC7B031FDF01}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2227631131-1546878665-2220001412-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2227631131-1546878665-2220001412-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
SearchScopes: HKU\S-1-5-21-2227631131-1546878665-2220001412-1000 -> DefaultScope {44CACC79-D6C7-4B8C-BD8D-C65048BAF25A} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2227631131-1546878665-2220001412-1000 -> {44CACC79-D6C7-4B8C-BD8D-C65048BAF25A} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Avast\aswWebRepIE64.dll [2015-11-10] (AVAST Software)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Avast\aswWebRepIE.dll [2015-11-10] (AVAST Software)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-10-21] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\rxxryg7e.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.google.com/
FF NetworkProxy: "no_proxies_on", "localhost,10.*,127.*,192.168.*,proxylists.me,*.proxylists.me"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-10] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-10] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-10-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2227631131-1546878665-2220001412-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Robbie\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-12-11] (Citrix Online)
FF Extension: Google Privacy - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\rxxryg7e.default\extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2015-10-21]
FF Extension: Disable Anti-Adblock - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\rxxryg7e.default\extensions\{d49a148e-817e-4025-bee3-5d541376de3b}.xpi [2015-10-21]
FF Extension: Show my Password - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\rxxryg7e.default\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}.xpi [2015-10-21]
FF Extension: Tweak Network - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\rxxryg7e.default\extensions\{DAD0F81A-CF67-4eed-98D6-26F6E47274CA} [2015-10-21]
FF Extension: Proxy List - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\rxxryg7e.default\extensions\proxylist@proxylists.me.xpi [2015-10-21]
FF Extension: Omnibar - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\rxxryg7e.default\extensions\omnibar@ajitk.com.xpi [2015-10-21]
FF Extension: IPFlood - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\rxxryg7e.default\extensions\ipcensored@p4ul.info.xpi [2015-10-21]
FF Extension: Calomel SSL Validation - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\rxxryg7e.default\extensions\calomelsslvalidation@calomel.org.xpi [2015-10-21]
FF Extension: RightToClick - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\rxxryg7e.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2015-11-29]
FF Extension: No Name - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\rxxryg7e.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-11-25] [not signed]
FF Extension: No Name - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\rxxryg7e.default\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2015-10-31] [not signed]
FF Extension: No Name - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\rxxryg7e.default\Extensions\{0fa2149e-bb2c-4ac2-a8d3-479599819475}.xpi [2015-10-21] [not signed]
FF Extension: FT DeepDark - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\rxxryg7e.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-12-05]
FF Extension: Adblock Plus - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\rxxryg7e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-25]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Avast\WebRep\FF [2015-12-12]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-10-21] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\Avast\SafePrice\FF [2015-12-12]
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-12-10]
CHR Extension: (Google Drive) - C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-10]
CHR Extension: (IPcensored) - C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgmbpodpcgmnpfjmigcckcjfldcicnd [2015-12-10]
CHR Extension: (YouTube) - C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-10]
CHR Extension: (Adblock Plus) - C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-12-10]
CHR Extension: (Google Search) - C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-10]
CHR Extension: (Dropbox for Gmail) - C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-12-10]
CHR Extension: (Morpheon Dark - Aero) - C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpnbbonpgadmkipdlclghcekaklebdpi [2015-12-11]
CHR Extension: (Ponyhoof) - C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjjgphedlaihnlgaibiaihhmhaejjdd [2015-12-10]
CHR Extension: (Word Online) - C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2015-12-10]
CHR Extension: (Hide My AdBlocker) - C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihcngphjjankfngmgdkihhngndcdflc [2015-12-10]
CHR Extension: (Avast Online Security) - C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-12-10]
CHR Extension: (CheckBoxer) - C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcmphdngimjobnagjpaeckfeokalnce [2015-12-10]
CHR Extension: (Chrometana - Redirect Bing Somewhere Better) - C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaicbfmipfpfpjmlbpejaoaflfdnabnc [2015-12-10]
CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb [2015-12-10]
CHR Extension: (Secure Bookmarks) - C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocjgngiajhfiikjolfhcpiokgbinep [2015-12-10]
CHR Extension: (Google Mail Checker) - C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-12-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-10]
CHR Extension: (Proxy List - Free Proxies for everyone) - C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\omihnninlhneakfglooiofgdbpmnhjgn [2015-12-10]
CHR Extension: (Gmail) - C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-10]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-11-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-10]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\Avast\AvastSvc.exe [226440 2015-12-05] (AVAST Software)
R2 avast! Firewall; C:\Program Files\Avast\afwServ.exe [109520 2015-12-12] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\Avast\ng\vbox\AvastVBoxSVC.exe [5561368 2015-12-12] (Avast Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-21] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-21] (Dropbox, Inc.)
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2015-09-14] ()
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-11-05] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-12] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-12] (NVIDIA Corporation)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [112792 2015-09-14] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2015-09-14] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-05] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-12-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-05] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2015-12-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [450504 2015-12-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-05] (AVAST Software)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [502256 2015-08-13] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-10] ()
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-11-18] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-13] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [147088 2015-12-12] (AVAST Software)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R2 VBoxAswDrv; C:\Program Files\Avast\ng\vbox\VBoxAswDrv.sys [310904 2015-12-12] (Avast Software)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2015-05-25] (SplitmediaLabs Limited)
S0 is3srv; SySWOW64\drivers\is3srv64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S0 szkg5; SySWOW64\drivers\szkg64.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-13 11:27 - 2015-12-13 11:27 - 00029231 _____ C:\Users\Robbie\Downloads\FRST.txt
2015-12-13 11:26 - 2015-12-13 11:26 - 02369536 _____ (Farbar) C:\Users\Robbie\Downloads\FRST64.exe
2015-12-13 11:18 - 2015-12-13 11:26 - 00016684 _____ C:\Users\Robbie\Desktop\Malwarebytes Forum Response.txt
2015-12-13 11:14 - 2015-12-13 11:21 - 00000000 ____D C:\Users\Robbie\Desktop\mbar
2015-12-13 11:14 - 2015-12-13 11:14 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Robbie\Downloads\mbar-1.09.3.1001.exe
2015-12-13 11:09 - 2015-12-13 11:09 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-12-13 03:42 - 2015-12-13 03:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\GWX
2015-12-13 03:41 - 2015-12-13 03:41 - 00001376 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-13 03:41 - 2015-12-13 03:41 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2015-12-13 03:41 - 2015-12-13 03:41 - 00000000 _SHDL C:\Users\Administrator\My Documents
2015-12-13 03:41 - 2015-12-13 03:41 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2015-12-13 03:41 - 2015-12-13 03:41 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2015-12-13 03:41 - 2015-12-13 03:41 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2015-12-13 03:41 - 2015-12-13 03:41 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2015-12-13 03:41 - 2015-12-13 03:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
2015-12-13 03:41 - 2015-12-13 03:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2015-12-13 03:41 - 2015-12-13 03:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2015-12-13 03:41 - 2015-12-13 03:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2015-12-13 03:41 - 2015-12-13 03:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2015-12-13 03:41 - 2015-12-13 03:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\Dropbox
2015-12-13 03:41 - 2015-12-13 03:41 - 00000000 ____D C:\Users\Administrator
2015-12-13 03:41 - 2015-10-21 19:26 - 00002104 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-12-13 03:41 - 2009-07-14 02:45 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2015-12-12 23:47 - 2015-12-12 23:47 - 00000000 ___HD C:\OneDriveTemp
2015-12-12 03:33 - 2015-12-13 11:24 - 00007440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-12 03:33 - 2015-12-13 11:24 - 00007440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-12 02:45 - 2015-12-12 14:51 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-12-12 02:45 - 2015-12-12 14:51 - 00000000 ____D C:\Windows\system32\vbox
2015-12-12 02:44 - 2015-12-12 02:44 - 00147088 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-12-12 02:44 - 2015-12-05 13:21 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-12 02:35 - 2015-12-12 02:52 - 00001945 _____ C:\Windows\epplauncher.mif
2015-12-12 02:18 - 2015-12-12 02:18 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-12-12 02:16 - 2015-12-12 02:45 - 00003026 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1449904576
2015-12-12 02:16 - 2015-12-12 02:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-12-12 02:15 - 2015-12-12 02:15 - 00466400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-12-12 02:15 - 2015-12-12 02:15 - 00028144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2015-12-12 02:15 - 2015-12-12 02:15 - 00000000 ____D C:\Program Files\AVAST Software
2015-12-12 01:26 - 2015-12-13 11:21 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-12 01:05 - 2015-12-12 01:05 - 00000020 _____ C:\Windows\Œöá
2015-12-12 00:58 - 2010-12-13 13:37 - 00772976 _____ (Microsoft Corporation) C:\Windows\system32\LcProxy2.ax
2015-12-12 00:58 - 2010-12-13 13:37 - 00707952 _____ (Microsoft Corporation) C:\Windows\system32\LCCoin36.dll
2015-12-12 00:58 - 2010-12-13 13:37 - 00514416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LcProxy2.ax
2015-12-12 00:58 - 2010-12-13 13:37 - 00078704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nx6000res.dll
2015-12-12 00:58 - 2010-12-13 13:37 - 00078704 _____ (Microsoft Corporation) C:\Windows\system32\nx6000res.dll
2015-12-12 00:53 - 2015-12-12 00:54 - 00000000 ___HD C:\$Windows.~BT
2015-12-12 00:11 - 2015-12-12 00:11 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-12-11 23:31 - 2015-12-11 23:31 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-11 23:28 - 2015-12-11 23:29 - 00000000 ____D C:\Windows\system32\config\RRBackups
2015-12-11 21:40 - 2015-12-13 11:27 - 00000000 ____D C:\FRST
2015-12-11 21:23 - 2015-12-11 21:23 - 00000000 ____D C:\Users\Robbie\AppData\Local\TempTaskUpdateDetectionAE44C1FE-49C8-4F03-A2D8-C18B8B0B6FDA
