Proxyhijacker problems

[Thejockobird]

Through one way or another I've picked up a proxyhijacker and can't seem to shake it. Mbam finds it, quarantines and then I remove it but upon completing the prompted reboot and scanning again it finds the same files all over again.

Some other malware/adware that came along with it has all been cleared up but the proxyhijacker still persists. Continues to send me to browser windows with only the letter "a" on them whenever I search something related to malware removal.

Mbam is also picking up and blocking some outbound connections to an apparently malicious website. These are originating from a file in my Program files called "dizzy" contains some random files that either regenerate when they're deleted or just cannot be deleted (even by fileassassin). This program never shows up in my control panrl applications list so I can't Uninstalle it.

Any help would be greatly appreciated. Thanks!

[kevinf80]

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Change default download folder location in Edge - Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....


Next,


Please open Malwarebytes Anti-Malware.

• On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
• Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
• Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
• A Threat Scan will begin.
• When the scan is complete Apply Actions to any found entries.
• Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
• After the restart once you are back at your desktop, open MBAM once more.
  

To get the log from Malwarebytes do the following:

• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click Export > From export you have three options:
  
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  
• Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…
  

If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

• Double-click mbam-setup and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to the following:
• Launch Malwarebytes Anti-Malware
• A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish. Follow the instructions above....
  

Next,

Download AdwCleaner by Xplode onto your Desktop.

• Double click on Adwcleaner.exe to run the tool.
• Click on the Scan in the Actions box
• Please wait fot the scan to finish..
• When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
• Click on the Cleaning box.
• Next click OK on the "Closing Programs" pop up box.
• Click OK on the Information box & again OK to allow the necessary reboot
• After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...
  

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
• Make sure Addition.txt is checkmarked under "Optional scans"
• Press Scan button to run the tool....
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The tool will also make a log named (Addition.txt) Please attach those logs to your reply.
  

Let me see those logs in your next reply...

Thank you,

Kevin...
 

[Thejockobird]

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 3/9/2016

Scan Time: 4:29 PM

Logfile: 

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2016.03.09.06

Rootkit Database: v2016.02.27.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 10

CPU: x64

File System: NTFS

User: Joshua Jacquot

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 416131

Time Elapsed: 5 min, 43 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 2

PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\0iId9ycFhZoZ3WmMuUED-ni-2016-03-07-ni-16145-ni-1, Delete-on-Reboot, [ab0f1273fd9c14226d3fe98aa064b34d], 

PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\3476718347671834767183476718, Delete-on-Reboot, [e9d14c39b0e9340273fb62118d7703fd], 

 

Registry Values: 1

PUM.Optional.ProxyHijacker, HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8877;https=127.0.0.1:8877, Quarantined, [e4d67312f2a7d5615867719d7b881be5]

 

Registry Data: 0

(No malicious items detected)

 

Folders: 4

PUP.Optional.Amonetize, C:\ProgramData\78ecb1bb-1461-0, Quarantined, [5d5df98c8613fc3ae8b3030a63a0bb45], 

PUP.Optional.Amonetize, C:\ProgramData\78ecb1bb-6c25-1, Quarantined, [a4169aeba8f1d26454478e7f53b052ae], 

PUP.Optional.Amonetize, C:\ProgramData\e37d702e-0637-0, Quarantined, [b109592caced171f7427c34a966d1fe1], 

PUP.Optional.Amonetize, C:\ProgramData\e37d702e-75d3-1, Quarantined, [279397eeadec70c6c1dad4397a89d030], 

 

Files: 6

PUP.Optional.MultiPlug.PrxySvrRST, C:\Windows\System32\Tasks\3476718347671834767183476718, Quarantined, [7743c6bf4b4e3ef8f173a3d052b26997], 

PUP.Optional.MultiPlug.PrxySvrRST, C:\Windows\System32\Tasks\0iId9ycFhZoZ3WmMuUED-ni-2016-03-07-ni-16145-ni-1, Quarantined, [289294f1ff9ad1657f2375fe8c787a86], 

PUP.Optional.Amonetize, C:\ProgramData\78ecb1bb-1461-0\78ecb1bb-1461-0.d, Quarantined, [5d5df98c8613fc3ae8b3030a63a0bb45], 

PUP.Optional.Amonetize, C:\ProgramData\78ecb1bb-6c25-1\78ecb1bb-6c25-1.d, Quarantined, [a4169aeba8f1d26454478e7f53b052ae], 

PUP.Optional.Amonetize, C:\ProgramData\e37d702e-0637-0\e37d702e-0637-0.d, Quarantined, [b109592caced171f7427c34a966d1fe1], 

PUP.Optional.Amonetize, C:\ProgramData\e37d702e-75d3-1\e37d702e-75d3-1.d, Quarantined, [279397eeadec70c6c1dad4397a89d030], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[Thejockobird]

# AdwCleaner v5.101 - Logfile created 09/03/2016 at 16:56:26

# Updated 07/03/2016 by Xplode

# Database : 2016-03-06.3 [Local]

# Operating system : Windows 10 Home  (x64)

# Username : Joshua Jacquot - JOSHUAJACQUOT

# Running from : E:\Desktop\adwcleaner_5.101.exe

# Option : Clean

# Support : http://toolslib.net/forum

 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

[-] Folder Deleted : C:\ProgramData\Service1291

[-] Folder Deleted : C:\Users\JOSHUA~1\AppData\Local\Temp\MPC

 

***** [ Files ] *****

 

[-] File Deleted : C:\END

 

***** [ DLLs ] *****

 

 

***** [ Shortcuts ] *****

 

[-] Shortcut Disinfected : E:\Desktop\Google Chrome.lnk

[-] Shortcut Disinfected : C:\Users\Joshua Jacquot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[-] Shortcut Disinfected : C:\Users\Joshua Jacquot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}

[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls

[-] Key Deleted : HKCU\Software\Tutorials

[-] Key Deleted : [x64] HKLM\SOFTWARE\WebBar

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B81759E6-5669-4DB3-A3A7-6CD76555DE1D}_is1

[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4

[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4

[#] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4

 