2015-12-11 02:42 - 2015-12-11 02:42 - 00000000 ____D C:\Program Files (x86)\Citrix
2015-12-11 02:41 - 2015-12-11 19:38 - 00000000 ____D C:\Users\Robbie\AppData\Local\Citrix
2015-12-10 21:41 - 2015-12-13 11:09 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-10 21:41 - 2015-12-13 03:46 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-10 21:41 - 2015-12-10 21:44 - 00002307 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-10 21:41 - 2015-12-10 21:41 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-10 21:41 - 2015-12-10 21:41 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-10 21:41 - 2015-12-10 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-10 20:49 - 2015-12-12 01:04 - 00000000 ____D C:\Users\Robbie\AppData\Roaming\Amazon Cloud Drive
2015-12-10 20:25 - 2015-12-10 20:25 - 00001116 _____ C:\Users\Public\Desktop\herdProtect.lnk
2015-12-10 20:25 - 2015-12-10 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect
2015-12-10 20:25 - 2015-12-10 20:25 - 00000000 ____D C:\Program Files\Reason
2015-12-10 20:14 - 2015-12-10 20:15 - 00000000 ____D C:\Users\Robbie\AppData\Local\AvgSetupLog
2015-12-10 20:14 - 2015-12-10 20:14 - 00000000 ____D C:\Users\Robbie\AppData\Local\Avg
2015-12-10 19:48 - 2015-12-10 19:48 - 00000000 ____D C:\ProgramData\GFI Software
2015-12-10 19:32 - 2015-12-10 19:32 - 00000016 _____ C:\Windows\system32\config\software.szfi
2015-12-10 19:32 - 2015-12-10 19:32 - 00000016 _____ C:\Windows\system32\config\components.szfi
2015-12-10 19:20 - 2015-12-10 19:37 - 00023680 _____ C:\Windows\system32\Drivers\kgpcpy.cfg
2015-12-10 19:18 - 2015-12-10 19:18 - 00000000 ____D C:\ProgramData\VIPRE
2015-12-10 19:16 - 2012-09-20 05:11 - 00258848 _____ (GFI Software) C:\Windows\system32\Drivers\SbFw.sys
2015-12-10 19:16 - 2012-09-20 05:11 - 00061216 _____ (GFI Software) C:\Windows\system32\Drivers\sbhips.sys
2015-12-10 19:16 - 2012-09-12 20:19 - 00120064 _____ (GFI Software) C:\Windows\system32\Drivers\SbFwIm.sys
2015-12-10 19:05 - 2015-12-10 19:05 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-12-10 15:08 - 2015-12-12 00:05 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2015-12-10 14:48 - 2015-12-10 14:48 - 00000000 _____ C:\autoexec.bat
2015-12-10 14:47 - 2015-12-10 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-12-09 20:36 - 2015-12-09 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-08 15:43 - 2015-11-11 16:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-08 15:43 - 2015-11-11 15:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-08 15:43 - 2015-11-11 13:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 15:43 - 2015-11-11 13:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 15:43 - 2015-11-11 13:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 15:43 - 2015-11-11 13:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 15:43 - 2015-11-11 11:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 15:43 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 15:43 - 2015-11-11 10:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-08 15:43 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 15:43 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 15:43 - 2015-11-11 10:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 15:43 - 2015-11-11 09:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-08 15:43 - 2015-11-10 13:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-08 15:43 - 2015-11-10 13:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-08 15:43 - 2015-11-10 13:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 15:43 - 2015-11-10 13:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-08 15:43 - 2015-11-10 13:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 15:43 - 2015-11-10 12:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 15:43 - 2015-11-09 19:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-08 15:43 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 15:43 - 2015-11-09 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-08 15:43 - 2015-11-09 19:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-08 15:43 - 2015-11-09 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-08 15:43 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-08 15:43 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 15:43 - 2015-11-09 19:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-08 15:43 - 2015-11-09 19:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-08 15:43 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 15:43 - 2015-11-09 19:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-08 15:43 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 15:43 - 2015-11-09 19:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-08 15:43 - 2015-11-09 18:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-08 15:43 - 2015-11-09 18:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-08 15:43 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 15:43 - 2015-11-09 18:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-08 15:43 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-08 15:43 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 15:43 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 15:43 - 2015-11-09 18:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-08 15:43 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 15:43 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 15:43 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-08 15:43 - 2015-11-08 17:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-08 15:43 - 2015-11-08 17:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-08 15:43 - 2015-11-08 17:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-08 15:43 - 2015-11-08 17:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 15:43 - 2015-11-08 17:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 15:43 - 2015-11-08 17:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-08 15:43 - 2015-11-08 17:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-08 15:43 - 2015-11-08 17:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-08 15:43 - 2015-11-08 17:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-08 15:43 - 2015-11-08 17:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-08 15:43 - 2015-11-08 17:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 15:43 - 2015-11-08 17:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 15:43 - 2015-11-08 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 15:43 - 2015-11-08 17:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-08 15:43 - 2015-11-08 17:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-08 15:43 - 2015-11-08 17:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-08 15:43 - 2015-11-08 16:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-08 15:43 - 2015-11-08 16:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-08 15:43 - 2015-11-08 16:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-08 15:43 - 2015-11-08 16:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-08 15:43 - 2015-11-08 16:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 15:43 - 2015-11-08 16:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-08 15:43 - 2015-11-08 16:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-08 15:43 - 2015-11-08 16:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 15:43 - 2015-11-08 16:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-08 15:43 - 2015-11-08 16:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 15:43 - 2015-11-08 16:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-08 15:43 - 2015-11-08 16:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 15:43 - 2015-11-08 15:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 15:43 - 2015-11-08 15:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 15:43 - 2015-11-08 15:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-08 15:43 - 2015-11-05 14:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-08 15:43 - 2015-11-05 14:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-08 15:43 - 2015-11-05 14:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-08 15:43 - 2015-11-05 14:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-08 15:43 - 2015-11-05 04:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 15:43 - 2015-11-03 14:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-08 15:43 - 2015-11-03 14:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-08 15:43 - 2015-11-03 13:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-08 15:43 - 2015-11-03 13:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-08 15:41 - 2015-12-08 15:41 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-08 15:41 - 2015-12-08 15:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-05 13:21 - 2015-12-05 13:21 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-04 02:48 - 2015-11-20 13:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-04 02:48 - 2015-11-20 13:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-04 02:48 - 2015-11-20 13:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-04 02:48 - 2015-11-20 13:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-04 02:48 - 2015-11-20 13:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-04 02:48 - 2015-11-20 13:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-04 02:48 - 2015-11-20 13:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-04 02:48 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-04 02:48 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-04 02:48 - 2015-11-20 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-04 02:48 - 2015-11-20 13:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-04 02:48 - 2015-11-20 13:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-04 02:48 - 2015-11-20 13:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-04 02:48 - 2015-11-20 13:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-04 02:48 - 2015-11-20 13:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-04 02:48 - 2015-11-20 13:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-03 14:22 - 2015-12-03 14:22 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-03 14:22 - 2015-12-03 14:22 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-02 00:11 - 2015-11-24 13:29 - 00102704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-12-02 00:10 - 2015-11-24 18:10 - 42913912 _____ C:\Windows\system32\nvcompiler.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 22310008 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 18363696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 16553568 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 15122296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 14835872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 13527248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 12034248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 11131184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-12-02 00:10 - 2015-11-24 18:10 - 02870392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 02490488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435906.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435906.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 00877360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 00689272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 00501056 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 00422056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 00413816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 00369272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-12-02 00:10 - 2015-11-24 18:10 - 00177600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-12-02 00:10 - 2015-11-24 18:10 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-11-25 00:32 - 2015-11-25 00:38 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-11-25 00:32 - 2015-11-25 00:32 - 00000939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-24 23:59 - 2015-11-12 13:37 - 00112712 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2015-11-24 21:31 - 2015-11-24 21:30 - 00257584 _____ C:\Users\Robbie\Documents\ADA Paperwork Fall 2015.jpeg
2015-11-22 05:16 - 2015-11-22 05:16 - 00000000 ____D C:\Users\Robbie\AppData\Local\IsolatedStorage
2015-11-22 05:16 - 2015-11-22 05:16 - 00000000 ____D C:\Users\Robbie\AppData\Local\Futuremark
2015-11-22 05:15 - 2015-11-22 05:15 - 00000000 ____D C:\Program Files (x86)\Futuremark
2015-11-22 05:14 - 2015-11-22 05:16 - 00000000 ____D C:\Users\Robbie\Documents\PCMark 8
2015-11-22 05:14 - 2015-11-22 05:14 - 00000000 ____D C:\Users\Robbie\Documents\3DMark
2015-11-22 05:13 - 2015-11-22 05:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2015-11-22 05:13 - 2015-11-22 05:13 - 00000000 ____D C:\Program Files\Futuremark
2015-11-22 05:13 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-11-22 05:13 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-11-22 05:13 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-11-22 05:13 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-11-22 05:13 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-11-22 05:13 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-11-22 05:13 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-11-22 05:13 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-11-22 05:13 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-11-22 05:13 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-11-21 05:05 - 2015-11-21 05:11 - 00000000 ____D C:\Users\Robbie\Valley
2015-11-21 05:03 - 2015-11-21 05:04 - 01065984 _____ C:\Users\Robbie\AppData\Local\file__0.localstorage
2015-11-21 05:03 - 2015-11-21 05:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
2015-11-21 05:02 - 2015-11-21 05:02 - 00000000 ____D C:\Program Files (x86)\Unigine
2015-11-21 04:48 - 2015-11-21 04:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-11-21 04:48 - 2015-11-21 04:48 - 00000000 ____D C:\Program Files\CPUID
2015-11-21 04:19 - 2015-11-21 04:20 - 00000000 ____D C:\Windows\system32\temp
2015-11-21 04:19 - 2015-11-21 04:20 - 00000000 ____D C:\ProgramData\PassMark
2015-11-21 04:19 - 2015-11-21 04:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnInTest
2015-11-21 04:19 - 2015-11-21 04:20 - 00000000 ____D C:\Program Files\BurnInTest
2015-11-21 04:19 - 2015-11-21 04:19 - 00000000 ____D C:\Users\Robbie\Documents\PassMark
2015-11-21 03:40 - 2015-11-21 03:40 - 00000000 ____D C:\Users\Robbie\Documents\OneNote Notebooks
2015-11-21 02:52 - 2015-11-21 02:52 - 00000000 ____D C:\Windows\System32\Tasks\Leader Technologies
2015-11-21 02:52 - 2015-11-21 02:52 - 00000000 ____D C:\Users\Robbie\AppData\Roaming\Leadertech
2015-11-20 17:39 - 2015-11-20 17:39 - 00000000 ____D C:\Users\Robbie\AppData\Local\Microsoft Help
2015-11-20 17:38 - 2015-11-20 17:38 - 00000000 ____D C:\Users\Robbie\Documents\Custom Office Templates
2015-11-20 00:43 - 2015-12-12 02:16 - 00001000 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2015-11-20 00:43 - 2015-12-05 13:26 - 00003034 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1447998234
2015-11-19 22:08 - 2015-12-02 00:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-11-19 22:07 - 2015-11-15 22:35 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435900.dll
2015-11-19 22:07 - 2015-11-15 22:35 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435900.dll
2015-11-19 03:49 - 2015-11-19 03:49 - 00000000 ____D C:\Users\Robbie\AppData\Local\SplitMediaLabs
2015-11-19 03:45 - 2015-11-19 03:45 - 80873968 _____ (SplitmediaLabs) C:\Users\Robbie\Downloads\XSplit_Broadcaster_2.6.1510.2621.exe
2015-11-19 03:43 - 2015-11-19 03:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
2015-11-19 03:43 - 2015-11-19 03:49 - 00000000 ____D C:\Program Files (x86)\SplitmediaLabs
2015-11-19 03:43 - 2015-11-19 03:43 - 00000000 ____D C:\ProgramData\SplitMediaLabs
2015-11-19 03:42 - 2015-11-19 03:48 - 00000000 ____D C:\Users\Robbie\AppData\Roaming\SplitmediaLabs
2015-11-19 03:39 - 2015-11-19 03:39 - 57513960 _____ (SplitmediaLabs) C:\Users\Robbie\Downloads\XSplit_Gamecaster_2.6.1510.0741.exe
2015-11-18 17:56 - 2015-12-12 01:03 - 00000000 ____D C:\Users\Robbie\AppData\Local\Amazon
2015-11-18 17:56 - 2015-11-18 17:56 - 00000000 ____D C:\Users\Robbie\AppData\Local\Amazon.com Inc
2015-11-17 23:01 - 2015-11-17 23:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2015-11-17 23:01 - 2015-11-17 23:01 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2015-11-17 21:26 - 2015-10-08 18:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-11-17 21:26 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-11-17 21:26 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-11-17 21:26 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-11-17 21:26 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-11-17 21:26 - 2015-10-08 18:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-11-17 21:26 - 2015-10-08 18:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-11-17 21:26 - 2015-10-08 18:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2015-11-17 21:26 - 2015-10-08 14:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2015-11-17 21:26 - 2015-10-08 13:52 - 00419928 _____ C:\Windows\system32\locale.nls
2015-11-13 23:11 - 2015-11-13 23:11 - 00002505 _____ C:\Users\Public\Desktop\TV Controller.lnk
2015-11-13 23:11 - 2015-11-13 23:11 - 00000000 ____D C:\Users\Robbie\AppData\Local\SmartView2
2015-11-13 23:11 - 2015-11-13 23:11 - 00000000 ____D C:\Program Files (x86)\SmartView2
2015-11-13 22:26 - 2015-11-13 22:26 - 00000000 __RHD C:\MSOCache
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-13 11:21 - 2015-10-21 21:12 - 00000000 ____D C:\Users\Robbie\AppData\Roaming\Skype
2015-12-13 11:15 - 2015-10-21 19:10 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-12-13 11:15 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-13 11:15 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-12-13 11:10 - 2015-10-21 19:26 - 00000000 ___RD C:\Users\Robbie\OneDrive
2015-12-13 11:09 - 2015-11-10 16:44 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-13 11:09 - 2015-10-21 19:11 - 00000000 ___RD C:\Users\Robbie\Dropbox
2015-12-13 11:09 - 2015-10-21 19:10 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-12-13 11:09 - 2015-10-21 19:10 - 00000000 ____D C:\Users\Robbie\AppData\Local\Dropbox
2015-12-13 11:09 - 2015-10-21 18:30 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-13 11:09 - 2015-10-21 16:40 - 00000000 __SHD C:\Users\Robbie\IntelGraphicsProfiles
2015-12-13 11:09 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-13 03:48 - 2015-10-21 21:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-13 03:41 - 2009-07-13 23:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-13 01:42 - 2015-10-21 20:25 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-12-12 22:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-12 22:01 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-12-12 16:41 - 2015-10-21 19:32 - 00000000 ____D C:\Users\Robbie\AppData\Roaming\.minecraft
2015-12-12 03:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-12 02:46 - 2015-10-21 18:07 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-12 02:44 - 2015-10-21 17:12 - 00003894 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-12 02:44 - 2015-10-21 16:42 - 00000000 ____D C:\Program Files\Avast
2015-12-12 02:29 - 2015-10-21 18:59 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-12-12 02:15 - 2015-10-21 17:03 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-12 00:54 - 2015-10-21 20:24 - 00000000 ____D C:\Windows\Panther
2015-12-11 23:34 - 2015-10-22 18:06 - 00000000 ____D C:\Users\Robbie\AppData\Local\ElevatedDiagnostics
2015-12-11 23:31 - 2015-10-21 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-11 23:31 - 2015-10-21 18:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-11 23:31 - 2015-10-21 16:32 - 00000000 ____D C:\Users\Robbie
2015-12-11 20:58 - 2015-10-21 16:40 - 00032256 ___SH C:\Users\Robbie\Documents\Thumbs.db
2015-12-11 19:38 - 2015-10-22 00:02 - 00000000 ____D C:\Windows\system32\appmgmt
2015-12-10 21:48 - 2015-10-21 21:30 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-10 21:48 - 2015-10-21 21:30 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-10 21:48 - 2015-10-21 21:30 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-10 21:42 - 2015-10-21 18:11 - 00000000 ____D C:\Users\Robbie\AppData\Local\Google
2015-12-10 21:41 - 2015-10-21 18:11 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-10 19:49 - 2015-10-21 19:26 - 00002168 _____ C:\Users\Robbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-12-10 18:30 - 2015-10-21 21:12 - 00000000 ____D C:\ProgramData\Skype
2015-12-10 18:23 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-10 14:47 - 2015-10-21 16:44 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-12-09 20:36 - 2015-10-21 19:10 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-12-08 22:39 - 2015-10-21 17:11 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-08 15:56 - 2015-11-03 15:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-08 15:56 - 2015-11-03 15:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-08 15:56 - 2009-07-13 23:45 - 00323616 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-08 15:55 - 2015-11-03 15:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-08 15:53 - 2015-10-21 17:38 - 00000000 ____D C:\Windows\system32\MRT
2015-12-08 15:51 - 2015-10-21 17:38 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-08 15:41 - 2015-10-21 21:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-08 15:41 - 2015-10-21 21:12 - 00000000 ____D C:\Users\Robbie\AppData\Local\Skype
2015-12-07 20:46 - 2015-11-03 00:53 - 00000000 ____D C:\Users\Robbie\AppData\Local\Windows Live
2015-12-05 17:06 - 2015-10-21 16:32 - 00000000 ____D C:\Users\Robbie\AppData\Local\VirtualStore
2015-12-05 13:21 - 2015-10-21 17:12 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-12-05 13:21 - 2015-10-21 17:12 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-12-05 13:21 - 2015-10-21 17:12 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-12-05 13:21 - 2015-10-21 17:12 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-12-05 13:21 - 2015-10-21 17:12 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-12-05 13:21 - 2015-10-21 17:12 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-12-05 13:21 - 2015-10-21 17:12 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-12-05 13:21 - 2015-10-21 17:12 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-12-02 00:11 - 2015-10-21 17:12 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-12-02 00:11 - 2015-10-21 17:11 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-28 20:12 - 2015-10-31 00:58 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-26 21:05 - 2015-10-21 18:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-25 00:34 - 2015-10-21 18:19 - 00001112 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-11-25 00:02 - 2015-10-21 17:19 - 00000000 ____D C:\Users\Robbie\AppData\Local\NVIDIA
2015-11-24 23:59 - 2015-10-21 17:46 - 00000000 ____D C:\Users\Robbie\AppData\Local\NVIDIA Corporation
2015-11-24 21:31 - 2015-11-12 20:05 - 00000000 ___RD C:\Users\Robbie\Documents\Scanned Documents
2015-11-24 18:10 - 2015-11-10 16:44 - 17516040 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-11-24 18:10 - 2015-11-10 16:44 - 15717672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-11-24 18:10 - 2015-11-10 16:44 - 12770752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-11-24 18:10 - 2015-11-10 16:44 - 03579696 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-11-24 18:10 - 2015-11-10 16:44 - 03159248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-11-24 18:10 - 2015-11-10 16:44 - 00033607 _____ C:\Windows\system32\nvinfo.pb
2015-11-24 18:10 - 2015-09-18 22:41 - 01572496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-11-24 13:40 - 2015-11-10 16:44 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-11-24 13:40 - 2015-11-10 16:44 - 02983032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-11-24 13:40 - 2015-11-10 16:44 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-11-24 13:40 - 2015-11-10 16:44 - 00938616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-11-24 13:40 - 2015-11-10 16:44 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-11-24 13:40 - 2015-11-10 16:44 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-11-23 21:51 - 2015-11-07 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-11-23 21:51 - 2015-10-21 20:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-11-23 05:38 - 2015-11-10 16:44 - 06049858 _____ C:\Windows\system32\nvcoproc.bin
2015-11-21 06:30 - 2015-10-21 19:22 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-21 06:29 - 2015-10-21 16:43 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-20 01:39 - 2015-10-21 16:40 - 00339754 _____ C:\Users\Robbie\Documents\Auburn Class of 2015.jpeg
2015-11-19 03:45 - 2015-11-11 01:37 - 00000000 ____D C:\Users\Robbie\AppData\Roaming\NVIDIA
2015-11-19 02:22 - 2015-11-02 21:27 - 00007891 _____ C:\Windows\BRRBCOM.INI
2015-11-19 02:17 - 2015-10-21 16:40 - 00000000 ____D C:\Users\Robbie\Documents\Certificates
2015-11-17 23:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
 