***** [ Web browsers ] *****

 

 

*************************

 

:: "Tracing" keys removed

:: Winsock settings cleared

 

*************************

 

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2096 bytes] - [09/03/2016 16:56:26]

C:\Program Files (x86)\AdwCleaner\AdwCleaner[s1].txt - [2231 bytes] - [09/03/2016 16:55:57]

 

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2282 bytes] ##########

[Thejockobird]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01

Ran by Joshua Jacquot (administrator) on JOSHUAJACQUOT (09-03-2016 17:03:13)

Running from E:\Desktop

Loaded Profiles: Joshua Jacquot (Available Profiles: Joshua Jacquot & DefaultAppPool)

Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Edge)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(curtain) C:\Windows\illustrious.exe

(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe

() C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation) C:\Windows\System32\mqsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(rustic) C:\Windows\vase.exe

(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(windows 99) C:\Program Files (x86)\dizzy\acoustics.exe

() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

() C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.113_none_7689896a26389b16\TiWorker.exe

(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-08] (NVIDIA Corporation)

HKLM\...\Run: [shadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)

HKLM-x32\...\Run: [sun7] => [X]

HKLM-x32\...\Run: [sun13] => [X]

HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [8192 2013-04-29] ()

HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\...\RunOnce: [uninstall C:\Users\Joshua Jacquot\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joshua Jacquot\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"

HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\...\RunOnce: [uninstall C:\Users\Joshua Jacquot\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joshua Jacquot\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1"

HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\...\MountPoints2: H - "H:\VZW_Software_upgrade_assistant.exe" 

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-26]

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\Joshua Jacquot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\APP Center.lnk [2015-01-21]

ShortcutTarget: APP Center.lnk -> C:\Program Files (x86)\Gigabyte\AppCenter\RunUpd.exe ()

Startup: C:\Users\Joshua Jacquot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-20]

ShortcutTarget: Dropbox.lnk -> C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyEnable: [s-1-5-21-3913031655-1247145700-3822439410-1000] => Proxy is enabled.

ProxyServer: [s-1-5-21-3913031655-1247145700-3822439410-1000] => http=127.0.0.1:8877;https=127.0.0.1:8877

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61

Tcpip\..\Interfaces\{98118546-dd26-41e5-b336-f948a0013bf2}: [DhcpNameServer] 209.18.47.62 209.18.47.61

ManualProxies: 

 

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP

HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?pc=UE01&ocid=UE01DHP

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

 

FireFox:

========

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)

 

Chrome: 

=======

CHR Profile: C:\Users\Joshua Jacquot\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Joshua Jacquot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-07]

CHR Extension: (Google Docs) - C:\Users\Joshua Jacquot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-07]

CHR Extension: (Google Drive) - C:\Users\Joshua Jacquot\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-07]

CHR Extension: (YouTube) - C:\Users\Joshua Jacquot\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-07]

CHR Extension: (Google Sheets) - C:\Users\Joshua Jacquot\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-07]

CHR Extension: (Google Docs Offline) - C:\Users\Joshua Jacquot\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-07]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Joshua Jacquot\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-07]

CHR Extension: (Gmail) - C:\Users\Joshua Jacquot\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-07]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 afraid; C:\WINDOWS\illustrious.exe [14848 2016-03-07] (curtain) [File not signed]

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)

R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] () [File not signed]

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-08] (NVIDIA Corporation)

S3 HwmRecordService; C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe [62784 2014-09-05] (GIGA-BYTE TECHNOLOGY CO., LTD.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)

R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-08] (NVIDIA Corporation)

R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-08] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-08] (NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-01] (Electronic Arts)

R2 playground; C:\WINDOWS\vase.exe [9216 2016-03-07] (rustic) [File not signed]

R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [367616 2014-10-19] (Razer Inc.) [File not signed]

S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-03-08] (Enigma Software Group USA, LLC.)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-29] (Microsoft Corporation)

S2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]

S2 MBAMService; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [X]

S2 nplus; "C:\Program Files\nplus\nplus.exe" /s iid=5311316 did=APSFInsTerra sid=6 ref=c805cf01-5c29-9e3d-2045-750836dc4bff-PolicyMac id=4027be73ceeecd75d5afd2a10472a78a87dcec7c4d272a0d0b4c864b4858138a [X]

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 CorsairAudioFilter; C:\Windows\system32\DRIVERS\corsveng2kamd64.sys [112808 2014-08-15] (Corsair Components, Inc.)

R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [48808 2014-11-25] (Corsair)

R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [22696 2014-11-25] (Corsair)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2015-11-23] (Windows ® Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2015-11-23] (Windows ® Win 7 DDK provider)

R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-01-20] (Disc Soft Ltd)

S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-08] ()

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-09] (Malwarebytes)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)

S3 mv61xx; C:\Windows\System32\drivers\mv61xx.sys [173096 2008-06-23] (Marvell Semiconductor, Inc.)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-08] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-11-05] (NVIDIA Corporation)

S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)

R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)

R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)

U3 idsvc; no ImagePath

S0 mvs91xx; System32\drivers\mvs91xx.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-03-09 17:03 - 2016-03-09 17:03 - 00000000 ____D C:\FRST

2016-03-09 16:55 - 2016-03-09 16:56 - 00000000 ____D C:\Program Files (x86)\AdwCleaner

2016-03-09 16:36 - 2016-03-09 17:03 - 00003778 _____ C:\WINDOWS\System32\Tasks\3476718347671834767183476718

2016-03-09 16:36 - 2016-03-09 16:57 - 00003940 _____ C:\WINDOWS\System32\Tasks\0iId9ycFhZoZ3WmMuUED-ni-2016-03-07-ni-16145-ni-1

2016-03-08 22:37 - 2016-03-08 22:40 - 00000000 ____D C:\Program Files (x86)\dizzy

2016-03-08 22:37 - 2016-03-08 22:37 - 00000000 ____D C:\Program Files (x86)\lace

2016-03-08 18:25 - 2016-03-08 18:25 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys

2016-03-08 18:25 - 2016-03-08 18:25 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter

2016-03-08 18:25 - 2016-03-08 18:25 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Roaming\Enigma Software Group

2016-03-08 18:25 - 2016-03-08 18:25 - 00000000 ____D C:\sh4ldr

2016-03-08 18:25 - 2016-03-08 18:25 - 00000000 ____D C:\Program Files\Enigma Software Group

2016-03-08 17:34 - 2016-03-08 17:45 - 00000000 ____D C:\WINDOWS\pss

2016-03-08 17:11 - 2016-03-08 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN

2016-03-08 17:11 - 2016-03-08 17:11 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN

2016-03-08 16:53 - 2016-03-08 16:53 - 00000302 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{F48A614D-9813-4745-B969-48C137D54C42}.job

2016-03-08 16:03 - 2016-03-08 16:04 - 00261646 _____ C:\TDSSKiller.3.1.0.9_08.03.2016_16.03.01_log.txt

2016-03-08 16:00 - 2016-03-08 16:01 - 00261964 _____ C:\TDSSKiller.3.1.0.9_08.03.2016_16.00.40_log.txt

2016-03-08 15:56 - 2016-03-08 15:57 - 00262038 _____ C:\TDSSKiller.3.1.0.9_08.03.2016_15.56.17_log.txt

2016-03-08 15:46 - 2016-03-08 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-03-08 15:46 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2016-03-08 15:46 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2016-03-08 15:46 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

2016-03-07 21:37 - 2016-03-09 16:37 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2016-03-07 21:30 - 2016-03-09 16:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2016-03-07 21:30 - 2016-03-07 21:30 - 00000000 ____D C:\ProgramData\Malwarebytes

2016-03-07 21:27 - 2016-03-07 21:27 - 00000000 _____ C:\autoexec.bat

2016-03-07 21:24 - 2016-03-07 21:24 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Roaming\VERIZON

2016-03-07 20:55 - 2016-03-08 18:25 - 03226176 _____ C:\WINDOWS\ntbtlog.txt

2016-03-07 20:55 - 2016-03-08 18:19 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job

2016-03-07 20:45 - 2016-03-08 16:58 - 00000000 __SHD C:\Users\Joshua Jacquot\AppData\Local\Dynamation

2016-03-07 20:45 - 2016-03-07 20:45 - 00000000 ___HD C:\Users\Joshua Jacquot\AppData\Local\SatakMalwareBusterSetup

2016-03-07 20:42 - 2016-03-07 21:41 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Local\node-webkit

2016-03-07 20:35 - 2016-03-07 20:35 - 00187904 _____ C:\WINDOWS\rsrcs.dll

2016-03-07 20:35 - 2016-03-07 20:35 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results

2016-03-07 20:11 - 2016-03-07 20:11 - 00003244 _____ C:\WINDOWS\System32\Tasks\{5C4815F9-06DE-4719-AF02-39AA07AA2B23}

2016-03-07 20:04 - 2016-03-09 17:02 - 00004384 _____ C:\WINDOWS\System32\Tasks\170102

2016-03-07 20:04 - 2016-03-09 16:57 - 00000388 ____H C:\WINDOWS\Tasks\TKYGUGBWOODTNQRY.job

2016-03-07 20:04 - 2016-03-07 20:34 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Local\Setup Wizard

2016-03-07 20:04 - 2016-03-07 20:05 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Roaming\DivX

2016-03-07 20:04 - 2016-03-07 20:04 - 00000120 _____ C:\Users\Joshua Jacquot\AppData\Local\abcdtemf.txt

2016-03-07 20:04 - 2016-03-07 20:04 - 00000055 _____ C:\WINDOWS\key.ini

2016-03-07 20:04 - 2016-03-07 20:04 - 00000014 _____ C:\Users\Joshua Jacquot\AppData\Local\77592347.txt

2016-03-07 20:04 - 2016-03-07 20:03 - 00001005 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak

2016-03-07 20:03 - 2016-03-07 21:41 - 00000000 ____D C:\ProgramData\WindowsMsg

2016-03-07 20:03 - 2016-03-07 20:03 - 08037888 _____ C:\Users\Joshua Jacquot\AppData\Roaming\agent.dat

2016-03-07 20:03 - 2016-03-07 20:03 - 01902189 _____ C:\Users\Joshua Jacquot\AppData\Roaming\Opewarm.tst

2016-03-07 20:03 - 2016-03-07 20:03 - 00127488 _____ C:\Users\Joshua Jacquot\AppData\Roaming\Installer.dat

2016-03-07 20:03 - 2016-03-07 20:03 - 00072704 _____ C:\Users\Joshua Jacquot\AppData\Roaming\Scotrantrax.tst

2016-03-07 20:03 - 2016-03-07 20:03 - 00018432 _____ C:\Users\Joshua Jacquot\AppData\Roaming\Main.dat

2016-03-07 20:03 - 2016-03-07 20:03 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Roaming\Mozilla

2016-03-07 20:03 - 2016-03-07 20:03 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e

2016-03-07 20:02 - 2016-03-07 20:05 - 00000000 ____D C:\ProgramData\DivX

2016-03-07 20:02 - 2016-03-07 20:02 - 02531460 _____ C:\WINDOWS\chromebrowser.exe

2016-03-07 20:02 - 2016-03-07 20:02 - 00041720 _____ C:\WINDOWS\stain.exe

2016-03-07 20:02 - 2016-03-07 20:02 - 00039424 _____ (windows 99) C:\WINDOWS\mailbox.exe

2016-03-07 20:02 - 2016-03-07 20:02 - 00014848 _____ (curtain) C:\WINDOWS\illustrious.exe

2016-03-07 20:02 - 2016-03-07 20:02 - 00009216 _____ (rustic) C:\WINDOWS\vase.exe

2016-03-07 20:02 - 2016-03-07 20:02 - 00000019 _____ C:\WINDOWS\SysWOW64\1353901.bat

2016-03-02 16:49 - 2016-02-23 03:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2016-03-02 16:49 - 2016-02-23 03:27 - 07475040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2016-03-02 16:49 - 2016-02-23 03:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll

2016-03-02 16:49 - 2016-02-23 03:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2016-03-02 16:49 - 2016-02-23 03:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2016-03-02 16:49 - 2016-02-23 03:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

2016-03-02 16:49 - 2016-02-23 03:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2016-03-02 16:49 - 2016-02-23 03:23 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2016-03-02 16:49 - 2016-02-23 03:22 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2016-03-02 16:49 - 2016-02-23 03:15 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2016-03-02 16:49 - 2016-02-23 03:09 - 01614176 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll

2016-03-02 16:49 - 2016-02-23 02:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2016-03-02 16:49 - 2016-02-23 02:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2016-03-02 16:49 - 2016-02-23 02:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll

2016-03-02 16:49 - 2016-02-23 02:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2016-03-02 16:49 - 2016-02-23 02:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2016-03-02 16:49 - 2016-02-23 02:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll

2016-03-02 16:49 - 2016-02-23 02:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll

2016-03-02 16:49 - 2016-02-23 02:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll

2016-03-02 16:49 - 2016-02-23 02:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe

2016-03-02 16:49 - 2016-02-23 02:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll

2016-03-02 16:49 - 2016-02-23 02:31 - 00847656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll

2016-03-02 16:49 - 2016-02-23 02:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll

2016-03-02 16:49 - 2016-02-23 02:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

2016-03-02 16:49 - 2016-02-23 02:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll

2016-03-02 16:49 - 2016-02-23 02:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2016-03-02 16:49 - 2016-02-23 02:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2016-03-02 16:49 - 2016-02-23 02:21 - 06606568 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll

2016-03-02 16:49 - 2016-02-23 01:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll

2016-03-02 16:49 - 2016-02-23 01:45 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2016-03-02 16:49 - 2016-02-23 01:45 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys

2016-03-02 16:49 - 2016-02-23 01:44 - 00640984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

2016-03-02 16:49 - 2016-02-23 01:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll

2016-03-02 16:49 - 2016-02-23 01:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2016-03-02 16:49 - 2016-02-23 01:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2016-03-02 16:49 - 2016-02-23 01:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll

2016-03-02 16:49 - 2016-02-23 01:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll

2016-03-02 16:49 - 2016-02-23 01:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll

2016-03-02 16:49 - 2016-02-23 01:38 - 00709176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll

2016-03-02 16:49 - 2016-02-23 01:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll

2016-03-02 16:49 - 2016-02-23 01:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll

2016-03-02 16:49 - 2016-02-23 01:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2016-03-02 16:49 - 2016-02-23 01:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2016-03-02 16:49 - 2016-02-23 01:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2016-03-02 16:49 - 2016-02-23 01:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll

2016-03-02 16:49 - 2016-02-23 01:26 - 05241984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll

2016-03-02 16:49 - 2016-02-23 01:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll

2016-03-02 16:49 - 2016-02-23 01:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll

2016-03-02 16:49 - 2016-02-23 00:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll

2016-03-02 16:49 - 2016-02-23 00:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2016-03-02 16:49 - 2016-02-23 00:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll

2016-03-02 16:49 - 2016-02-23 00:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll

2016-03-02 16:49 - 2016-02-23 00:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll

2016-03-02 16:49 - 2016-02-23 00:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll

2016-03-02 16:49 - 2016-02-23 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll

2016-03-02 16:49 - 2016-02-23 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll

2016-03-02 16:49 - 2016-02-23 00:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll

2016-03-02 16:49 - 2016-02-23 00:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll

2016-03-02 16:49 - 2016-02-23 00:30 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll

2016-03-02 16:49 - 2016-02-23 00:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll

2016-03-02 16:49 - 2016-02-23 00:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2016-03-02 16:49 - 2016-02-23 00:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll

2016-03-02 16:49 - 2016-02-23 00:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe

2016-03-02 16:49 - 2016-02-23 00:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll

2016-03-02 16:49 - 2016-02-23 00:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll

2016-03-02 16:49 - 2016-02-23 00:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll

2016-03-02 16:49 - 2016-02-23 00:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv

2016-03-02 16:49 - 2016-02-23 00:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll

2016-03-02 16:49 - 2016-02-23 00:13 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll

2016-03-02 16:49 - 2016-02-23 00:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll

2016-03-02 16:49 - 2016-02-23 00:11 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll

2016-03-02 16:49 - 2016-02-23 00:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll

2016-03-02 16:49 - 2016-02-23 00:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll

2016-03-02 16:49 - 2016-02-23 00:09 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2016-03-02 16:49 - 2016-02-23 00:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2016-03-02 16:49 - 2016-02-23 00:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll

2016-03-02 16:49 - 2016-02-23 00:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll

2016-03-02 16:49 - 2016-02-23 00:06 - 01848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe

2016-03-02 16:49 - 2016-02-23 00:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll

2016-03-02 16:49 - 2016-02-23 00:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll

2016-03-02 16:49 - 2016-02-23 00:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll

2016-03-02 16:49 - 2016-02-23 00:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll

2016-03-02 16:49 - 2016-02-23 00:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll

2016-03-02 16:49 - 2016-02-23 00:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll

2016-03-02 16:49 - 2016-02-23 00:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll

2016-03-02 16:49 - 2016-02-22 23:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll

2016-03-02 16:49 - 2016-02-22 23:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll

2016-03-02 16:49 - 2016-02-22 23:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll

2016-03-02 16:49 - 2016-02-22 23:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll

2016-03-02 16:49 - 2016-02-22 23:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll

2016-03-02 16:49 - 2016-02-22 23:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll

2016-03-02 16:49 - 2016-02-22 23:47 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll

2016-03-02 16:49 - 2016-02-22 23:41 - 03594240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2016-03-02 16:49 - 2016-02-22 23:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll

2016-03-02 16:49 - 2016-02-22 23:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll

2016-03-02 16:49 - 2016-02-22 23:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv

2016-03-02 16:49 - 2016-02-22 23:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll

2016-03-02 16:49 - 2016-02-22 23:31 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll

2016-03-02 16:49 - 2016-02-22 23:30 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2016-03-02 16:49 - 2016-02-22 23:30 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll

2016-03-02 16:49 - 2016-02-22 23:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2016-03-02 16:49 - 2016-02-22 23:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll

2016-03-02 16:49 - 2016-02-22 23:29 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll

2016-03-02 16:49 - 2016-02-22 23:26 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2016-03-02 16:49 - 2016-02-22 23:25 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll

2016-03-02 16:49 - 2016-02-22 23:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll

2016-03-02 16:49 - 2016-02-22 23:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2016-03-02 16:49 - 2016-02-22 23:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll

2016-03-02 16:49 - 2016-02-22 23:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll

2016-03-02 16:49 - 2016-02-22 23:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll

2016-03-02 16:49 - 2016-02-22 23:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll

2016-03-02 16:49 - 2016-02-22 23:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll

2016-03-02 16:49 - 2016-02-22 23:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll

2016-03-02 16:49 - 2016-02-22 23:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll

2016-03-02 16:49 - 2016-02-22 23:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll

2016-03-02 16:49 - 2016-02-22 23:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll

2016-03-02 16:49 - 2016-02-22 22:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2016-03-02 16:49 - 2016-02-22 22:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll

2016-03-02 16:49 - 2016-02-22 22:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2016-03-02 16:49 - 2016-02-22 22:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2016-03-02 16:49 - 2016-02-22 22:55 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll

2016-03-02 16:49 - 2016-02-22 22:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll

2016-03-02 16:49 - 2016-02-22 22:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2016-03-02 16:49 - 2016-02-22 22:50 - 22396416 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2016-03-02 16:49 - 2016-02-22 22:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2016-03-02 16:49 - 2016-02-22 22:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2016-03-02 16:49 - 2016-02-22 22:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll

2016-03-02 16:49 - 2016-02-22 22:40 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2016-03-02 16:49 - 2016-02-22 22:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2016-03-02 16:49 - 2016-02-22 22:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

2016-03-02 16:49 - 2016-02-22 22:36 - 19341312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2016-03-02 16:49 - 2016-02-22 22:36 - 18680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2016-03-02 16:49 - 2016-02-22 22:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2016-03-02 16:49 - 2016-02-22 22:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2016-03-02 16:49 - 2016-02-22 22:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2016-03-02 16:49 - 2016-02-22 22:33 - 14254080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll

2016-03-02 16:49 - 2016-02-22 22:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll

2016-03-02 16:49 - 2016-02-22 22:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2016-03-02 16:49 - 2016-02-22 22:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

2016-03-02 16:49 - 2016-02-22 22:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2016-03-02 16:49 - 2016-02-22 22:26 - 12587520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll

2016-03-02 16:49 - 2016-02-08 19:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll

2016-03-02 16:49 - 2016-02-08 19:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2016-03-02 16:49 - 2016-02-08 19:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe

2016-03-02 16:49 - 2016-02-08 19:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2016-03-02 16:48 - 2016-02-23 03:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2016-03-02 16:48 - 2016-02-23 03:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys

2016-03-02 16:48 - 2016-02-23 03:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll

2016-03-02 16:48 - 2016-02-23 03:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi

2016-03-02 16:48 - 2016-02-23 02:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll

2016-03-02 16:48 - 2016-02-23 02:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll

2016-03-02 16:48 - 2016-02-23 02:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll

2016-03-02 16:48 - 2016-02-23 02:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys

2016-03-02 16:48 - 2016-02-23 01:49 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll

2016-03-02 16:48 - 2016-02-23 01:45 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2016-03-02 16:48 - 2016-02-23 01:45 - 00259336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll

2016-03-02 16:48 - 2016-02-23 01:44 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe

2016-03-02 16:48 - 2016-02-23 01:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys

2016-03-02 16:48 - 2016-02-23 01:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll

2016-03-02 16:48 - 2016-02-23 01:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS

2016-03-02 16:48 - 2016-02-23 01:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys

2016-03-02 16:48 - 2016-02-23 01:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys

2016-03-02 16:48 - 2016-02-23 01:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll

2016-03-02 16:48 - 2016-02-23 01:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll

2016-03-02 16:48 - 2016-02-23 01:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe

2016-03-02 16:48 - 2016-02-23 01:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll

2016-03-02 16:48 - 2016-02-23 01:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll

2016-03-02 16:48 - 2016-02-23 01:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys

2016-03-02 16:48 - 2016-02-23 01:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll

2016-03-02 16:48 - 2016-02-23 01:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll

2016-03-02 16:48 - 2016-02-23 00:58 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll

2016-03-02 16:48 - 2016-02-23 00:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll

2016-03-02 16:48 - 2016-02-23 00:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe

2016-03-02 16:48 - 2016-02-23 00:55 - 00221600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll

2016-03-02 16:48 - 2016-02-23 00:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys

2016-03-02 16:48 - 2016-02-23 00:54 - 00539256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

2016-03-02 16:48 - 2016-02-23 00:54 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe

2016-03-02 16:48 - 2016-02-23 00:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll

2016-03-02 16:48 - 2016-02-23 00:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe

2016-03-02 16:48 - 2016-02-23 00:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe

2016-03-02 16:48 - 2016-02-23 00:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll

2016-03-02 16:48 - 2016-02-23 00:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll

2016-03-02 16:48 - 2016-02-23 00:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll

2016-03-02 16:48 - 2016-02-23 00:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll

2016-03-02 16:48 - 2016-02-23 00:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll

2016-03-02 16:48 - 2016-02-23 00:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll

2016-03-02 16:48 - 2016-02-23 00:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll

2016-03-02 16:48 - 2016-02-23 00:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe

2016-03-02 16:48 - 2016-02-23 00:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll

2016-03-02 16:48 - 2016-02-23 00:28 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll

2016-03-02 16:48 - 2016-02-23 00:25 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll

2016-03-02 16:48 - 2016-02-23 00:25 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe

2016-03-02 16:48 - 2016-02-23 00:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll

2016-03-02 16:48 - 2016-02-23 00:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll

2016-03-02 16:48 - 2016-02-23 00:22 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll

2016-03-02 16:48 - 2016-02-23 00:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll

2016-03-02 16:48 - 2016-02-23 00:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2016-03-02 16:48 - 2016-02-23 00:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll

2016-03-02 16:48 - 2016-02-23 00:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe

2016-03-02 16:48 - 2016-02-23 00:13 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll

2016-03-02 16:48 - 2016-02-23 00:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll

2016-03-02 16:48 - 2016-02-23 00:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe

2016-03-02 16:48 - 2016-02-23 00:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

2016-03-02 16:48 - 2016-02-23 00:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe

2016-03-02 16:48 - 2016-02-23 00:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys

2016-03-02 16:48 - 2016-02-22 23:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll

2016-03-02 16:48 - 2016-02-22 23:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll

2016-03-02 16:48 - 2016-02-22 23:54 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll

2016-03-02 16:48 - 2016-02-22 23:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll

2016-03-02 16:48 - 2016-02-22 23:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll

2016-03-02 16:48 - 2016-02-22 23:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll

2016-03-02 16:48 - 2016-02-22 23:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2016-03-02 16:48 - 2016-02-22 23:37 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll

2016-03-02 16:48 - 2016-02-22 23:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll

2016-03-02 16:48 - 2016-02-22 23:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2016-03-02 16:48 - 2016-02-22 23:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll

2016-03-02 16:48 - 2016-02-22 23:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll

2016-03-02 16:48 - 2016-02-22 23:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll

2016-03-02 16:48 - 2016-02-22 23:26 - 01498112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe

2016-03-02 16:48 - 2016-02-22 23:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll

2016-03-02 16:48 - 2016-02-22 23:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll

2016-03-02 16:48 - 2016-02-22 22:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll

2016-03-02 16:48 - 2016-02-22 22:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll

2016-03-02 16:48 - 2016-02-08 20:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

2016-03-02 16:48 - 2016-02-08 20:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys

2016-03-02 16:48 - 2016-02-08 19:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll

2016-03-02 16:48 - 2016-02-08 19:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll

2016-03-01 10:50 - 2016-03-01 10:50 - 00001058 _____ C:\WINDOWS\run.vbs

2016-02-26 12:00 - 2016-02-26 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

2016-02-20 12:01 - 2016-02-20 12:01 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2016-02-16 10:47 - 2016-02-16 10:47 - 00006656 _____ C:\Users\Joshua Jacquot\AppData\Local\tinstall.exe

2016-02-16 10:46 - 2016-02-16 10:46 - 00007168 _____ C:\Users\Joshua Jacquot\AppData\Local\tinstall4.exe

2016-02-16 09:23 - 2016-02-16 09:23 - 00008192 _____ C:\Users\Joshua Jacquot\AppData\Local\uid.exe

2016-02-11 10:44 - 2016-01-28 22:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe

2016-02-11 10:44 - 2016-01-28 22:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

2016-02-11 10:44 - 2016-01-26 22:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2016-02-11 10:44 - 2016-01-26 22:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2016-02-11 10:44 - 2016-01-26 21:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe

2016-02-11 10:44 - 2016-01-26 21:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll

2016-02-11 10:44 - 2016-01-26 21:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll

2016-02-11 10:44 - 2016-01-26 21:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe

2016-02-11 10:44 - 2016-01-26 21:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll

2016-02-11 10:44 - 2016-01-26 21:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll

2016-02-11 10:44 - 2016-01-26 21:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll

2016-02-11 10:44 - 2016-01-26 21:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2016-02-11 10:44 - 2016-01-26 21:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe

2016-02-11 10:44 - 2016-01-26 21:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll

2016-02-11 10:44 - 2016-01-26 21:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll

2016-02-11 10:44 - 2016-01-26 21:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll

2016-02-11 10:44 - 2016-01-26 21:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll

2016-02-11 10:44 - 2016-01-26 21:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll

2016-02-11 10:44 - 2016-01-26 21:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll

2016-02-11 10:44 - 2016-01-26 21:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll

2016-02-11 10:44 - 2016-01-26 21:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll

2016-02-11 10:44 - 2016-01-26 21:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll

2016-02-11 10:44 - 2016-01-26 21:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll

2016-02-11 10:44 - 2016-01-26 21:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2016-02-11 10:44 - 2016-01-26 20:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll

2016-02-11 10:44 - 2016-01-26 20:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

2016-02-11 10:44 - 2016-01-26 20:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2016-02-11 10:44 - 2016-01-26 20:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys

2016-02-11 10:44 - 2016-01-26 20:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2016-02-11 10:44 - 2016-01-26 20:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll

2016-02-11 10:44 - 2016-01-26 20:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2016-02-11 10:44 - 2016-01-26 20:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2016-02-11 10:44 - 2016-01-26 20:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll

2016-02-11 10:44 - 2016-01-26 20:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-03-09 17:00 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\AppReadiness

2016-03-09 16:57 - 2015-12-14 03:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-03-09 16:57 - 2015-12-14 03:39 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2016-03-09 16:57 - 2015-12-14 03:39 - 00000000 ____D C:\ProgramData\NVIDIA

2016-03-09 16:57 - 2015-10-29 22:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI

2016-03-09 16:57 - 2015-01-15 19:59 - 00026192 _____ (Windows ® Server 2003 DDK provider) C:\WINDOWS\gdrv.sys

2016-03-09 16:57 - 2014-11-29 05:52 - 00000000 __SHD C:\Users\Joshua Jacquot\IntelGraphicsProfiles

2016-03-09 16:57 - 2014-11-29 05:35 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2016-03-09 16:51 - 2015-10-29 23:11 - 00000000 ____D C:\WINDOWS\CbsTemp

2016-03-09 16:43 - 2015-12-14 03:41 - 01011572 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2016-03-09 16:43 - 2015-10-29 23:21 - 00000000 ____D C:\WINDOWS\INF