==================== Files in the root of some directories =======
 
2015-11-21 05:03 - 2015-11-21 05:04 - 1065984 _____ () C:\Users\Robbie\AppData\Local\file__0.localstorage
 
Some files in TEMP:
====================
C:\Users\Robbie\AppData\Local\Temp\AmazonCloudDriveSetup.exe
C:\Users\Robbie\AppData\Local\Temp\CloudDriveInstaller.exe
C:\Users\Robbie\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-30 20:09
 
==================== End of FRST.txt ============================

 

Link to post
Share on other sites

Addition.txt


Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-12-2015 01

Ran by Robbie (2015-12-13 11:27:44)

Running from C:\Users\Robbie\Downloads

Windows 7 Ultimate Service Pack 1 (X64) (2015-10-21 21:32:16)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2227631131-1546878665-2220001412-500 - Administrator - Disabled) => C:\Users\Administrator

Guest (S-1-5-21-2227631131-1546878665-2220001412-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2227631131-1546878665-2220001412-1002 - Limited - Enabled)

Robbie (S-1-5-21-2227631131-1546878665-2220001412-1000 - Administrator - Enabled) => C:\Users\Robbie

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)

Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)

Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)

Avast Internet Security (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)

Brother MFL-Pro Suite MFC-J475DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.)

BurnInTest v8.1 Standard (HKLM\...\BurnInTest_is1) (Version: 8.1.1010.0 - Passmark Software)

CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)

Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)

CPUID CPU-Z 1.74 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )

CrystalDiskInfo 5.6.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)

CrystalDiskMark 5.0.2 (HKLM\...\CrystalDiskMark5_is1) (Version: 5.0.2 - Crystal Dew World)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)

Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden

Futuremark SystemInfo (HKLM-x32\...\{70690D9E-3D00-47D6-9CE9-BC3B6F900447}) (Version: 4.41.563.0 - Futuremark)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)

Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden

herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)

Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)

Intel® Chipset Device Software (x32 Version: 10.0.27 - Intel® Corporation) Hidden

Intel® Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden

Intel® Network Connections 20.4.207.0 (HKLM\...\PROSetDX) (Version: 20.4.207.0 - Intel)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)

Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.17 - Oracle Corporation)

Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)

LogonStudio (HKLM-x32\...\LogonStudio) (Version: 1.7 - Stardock Corporation)

Malwarebytes Anti-Exploit version 1.8.1.1045 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1045 - Malwarebytes)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)

Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4771.1004 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-2227631131-1546878665-2220001412-1000\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 42.0 (x64 en-US) (HKLM\...\Mozilla Firefox 42.0 (x64 en-US)) (Version: 42.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)

NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 359.06 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.7.4.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.7.4.10 - NVIDIA Corporation)

NVIDIA Graphics Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.06 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden

PCMark 8 (HKLM-x32\...\{a27cb8b5-5c01-47aa-95dd-c8500325c560}) (Version: 2.5.419.0 - Futuremark)

PCMark 8 (Version: 2.5.419.0 - Futuremark) Hidden

Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)

Registry Repair 5.0.1.70 (HKLM-x32\...\Registry Repair) (Version: 5.0.1.70 - Glarysoft Ltd)

SafeZone Stable 1.46.1990.139 (x32 Version: 1.46.1990.139 - Avast Software) Hidden

SHIELD Streaming (Version: 4.1.0240 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 2.7.4.10 - NVIDIA Corporation) Hidden

Skype™ 7.16 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.102 - Skype Technologies S.A.)

Smart View 2.0 (HKLM-x32\...\{FBAAAFAE-08A8-4C63-87EA-4AEA9DEE53E1}) (Version: 1.0.0.0 - Samsung)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)

Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)

USB Vibration Joystick (HKLM-x32\...\{64B27517-3558-4A76-8641-5D161D7C9BE5}) (Version: v3.85 - Dragon rise)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

XSplit Broadcaster (HKLM-x32\...\{D1AF3975-67FA-47C3-9B54-9FF4818B35F7}) (Version: 2.6.1510.2621 - SplitmediaLabs)

XSplit Gamecaster (HKLM-x32\...\{FC8F5BED-A081-4D93-B984-A0EEF996A683}) (Version: 2.6.1510.0741 - SplitmediaLabs)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-2227631131-1546878665-2220001412-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Robbie\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()

CustomCLSID: HKU\S-1-5-21-2227631131-1546878665-2220001412-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Robbie\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2227631131-1546878665-2220001412-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

 

==================== Restore Points =========================

 

11-12-2015 21:17:34 JRT Pre-Junkware Removal

11-12-2015 23:29:36 PC Reviver Restore point 11/12/2015 - 23-29-36

12-12-2015 00:11:24 Checkpoint by HitmanPro

12-12-2015 02:18:38 Windows Update

12-12-2015 02:46:32 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005

12-12-2015 02:48:29 Removed USB Vibration Joystick

12-12-2015 22:00:16 Windows Update

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 21:34 - 2015-12-10 19:19 - 00000860 ____N C:\Windows\system32\Drivers\etc\hosts

 

127.0.0.1 localhost

::1 localhost

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {0B804F2D-7A58-4288-A7F7-983BF923F916} - System32\Tasks\SafeZone scheduled Autoupdate 1447998234 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2015-12-01] (Avast Software)

Task: {19628598-6FBB-484B-9923-F4AFA63B2129} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-03] (AVAST Software)

Task: {1E33B9FB-1C2C-4531-A874-C61321A9A62D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-10] (Google Inc.)

Task: {2681F782-993F-46CF-972A-58908F245918} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"

Task: {2D150F6D-1576-40FF-8B0E-087B0222415E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-10] (Adobe Systems Incorporated)

Task: {48769228-D04E-4DEC-99B1-2B3A5DEC3CC5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)

Task: {738ED915-396A-4B3A-B6E5-8F8B3DB76CF0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)

Task: {9D5956B9-996A-4B9E-8DB2-0BBF3D06EDBD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)

Task: {9F64F42C-7516-4106-AEDA-B2A3E9748E95} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-10] (Google Inc.)

Task: {BB48972B-90EE-4273-B44A-5DD8C44E0B3F} - System32\Tasks\SafeZone scheduled Autoupdate 1449904576 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2015-12-01] (Avast Software)

Task: {D3917084-AA6E-4E0D-8349-3E7A4683DCE1} - System32\Tasks\avast! Emergency Update => C:\Program Files\Avast\AvastEmUpdate.exe [2015-12-05] (AVAST Software)

Task: {E33517A4-5454-4639-A239-9079ED731FF1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)

Task: {F39F695B-0339-455C-93E7-A9C044F7677B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-21] (Dropbox, Inc.)

Task: {F7CFB0A0-BD10-4746-A423-A744594BC7FC} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-21] (Dropbox, Inc.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-11-10 16:44 - 2015-11-24 13:40 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2015-10-21 16:44 - 2015-10-21 19:22 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2015-10-21 16:43 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2015-11-02 21:27 - 2005-04-21 23:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll

2015-09-14 11:54 - 2015-09-14 11:54 - 00112792 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe

2015-09-14 11:53 - 2015-09-14 11:53 - 00244888 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\analyzer.dll

2015-10-21 18:09 - 2015-09-14 11:57 - 00458904 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe

2015-10-21 18:09 - 2015-09-14 12:07 - 00709272 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll

2015-10-21 18:09 - 2015-09-14 12:06 - 00185496 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\foreground_window_input.dll

2015-12-10 21:41 - 2015-12-04 17:17 - 01971528 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll

2015-12-10 21:41 - 2015-12-04 17:17 - 00093512 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll

2015-10-21 18:09 - 2015-09-14 12:01 - 00414360 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe

2015-10-21 18:09 - 2015-09-14 12:04 - 00130712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_process_input.dll

2015-10-21 18:09 - 2015-09-14 12:05 - 00025752 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_system_power_state_input.dll

2015-10-21 18:09 - 2015-09-14 12:05 - 00059544 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_quality_and_reliability_input.dll

2015-10-21 18:09 - 2015-09-14 12:05 - 00194712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\acpi_battery_input.dll

2015-10-21 18:09 - 2015-09-14 12:06 - 00159896 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\sema_thermal_input.dll

2015-10-21 18:09 - 2015-09-14 12:06 - 00158360 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\wifi_input.dll

2015-10-21 18:09 - 2015-09-14 12:05 - 00050840 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\devices_use_input.dll

2015-10-21 18:09 - 2015-09-14 12:04 - 00032920 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_disktrace_input.dll

2015-12-05 13:21 - 2015-12-05 13:21 - 00103888 _____ () C:\Program Files\Avast\log.dll

2015-12-05 13:21 - 2015-12-05 13:21 - 00125512 _____ () C:\Program Files\Avast\JsonRpcServer.dll

2015-12-12 14:40 - 2015-12-12 14:40 - 02803200 _____ () C:\Program Files\Avast\defs\15121202\algo.dll

2015-12-05 13:21 - 2015-12-05 13:21 - 00469008 _____ () C:\Program Files\Avast\ffl2.dll

2015-12-13 11:10 - 2015-12-13 11:10 - 02803200 _____ () C:\Program Files\Avast\defs\15121300\algo.dll

2015-10-21 17:13 - 2015-11-12 13:39 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2015-11-25 20:18 - 2015-11-25 20:18 - 00147136 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll

2015-12-05 13:21 - 2015-12-05 13:21 - 40539648 _____ () C:\Program Files\Avast\libcef.dll

2015-12-09 20:36 - 2015-10-30 19:59 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd

2015-12-09 20:36 - 2015-10-30 20:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 00022848 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 00023352 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 00042296 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd

2015-12-09 20:36 - 2015-10-30 19:59 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll

2015-12-09 20:36 - 2015-10-30 19:59 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd

2015-12-09 20:36 - 2015-10-30 19:59 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd

2015-12-09 20:36 - 2015-10-30 20:00 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd

2015-12-09 20:36 - 2015-10-30 19:59 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll

2015-12-09 20:36 - 2015-12-08 16:36 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd

2015-12-09 20:36 - 2015-10-30 19:59 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd

2015-12-09 20:36 - 2015-10-30 20:00 - 00109520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 01737032 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd

2015-12-09 20:36 - 2015-10-30 20:00 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd

2015-12-09 20:36 - 2015-10-30 20:00 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd

2015-12-09 20:36 - 2015-10-30 20:00 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 00021320 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd

2015-12-09 20:36 - 2015-10-30 20:00 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd

2015-12-09 20:36 - 2015-10-30 20:00 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd

2015-12-09 20:36 - 2015-10-30 20:00 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd

2015-12-09 20:36 - 2015-10-30 20:00 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd

2015-12-09 20:36 - 2015-10-30 20:00 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd

2015-12-09 20:36 - 2015-10-30 20:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd

2015-12-09 20:36 - 2015-10-30 20:00 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd

2015-12-09 20:36 - 2015-10-30 20:00 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll

2015-12-09 20:36 - 2015-10-30 20:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd

2015-12-09 20:36 - 2015-10-30 19:59 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd

2015-12-09 20:36 - 2015-10-30 19:59 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd

2015-12-09 20:36 - 2015-10-30 20:00 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 00021304 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd

2015-12-09 20:36 - 2015-10-30 20:00 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL

2015-12-09 20:36 - 2015-12-08 16:36 - 01826608 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd

2015-12-09 20:36 - 2015-10-30 20:00 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 03891504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 01950000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 00519984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 00133936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 00225080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 00486704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd

2015-12-09 20:36 - 2015-12-08 16:36 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd

2015-10-21 19:10 - 2015-10-30 20:01 - 00019920 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll

2015-10-21 19:10 - 2015-10-30 20:00 - 00786904 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll

2015-10-21 19:10 - 2015-10-30 20:00 - 00063448 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll

2015-10-21 19:10 - 2015-10-30 20:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll

2015-10-21 16:43 - 2015-10-21 19:22 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\Users\Robbie\Documents\ADA Paperwork Fall 2015.jpeg:3or4kl4x13tuuug3Byamue2s4b

AlternateDataStreams: C:\Users\Robbie\Documents\ADA Paperwork Fall 2015.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

AlternateDataStreams: C:\Users\Robbie\Documents\Auburn Class of 2015.jpeg:3or4kl4x13tuuug3Byamue2s4b

AlternateDataStreams: C:\Users\Robbie\Documents\Auburn Class of 2015.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

AlternateDataStreams: C:\Users\Robbie\Documents\HollowWorld App.doc:com.dropbox.attributes

AlternateDataStreams: C:\Users\Robbie\Documents\Perry High School Immunization Report.jpeg:3or4kl4x13tuuug3Byamue2s4b

AlternateDataStreams: C:\Users\Robbie\Documents\Perry High School Immunization Report.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

AlternateDataStreams: C:\Users\Robbie\Documents\The Darkness Behind Craftyn.doc:com.dropbox.attributes

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

HKU\S-1-5-21-2227631131-1546878665-2220001412-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION

HKU\S-1-5-21-2227631131-1546878665-2220001412-1000\Software\Classes\exefile:  <===== ATTENTION

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE restricted site: HKU\S-1-5-21-2227631131-1546878665-2220001412-1000\...\skype.com -> hxxps://apps.skype.com

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2227631131-1546878665-2220001412-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Robbie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 8.8.8.8 - 8.8.4.4

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{F7751C4F-29C0-4B1D-9EBE-D3FC199CCDF5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{E63EACDD-6821-4758-879F-D90BECE82A5D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{52EE356D-492E-4621-AC0C-0F0224CD214B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{396A3486-ADD1-4936-96AB-062CAA20899C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{A396B6B9-5090-4986-9DDA-534113942C50}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

FirewallRules: [{F7AD4AB8-486B-4D80-B5F5-05A10E549D0A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{5855FE2C-04DA-4FD9-AFAC-1830A5608B83}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{B6330650-E3A2-4131-8073-3EB7C54E05BC}] => (Allow) C:\Users\Robbie\AppData\Local\Microsoft\OneDrive\OneDrive.exe

FirewallRules: [TCP Query User{65E336ED-866F-4C1B-99B8-69686D7030C5}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe

FirewallRules: [uDP Query User{E2B4548A-6AD1-4309-879A-971BA9C84CE7}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe

FirewallRules: [{3857DC1F-741B-4730-A117-D6B7EE751BE0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{00BB2493-2C8E-46F7-8295-0DCA8CAA9726}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe

FirewallRules: [{D4A41A68-FDD4-484E-B089-1EFA6E2B7294}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe

FirewallRules: [{13E9B480-F603-41D6-94E1-F5A56AEA9E0A}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe

FirewallRules: [{72A2C87A-FECB-412C-8A1E-A805A5DA4C95}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe

FirewallRules: [{D03F6278-CD63-4542-9C9C-B446D1247F42}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe

FirewallRules: [{B7E57923-EBE1-42F4-BC9D-2D05025902CF}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe

FirewallRules: [{2D810085-1E66-4045-B8CC-ABD381C76CF2}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe

FirewallRules: [{D35AC865-4D34-4B62-91CF-D01E5970A4C6}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe

FirewallRules: [{CC42C16B-0A66-4A26-91E5-3FB44DFC72D1}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE

FirewallRules: [{6B4A7348-5E3E-473B-8A60-69EBC832FD0D}] => (Allow) LPort=54925

FirewallRules: [{3DE689DF-3336-4B42-8F9E-639B74195BCB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{45101A9F-B273-4FE1-97DB-968085CF023B}] => (Allow) LPort=2869

FirewallRules: [{A941A69C-0687-48C6-BAC2-F2C1044AB18D}] => (Allow) LPort=1900

FirewallRules: [{64AFAFDF-3864-4E20-BBB2-E7F0BD845A58}] => (Allow) C:\Program Files (x86)\SmartView2\Smart View 2.0.exe

FirewallRules: [{2CD7F0DC-B816-4ACA-BE7E-721AEC078463}] => (Allow) C:\Program Files (x86)\SmartView2\Smart View 2.0.exe

FirewallRules: [{EE99A9B1-4C73-43F9-9AA7-3ED85EFF3FCA}] => (Allow) C:\Program Files (x86)\SmartView2\Smart View 2.0.exe

FirewallRules: [{0986DFE3-DD8E-42A2-A722-5B5FA5AC8C25}] => (Allow) C:\Program Files (x86)\SmartView2\Smart View 2.0.exe

FirewallRules: [{BF043598-CFC4-4FCA-8A55-DD26B3C3E8F2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [{73BBE62D-88EC-4D9F-B7DB-2EC3A8737ABE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [{1351BB52-5E84-46CC-BC91-F4DC479D9A56}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

FirewallRules: [TCP Query User{86947C6E-6D34-4883-9461-B19D2207B179}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe

FirewallRules: [uDP Query User{D6C637C9-4C27-4861-B082-65622C37B18D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe

FirewallRules: [{4EDD1193-2831-4245-93A4-6E5683D44572}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{D44BF26D-6F47-435A-9528-C74AEE3C77E6}] => (Allow) C:\Program Files\Avast\ng\vbox\aswFe.exe

FirewallRules: [{CC6442D4-B0D0-4285-BAB8-814A1023CED5}] => (Allow) C:\Program Files\Avast\ng\vbox\aswFe.exe

 

==================== Faulty Device Manager Devices =============

 

Name: WAN Miniport (IKEv2)

Description: WAN Miniport (IKEv2)

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: RasAgileVpn

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/13/2015 11:09:32 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)

Description: Windows cannot load classes registry file.

 DETAIL - Unspecified error

 

Error: (12/13/2015 11:09:27 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".

Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (12/13/2015 11:09:26 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)

Description: Windows cannot load classes registry file.

 DETAIL - Unspecified error

 

Error: (12/13/2015 03:41:42 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".

Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (12/13/2015 01:39:17 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".

Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (12/13/2015 01:39:14 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".

Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (12/13/2015 01:39:14 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".

Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (12/12/2015 06:27:18 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

 

Error: (12/12/2015 06:25:01 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

 

Error: (12/12/2015 04:53:43 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

 

 

System errors:

=============

Error: (12/13/2015 11:09:30 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

is3srv

szkg5

 

Error: (12/13/2015 11:09:25 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 4:04:44 AM on ?12/?13/?2015 was unexpected.

 

Error: (12/13/2015 03:27:58 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: The following fatal alert was generated: 10. The internal error state is 10.

 

Error: (12/12/2015 05:31:01 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: The following fatal alert was generated: 10. The internal error state is 10.

 

Error: (12/12/2015 04:57:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error: 

%%1275

 

Error: (12/12/2015 04:57:07 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\Robbie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (12/12/2015 04:57:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error: 

%%1275

 

Error: (12/12/2015 04:57:06 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\Robbie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (12/12/2015 04:57:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error: 

%%1275

 

Error: (12/12/2015 04:57:06 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\Robbie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i7-4770K CPU @ 3.50GHz

Percentage of memory in use: 20%

Total physical RAM: 16267.74 MB

Available physical RAM: 12910.9 MB

Total Virtual: 32533.68 MB

Available Virtual: 28321.6 MB

 

==================== Drives ================================

 

Drive c: (SSD) (Fixed) (Total:238.37 GB) (Free:151.04 GB) NTFS

Drive d: (HDD) (Fixed) (Total:2794.52 GB) (Free:2762.94 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: D74C706B)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 2794.5 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

==================== End of Addition.txt ============================


RogueKiller Scan Results:


RogueKiller V11.0.2.0 [Dec  7 2015] (Free) by Adlice Software





 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Robbie [Administrator]

Started from : C:\Users\Robbie\Downloads\RogueKiller.exe

Mode : Scan -- Date : 12/13/2015 11:37:44

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 2 ¤¤¤

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2227631131-1546878665-2220001412-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2227631131-1546878665-2220001412-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 2 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

[C:\Windows\System32\drivers\etc\hosts] ::1 localhost

 

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: Samsung SSD 850 PRO 256GB ATA Device +++++

--- User ---

[MBR] 41a8536e9fbc5143b5c476f99726470b

[bSP] a86316969d2d4923bf7a5a92cef18b97 : Windows Vista/7/8|VT.Unknown MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 244096 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive1: ST3000DM001-1ER166 ATA Device +++++

--- User ---

[MBR] a84dd93b5b19931ceaddbccc47850486

[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code

Partition table:

0 - Basic data partition | Offset (sectors): 2048 | Size: 2861587 MB

User = LL1 ... OK

User = LL2 ... OK


Also ran something called Process Explorerer, if you've heard of it. It submits the hashes of all running processes to virus total.

Process Explorerer Scan Results:


Process CPU Private Bytes Working Set PID Description Company Name VirusTotal

System Idle Process 96.76 0 K 24 K 0

System 0.10 348 K 2,236 K 4

 Interrupts 0.25 0 K 0 K n/a Hardware Interrupts and DPCs

 smss.exe 728 K 2,560 K 496 Windows Session Manager Microsoft Corporation 0/54

csrss.exe < 0.01 2,860 K 14,648 K 688 Client Server Runtime Process Microsoft Corporation 0/54

 conhost.exe < 0.01 1,540 K 11,172 K 2560 Console Window Host Microsoft Corporation 0/55

wininit.exe 2,104 K 12,592 K 772 Windows Start-Up Application Microsoft Corporation 0/53

 services.exe 7,232 K 18,712 K 828 Services and Controller app Microsoft Corporation 0/55

  svchost.exe 0.02 5,940 K 18,976 K 1016 Host Process for Windows Services Microsoft Corporation 0/54

   WmiPrvSE.exe 9,192 K 21,796 K 4408 WMI Provider Host Microsoft Corporation 0/54

   unsecapp.exe 3,032 K 15,732 K 5172 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation 0/55

   dllhost.exe 3,592 K 16,164 K 7452 COM Surrogate Microsoft Corporation 0/55

   WmiPrvSE.exe 3,396 K 7,260 K 1956 WMI Provider Host Microsoft Corporation 0/54

   dllhost.exe 5,056 K 10,284 K 4316 COM Surrogate Microsoft Corporation 0/55

  nvvsvc.exe 3,784 K 16,976 K 452 NVIDIA Driver Helper Service, Version 359.06 NVIDIA Corporation 0/54

   nvxdsync.exe 10,476 K 38,436 K 1436 NVIDIA User Experience Driver Component NVIDIA Corporation 0/53

    nvtray.exe 7,008 K 26,232 K 3832 NVIDIA Settings NVIDIA Corporation 0/54

   nvvsvc.exe < 0.01 6,928 K 24,568 K 1444 NVIDIA Driver Helper Service, Version 359.06 NVIDIA Corporation 0/54

  nvSCPAPISvr.exe 3,032 K 23,988 K 644 Stereo Vision Control Panel API Server NVIDIA Corporation 0/53

  svchost.exe < 0.01 7,324 K 18,832 K 696 Host Process for Windows Services Microsoft Corporation 0/54

  svchost.exe 22,584 K 40,144 K 636 Host Process for Windows Services Microsoft Corporation 0/54

   audiodg.exe 16,588 K 16,700 K 2700 Windows Audio Device Graph Isolation Microsoft Corporation 0/55

  svchost.exe 10,516 K 28,992 K 1052 Host Process for Windows Services Microsoft Corporation 0/54

   dwm.exe 0.18 56,016 K 152,624 K 1796 Desktop Window Manager Microsoft Corporation 0/51

  svchost.exe < 0.01 14,748 K 57,180 K 1080 Host Process for Windows Services Microsoft Corporation 0/54

  svchost.exe 0.02 34,488 K 60,648 K 1120 Host Process for Windows Services Microsoft Corporation 0/54

  svchost.exe 3,404 K 14,268 K 1268 Host Process for Windows Services Microsoft Corporation 0/54

  igfxCUIService.exe 3,136 K 15,816 K 1364 igfxCUIService Module Intel Corporation 0/55

  svchost.exe < 0.01 18,492 K 34,620 K 1476 Host Process for Windows Services Microsoft Corporation 0/54

  AvastSvc.exe 0.46 169,344 K 48,600 K 1572 avast! Service AVAST Software 0/56

  spoolsv.exe < 0.01 9,160 K 24,836 K 1912 Spooler SubSystem App Microsoft Corporation 0/54

  taskhost.exe < 0.01 14,072 K 31,176 K 1944 Host Process for Windows Tasks Microsoft Corporation 0/53

  svchost.exe < 0.01 14,356 K 28,344 K 2004 Host Process for Windows Services Microsoft Corporation 0/54

  afwServ.exe < 0.01 17,504 K 78,708 K 1816 avast! firewall service AVAST Software 0/56

  SASCore64.exe < 0.01 2,356 K 9,680 K 2188 Core Service SUPERAntiSpyware.com 0/56

  armsvc.exe 1,324 K 29,928 K 2260 Adobe Acrobat Update Service Adobe Systems Incorporated 0/54

  officeclicktorun.exe < 0.01 23,732 K 45,560 K 2448 Microsoft Office Click-to-Run Microsoft Corporation 0/55

  svchost.exe 6,488 K 53,104 K 2568 Host Process for Windows Services Microsoft Corporation 0/54

  GfExperienceService.exe 4,596 K 18,720 K 2616 NVIDIA GeForce ExperienceService NVIDIA Corporation 0/56

  IPROSetMonitor.exe 1,876 K 9,564 K 2816 Intel® PROSet Monitoring Service Intel Corporation 0/56

  mbae-svc.exe < 0.01 7,160 K 47,768 K 3044 Malwarebytes Anti-Exploit Service Malwarebytes Corporation 0/55

   mbae64.exe < 0.01 2,340 K 9,684 K 2284 Malwarebytes Anti-Exploit 64bit tasks Malwarebytes Corporation 0/50

  mbamscheduler.exe 5,808 K 49,224 K 2052 Malwarebytes Anti-Malware Malwarebytes 0/55

  mbamservice.exe 0.06 251,928 K 128,448 K 3372 Malwarebytes Anti-Malware Malwarebytes 0/53

   mbam.exe 0.03 29,264 K 49,664 K 3844 Malwarebytes Anti-Malware Malwarebytes 0/55

  MSCamS64.exe 5,812 K 19,212 K 3560 MsCamSvc.exe Microsoft Corporation 0/56

  NvNetworkService.exe 5,372 K 41,740 K 3676 NVIDIA Network Service NVIDIA Corporation 0/54

  NvStreamService.exe < 0.01 3,544 K 17,688 K 3804 NVIDIA Streamer Service NVIDIA Corporation 0/53

   NvStreamUserAgent.exe 0.01 11,704 K 32,272 K 5668 NVIDIA Streamer User Agent NVIDIA Corporation 0/55

  svchost.exe 8,328 K 22,764 K 3940 Host Process for Windows Services Microsoft Corporation 0/54

  SurSvc.exe 17,340 K 30,368 K 3972 Intel® System Usage Report 0/56

  WLIDSVC.EXE 5,572 K 20,660 K 1236 Microsoft® Windows Live ID Service Microsoft Corp. 0/54

   WLIDSVCM.EXE 2,096 K 9,196 K 4128 Microsoft® Windows Live ID Service Monitor Microsoft Corp. 0/55

  AvastVBoxSVC.exe < 0.01 5,968 K 22,020 K 4320 AvastVirtualBox Interface Avast Software 0/56

  PresentationFontCache.exe 27,388 K 41,900 K 4672 PresentationFontCache.exe Microsoft Corporation 0/55

  svchost.exe 2,996 K 14,260 K 4972 Host Process for Windows Services Microsoft Corporation 0/54

  NvStreamNetworkService.exe 0.02 10,904 K 27,876 K 5096 NVIDIA Network Stream Service NVIDIA Corporation 0/50

  svchost.exe < 0.01 8,140 K 23,080 K 5508 Host Process for Windows Services Microsoft Corporation 0/54

  SearchIndexer.exe < 0.01 39,200 K 93,712 K 5704 Microsoft Windows Search Indexer Microsoft Corporation 0/55

  svchost.exe 13,124 K 28,784 K 6484 Host Process for Windows Services Microsoft Corporation 0/54

  wmpnetwk.exe < 0.01 12,076 K 42,308 K 6216 Windows Media Player Network Sharing Service Microsoft Corporation 0/54

  mscorsvw.exe 4,044 K 21,916 K 9280 .NET Runtime Optimization Service Microsoft Corporation 0/54

  mscorsvw.exe 7,052 K 14,880 K 9392 .NET Runtime Optimization Service Microsoft Corporation 0/54

  esrv_svc.exe 17,228 K 33,444 K 8068 Intel® System Usage Report 0/50

  svchost.exe < 0.01 53,572 K 154,504 K 8268 Host Process for Windows Services Microsoft Corporation 0/54

  svchost.exe 2,088 K 13,140 K 7276 Host Process for Windows Services Microsoft Corporation 0/54

 lsass.exe 0.01 8,396 K 24,468 K 852 Local Security Authority Process Microsoft Corporation 0/55

 lsm.exe 3,248 K 10,716 K 860 Local Session Manager Service Microsoft Corporation 0/53

csrss.exe 0.04 11,536 K 209,972 K 792 Client Server Runtime Process Microsoft Corporation 0/54

 conhost.exe 2,276 K 23,428 K 6632 Console Window Host Microsoft Corporation 0/55

 conhost.exe < 0.01 2,328 K 23,528 K 6716 Console Window Host Microsoft Corporation 0/55

 conhost.exe 2,044 K 13,204 K 9164 Console Window Host Microsoft Corporation 0/55

winlogon.exe 4,388 K 16,800 K 952 Windows Logon Application Microsoft Corporation 0/56

explorer.exe 0.02 43,112 K 237,672 K 1820 Windows Explorer Microsoft Corporation 0/54

 NvBackend.exe < 0.01 16,488 K 58,792 K 2196 NVIDIA Backend NVIDIA Corporation 0/55

 OneDrive.exe < 0.01 13,908 K 86,116 K 2980 Microsoft OneDrive Microsoft Corporation 0/53

 Skype.exe 0.23 216,180 K 208,352 K 2040 Skype Skype Technologies S.A. 0/53

 chrome.exe 0.01 132,128 K 319,572 K 7560 Google Chrome Google Inc. 0/55

  chrome.exe 4,564 K 17,772 K 8052 Google Chrome Google Inc. 0/55

  chrome.exe 0.01 34,060 K 100,800 K 7672 Google Chrome Google Inc. 0/55

  chrome.exe 33,984 K 106,176 K 7340 Google Chrome Google Inc. 0/55

  chrome.exe 38,252 K 111,172 K 1760 Google Chrome Google Inc. 0/55

  chrome.exe 93,736 K 170,724 K 7500 Google Chrome Google Inc. 0/55

  chrome.exe 33,768 K 105,880 K 7064 Google Chrome Google Inc. 0/55

  chrome.exe 41,980 K 115,720 K 6960 Google Chrome Google Inc. 0/55

  chrome.exe < 0.01 47,236 K 124,048 K 3900 Google Chrome Google Inc. 0/55

  chrome.exe 35,928 K 106,680 K 7824 Google Chrome Google Inc. 0/55

  chrome.exe 36,608 K 113,400 K 7556 Google Chrome Google Inc. 0/55

  chrome.exe 33,704 K 105,840 K 4968 Google Chrome Google Inc. 0/55

  chrome.exe 39,236 K 116,752 K 8340 Google Chrome Google Inc. 0/55

  chrome.exe < 0.01 94,368 K 179,760 K 8620 Google Chrome Google Inc. 0/55

  chrome.exe 0.06 150,072 K 257,620 K 7552 Google Chrome Google Inc. 0/55

 notepad.exe 12,464 K 117,216 K 8576 Notepad Microsoft Corporation 0/53

GoogleCrashHandler.exe 1,804 K 32,484 K 2088 Google Crash Handler Google Inc. 0/54

GoogleCrashHandler64.exe 2,272 K 10,792 K 1116 Google Crash Handler Google Inc. 0/55

igfxEM.exe 4,648 K 28,372 K 5076 igfxEM Module Intel Corporation 0/55

CCleaner64.exe < 0.01 9,708 K 34,536 K 5112 CCleaner Piriform Ltd 0/54

AvastUI.exe < 0.01 21,456 K 162,456 K 5292 avast! Antivirus AVAST Software 0/54

Dropbox.exe 0.02 122,940 K 126,892 K 5692 Dropbox Dropbox, Inc. 0/54

mbae.exe 6,384 K 57,452 K 7040 Malwarebytes Anti-Exploit Malwarebytes Corporation 0/53

iusb3mon.exe < 0.01 2,136 K 38,904 K 7008 iusb3mon Intel Corporation 0/56

jusched.exe 2,952 K 39,644 K 6496 Java Update Scheduler Oracle Corporation 0/56

GWX.exe 4,500 K 19,408 K 6476 GWX Microsoft Corporation 0/54

esrv.exe < 0.01 10,936 K 26,408 K 7808 Intel® System Usage Report 0/55

csisyncclient.exe 17,520 K 229,588 K 9244 Microsoft Office Document Cache Sync Client Interface Microsoft Corporation 0/54

java.exe 0.03 459,060 K 482,852 K 9052 Java Platform SE binary Oracle Corporation 0/56

procexp.exe 2,928 K 7,120 K 5980 Sysinternals Process Explorer Sysinternals - www.sysinternals.com 0/55

 PROCEXP64.exe 1.61 37,576 K 57,668 K 10036 Sysinternals Process Explorer Sysinternals - www.sysinternals.com 0/54


 

Restarted, still getting the warning from Malwarebytes just as often.

Link to post
Share on other sites

I did ask that you run a clean install of Google Chrome, yet we see many extensions still are showing in the logs. As the issue only seems to affect Chrome continue as follows please:

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post the log to your reply.
 

Next,

 

If the IP block issue still continues download and save "Google Chrome Clean up Tool"  to your Desktop from the following link:

 

https://www.google.com/chrome/cleanup-tool/

 

Run the tool, when complete the tool will let you know if anything was found....

 

Let me know if the issue still happens....

 

Thank you,

 

Kevin

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
Ran by Robbie (2015-12-13 19:18:09) Run:1
Running from C:\Users\Robbie\Desktop
Loaded Profiles: Robbie & Administrator (Available Profiles: Robbie & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2227631131-1546878665-2220001412-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Extension: No Name - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\rxxryg7e.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-11-25] [not signed]
FF Extension: No Name - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\rxxryg7e.default\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2015-10-31] [not signed]
FF Extension: No Name - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\rxxryg7e.default\Extensions\{0fa2149e-bb2c-4ac2-a8d3-479599819475}.xpi [2015-10-21] [not signed]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-10]
CHR Extension: (Proxy List - Free Proxies for everyone) - C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\omihnninlhneakfglooiofgdbpmnhjgn [2015-12-10]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-11-10]
S0 is3srv; SySWOW64\drivers\is3srv64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S0 szkg5; SySWOW64\drivers\szkg64.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Robbie\AppData\Local\Temp\AmazonCloudDriveSetup.exe
C:\Users\Robbie\AppData\Local\Temp\CloudDriveInstaller.exe
C:\Users\Robbie\AppData\Local\Temp\sqlite3.dll
AlternateDataStreams: C:\Users\Robbie\Documents\ADA Paperwork Fall 2015.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Robbie\Documents\ADA Paperwork Fall 2015.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Robbie\Documents\Auburn Class of 2015.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Robbie\Documents\Auburn Class of 2015.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Robbie\Documents\HollowWorld App.doc:com.dropbox.attributes
AlternateDataStreams: C:\Users\Robbie\Documents\Perry High School Immunization Report.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Robbie\Documents\Perry High School Immunization Report.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Robbie\Documents\The Darkness Behind Craftyn.doc:com.dropbox.attributes
HKU\S-1-5-21-2227631131-1546878665-2220001412-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION
HKU\S-1-5-21-2227631131-1546878665-2220001412-1000\Software\Classes\exefile:  <===== ATTENTION
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
Hosts:
EmptyTemp:
Reboot:
end
*****************
 
Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2227631131-1546878665-2220001412-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\rxxryg7e.default\Extensions\elemhidehelper@adblockplus.org.xpi => moved successfully
C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\rxxryg7e.default\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi => moved successfully
C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\rxxryg7e.default\Extensions\{0fa2149e-bb2c-4ac2-a8d3-479599819475}.xpi => moved successfully
C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\omihnninlhneakfglooiofgdbpmnhjgn => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully
Could not move "C:\Program Files\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Scheduled to move on reboot.
is3srv => service removed successfully
Synth3dVsc => service removed successfully
szkg5 => service removed successfully
tsusbhub => service removed successfully
VGPU => service removed successfully
C:\Users\Robbie\AppData\Local\Temp\AmazonCloudDriveSetup.exe => moved successfully
C:\Users\Robbie\AppData\Local\Temp\CloudDriveInstaller.exe => moved successfully
C:\Users\Robbie\AppData\Local\Temp\sqlite3.dll => moved successfully
"C:\Users\Robbie\Documents\ADA Paperwork Fall 2015.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
C:\Users\Robbie\Documents\ADA Paperwork Fall 2015.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"C:\Users\Robbie\Documents\Auburn Class of 2015.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
C:\Users\Robbie\Documents\Auburn Class of 2015.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\Users\Robbie\Documents\HollowWorld App.doc => ":com.dropbox.attributes" ADS removed successfully.
"C:\Users\Robbie\Documents\Perry High School Immunization Report.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
C:\Users\Robbie\Documents\Perry High School Immunization Report.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\Users\Robbie\Documents\The Darkness Behind Craftyn.doc => ":com.dropbox.attributes" ADS removed successfully.
"HKU\S-1-5-21-2227631131-1546878665-2220001412-1000\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-21-2227631131-1546878665-2220001412-1000\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-21-2227631131-1546878665-2220001412-1000\Software\Classes\exefile => key not found. 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::2841:2776:9ac4:85d1%10
   Default Gateway . . . . . . . . . : 
 
Tunnel adapter 6TO4 Adapter:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2002:b838:8d7a::b838:8d7a
   Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
 
Tunnel adapter isatap.neo.rr.com:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : neo.rr.com
   Link-local IPv6 Address . . . . . : fe80::2841:2776:9ac4:85d1%10
   IPv4 Address. . . . . . . . . . . : 184.56.141.122
   Subnet Mask . . . . . . . . . . . : 255.255.240.0
   Default Gateway . . . . . . . . . : 184.56.128.1
 
Tunnel adapter isatap.neo.rr.com:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter 6TO4 Adapter:
 
   Connection-specific DNS Suffix  . : neo.rr.com
   IPv6 Address. . . . . . . . . . . : 2002:b838:8d7a::b838:8d7a
   Default Gateway . . . . . . . . . : 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {6E354B7C-6A3E-401E-9759-6ED225C088F9}.
{E47BCF14-ED9D-4ECC-BF91-0BFCEE42BB7C} canceled.
{05C41DF8-C9E8-43B0-9025-958C3A91D58F} canceled.
2 out of 3 jobs canceled.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2227631131-1546878665-2220001412-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2227631131-1546878665-2220001412-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2227631131-1546878665-2220001412-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2227631131-1546878665-2220001412-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 961.3 MB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-12-13 19:20:21)
 
"C:\Program Files\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Could not move
 
==== End of Fixlog 19:20:21 ====

Nothing found on the Chrome Cleanup Tool, Malwarebytes warning still occurring. I gotta say though I'm surprised someone who doesn't even know me personally is trying to hard to help me out. Thanks for that.

Link to post
Share on other sites

Did you make sure to disable and remove "Data Compression Proxy" from chrome?

That's not even the Proxy extension I have. I know its not my extensions causing the issue anyways though. I've had all of these plugins for years, on several computers, and the issue only occurs on this one.

Link to post
Share on other sites

None of the scans we have run have located our nemesis, or any reason behind it. The only way forward is to prove or disprove Chrome....

 

The problem that continually happens is related to Chrome and more than likely one of the extensions. It really does not matter how long you`ve had or used the extensions, they can be patched at any time.

The only way to prove beyond doubt is a clean install of Chrome, that is an install with no added extras. If the issue is cleared it then the extensions can be re-install, but only one at a time, close Chrome re-boot the system, reopen Chrome and see if the issue returns...

 

If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Remove all synced data from Chrome go here: http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/ follow those instructions...

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

 

Type or copy/paste the following into search %appdata% Scroll to and delete the Google folder.

 

With Chrome removed totally remove re-boot your system, does the issue happen with Chrome removed? if not then continue with the fresh install as folows..

Install Google Chrome from here: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html

Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

 

Before any other extensions are added exit Chrome and reboot the PC, re-open Chrome and use as normally and see if the issue happens. If no changes are observed install your next preferred extension.

 

Repeat that action until the issue happens again....

 

Thank you,

 

Kevin...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.