2016-03-09 16:36 - 2015-12-19 12:08 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Local\CrashDumps

2016-03-09 16:36 - 2014-11-29 05:35 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2016-03-09 16:35 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\Globalization

2016-03-08 22:41 - 2014-11-29 05:36 - 00002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-03-08 22:37 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow

2016-03-08 22:37 - 2015-06-16 18:00 - 00000954 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3913031655-1247145700-3822439410-1000UA.job

2016-03-08 22:37 - 2015-06-16 18:00 - 00000902 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3913031655-1247145700-3822439410-1000Core.job

2016-03-08 22:37 - 2015-05-02 16:29 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2016-03-08 17:46 - 2014-12-01 15:55 - 00000000 ___RD C:\Users\Joshua Jacquot\Dropbox

2016-03-08 17:46 - 2014-12-01 15:54 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox

2016-03-08 16:44 - 2015-08-02 02:38 - 00000000 ____D C:\WINDOWS\system32\MRT

2016-03-08 16:42 - 2015-08-02 02:38 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2016-03-08 16:36 - 2015-06-13 14:14 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Roaming\Apple Computer

2016-03-08 16:18 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\NDF

2016-03-08 16:18 - 2015-01-22 21:40 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Local\ElevatedDiagnostics

2016-03-08 16:11 - 2015-12-14 03:39 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2016-03-08 16:11 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SchCache

2016-03-08 15:35 - 2015-10-29 23:24 - 00000000 ___HD C:\Program Files\WindowsApps

2016-03-08 15:15 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\Branding

2016-03-08 14:44 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\tracing

2016-03-07 21:41 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\schemas

2016-03-07 20:36 - 2015-12-14 03:41 - 00000000 ____D C:\Users\Joshua Jacquot

2016-03-07 20:36 - 2015-08-03 12:59 - 00000000 __RHD C:\Users\Public\AccountPictures

2016-03-07 20:18 - 2015-12-15 20:37 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Local\MicrosoftEdge

2016-03-07 19:31 - 2014-11-30 15:22 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Roaming\vlc

2016-03-07 15:12 - 2014-11-29 06:36 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Roaming\Azureus

2016-03-06 01:50 - 2014-12-01 15:38 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Local\Spotify

2016-03-06 00:55 - 2014-12-01 15:38 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Roaming\Spotify

2016-03-04 22:21 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\rescache

2016-03-04 20:10 - 2015-12-14 03:38 - 00241704 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2016-03-02 22:42 - 2015-10-30 01:07 - 00000000 ____D C:\Program Files\Windows Journal

2016-03-02 22:42 - 2015-10-29 23:24 - 00000000 __RSD C:\WINDOWS\Media

2016-03-02 22:42 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog

2016-03-02 22:42 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2016-03-02 22:42 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform

2016-03-02 22:42 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\appraiser

2016-03-02 22:42 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\bcastdvr

2016-03-02 22:42 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files\Windows Portable Devices

2016-03-02 22:42 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform

2016-03-02 22:42 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices

2016-03-02 22:42 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform

2016-03-02 22:42 - 2015-10-29 22:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism

2016-03-02 22:42 - 2015-10-29 22:28 - 00000000 ____D C:\WINDOWS\system32\Dism

2016-02-26 12:00 - 2015-11-13 23:48 - 00000000 ____D C:\Program Files\McAfee Security Scan

2016-02-16 18:17 - 2015-07-27 22:39 - 00000000 ____D C:\EAGLE-7.3.0

2016-02-12 10:43 - 2015-08-03 13:01 - 00002441 _____ C:\Users\Joshua Jacquot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2016-02-12 10:43 - 2015-08-03 13:01 - 00000000 ___RD C:\Users\Joshua Jacquot\OneDrive

 

==================== Files in the root of some directories =======

 

2016-03-07 20:03 - 2016-03-07 20:03 - 8037888 _____ () C:\Users\Joshua Jacquot\AppData\Roaming\agent.dat

2016-03-07 20:03 - 2016-03-07 20:03 - 0127488 _____ () C:\Users\Joshua Jacquot\AppData\Roaming\Installer.dat

2016-03-07 20:03 - 2016-03-07 20:03 - 0018432 _____ () C:\Users\Joshua Jacquot\AppData\Roaming\Main.dat

2016-03-07 20:03 - 2016-03-07 20:03 - 1902189 _____ () C:\Users\Joshua Jacquot\AppData\Roaming\Opewarm.tst

2016-03-07 20:03 - 2016-03-07 20:03 - 0072704 _____ () C:\Users\Joshua Jacquot\AppData\Roaming\Scotrantrax.tst

2016-03-07 20:04 - 2016-03-07 20:04 - 0000014 _____ () C:\Users\Joshua Jacquot\AppData\Local\77592347.txt

2016-03-07 20:04 - 2016-03-07 20:04 - 0000120 _____ () C:\Users\Joshua Jacquot\AppData\Local\abcdtemf.txt

2015-01-03 19:09 - 2015-11-09 18:40 - 2128896 _____ () C:\Users\Joshua Jacquot\AppData\Local\file__0.localstorage

2016-02-06 15:16 - 2016-02-06 15:16 - 0000036 _____ () C:\Users\Joshua Jacquot\AppData\Local\housecall.guid.cache

2015-11-02 02:45 - 2015-11-02 02:45 - 0005192 _____ () C:\Users\Joshua Jacquot\AppData\Local\recently-used.xbel

2016-02-16 10:47 - 2016-02-16 10:47 - 0006656 _____ () C:\Users\Joshua Jacquot\AppData\Local\tinstall.exe

2016-02-16 10:46 - 2016-02-16 10:46 - 0007168 _____ () C:\Users\Joshua Jacquot\AppData\Local\tinstall4.exe

2016-02-16 09:23 - 2016-02-16 09:23 - 0008192 _____ () C:\Users\Joshua Jacquot\AppData\Local\uid.exe

2015-12-14 03:39 - 2015-12-14 03:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

 

Some files in TEMP:

====================

C:\Users\Joshua Jacquot\AppData\Local\Temp\compete.exe

C:\Users\Joshua Jacquot\AppData\Local\Temp\DW75UZKZMW.exe

C:\Users\Joshua Jacquot\AppData\Local\Temp\dxdiag.exe

C:\Users\Joshua Jacquot\AppData\Local\Temp\i4jdel0.exe

C:\Users\Joshua Jacquot\AppData\Local\Temp\io4.exe

C:\Users\Joshua Jacquot\AppData\Local\Temp\io5.exe

C:\Users\Joshua Jacquot\AppData\Local\Temp\MSUO27HRMG.exe

C:\Users\Joshua Jacquot\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Joshua Jacquot\AppData\Local\Temp\nvSCPAPI64.dll

C:\Users\Joshua Jacquot\AppData\Local\Temp\nvStInst.exe

C:\Users\Joshua Jacquot\AppData\Local\Temp\sqlite3.dll

C:\Users\Joshua Jacquot\AppData\Local\Temp\tu17p84.exe

C:\Users\Joshua Jacquot\AppData\Local\Temp\{FF6EACB1-D30E-4172-B55F-A58419A59BF8}-49.0.2623.75_chrome_installer.exe

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2016-02-29 05:09

 

==================== End of FRST.txt ============================

 

 

 

 

[Thejockobird]

For some reason I couldn't find the attachment button on here, so I;m posting the 'ADDITION.TXT" here...

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01

Ran by Joshua Jacquot (2016-03-09 17:03:28)

Running from E:\Desktop

Windows 10 Home Version 1511 (X64) (2015-12-14 11:46:31)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-3913031655-1247145700-3822439410-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-3913031655-1247145700-3822439410-503 - Limited - Disabled)

Guest (S-1-5-21-3913031655-1247145700-3822439410-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3913031655-1247145700-3822439410-1002 - Limited - Enabled)

Joshua Jacquot (S-1-5-21-3913031655-1247145700-3822439410-1000 - Administrator - Enabled) => C:\Users\Joshua Jacquot

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)

Amazon Music (HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\...\Amazon Amazon Music) (Version: 3.7.0.693 - Amazon Services LLC)

APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.15.0811 - Gigabyte)

APP Center (x32 Version: 1.15.0811 - Gigabyte) Hidden

Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Assassin's Creed® III v1.02 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.02 - Ubisoft)

AVS Video Converter 9.1 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 9.1.4.574 - Online Media Technologies Ltd.)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden

Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)

Corsair Gaming Headset Software (HKLM-x32\...\{6118E939-08B6-4180-8B5B-97836617813B}) (Version: 2.0.35 - Corsair)

Corsair Utility Engine (HKLM-x32\...\{19891EA3-D477-44FB-96A6-C846A40DB4D6}) (Version: 1.3.91 - Corsair)

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)

DesignSpark PCB 7.0 (x32 Version: 7.0.2 - RS Components) Hidden

DesignSpark PCB Version 7.0.2 (HKLM-x32\...\InstallShield_{D50700AA-D25A-463B-98BF-E09585325711}) (Version: 7.0.2 - RS Components)

DipTrace (HKLM\...\DipTrace) (Version: 2.4 - Novarm)

Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.5 - Electronic Arts)

Dropbox (HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)

EAGLE 7.2.0 (HKLM-x32\...\EAGLE 7.2.0) (Version: 7.2.0 - CadSoft Computer GmbH)

EAGLE 7.3.0 (HKLM\...\EAGLE 7.3.0) (Version: 7.3.0 - CadSoft Computer GmbH)

EAGLE PCB Power Tools 5.06 (HKLM-x32\...\EAGLE PCB Power Tools 5.06) (Version:  - )

erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

EVGA PrecisionX 16 (HKLM-x32\...\{DD747735-7FA7-4F0F-903A-271D0DCE7240}) (Version: 5.2.7 - EVGA Corporation)

EVGA PrecisionX 16 (HKLM-x32\...\Steam App 268850) (Version:  - EVGA)

Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)

Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)

FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)

Fraps (HKLM-x32\...\Fraps) (Version:  - )

Geeks3D FurMark 1.15.1.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)

GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden

Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)

Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)

Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)

Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)

Intel® Network Connections 18.8.136.0 (HKLM\...\PROSetDX) (Version: 18.8.136.0 - Intel)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)

Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden

iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)

Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)

LOOT (HKLM-x32\...\LOOT) (Version: 0.6.0 - LOOT Development Team)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.292.3 - McAfee, Inc.)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)

MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)

NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)

NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)

OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)

Origin (HKLM-x32\...\Origin) (Version: 9.4.23.2817 - Electronic Arts, Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)

SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden

SIV (HKLM-x32\...\InstallShield_{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.00.0000 - GIGABYTE)

SIV (x32 Version: 1.00.0000 - GIGABYTE) Hidden

Spotify (HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\...\Spotify) (Version: 1.0.23.90.g42187855 - Spotify AB)

SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.21.18.4608 - Enigma Software Group, LLC)

StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)

The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)

The Lord of the Rings Online™ (HKLM-x32\...\Steam App 212500) (Version:  - Turbine, Inc.)

Tone Stack Calculator version 1.3 (HKLM-x32\...\{D1385B9C-DD6D-43FE-B07C-28A80B23422F}_is1) (Version: 1.3 - Duncan Amplification)

Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)

Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

WinRAR 5.20 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.4 - win.rar GmbH)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-3913031655-1247145700-3822439410-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3913031655-1247145700-3822439410-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Joshua Jacquot\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3913031655-1247145700-3822439410-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3913031655-1247145700-3822439410-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3913031655-1247145700-3822439410-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3913031655-1247145700-3822439410-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3913031655-1247145700-3822439410-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3913031655-1247145700-3822439410-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3913031655-1247145700-3822439410-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3913031655-1247145700-3822439410-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3913031655-1247145700-3822439410-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3913031655-1247145700-3822439410-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {0B81C0C5-84A6-42E5-9567-422A8ED4CBA5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe

Task: {12A02143-F7F7-4218-B4A9-C1361CD9EA14} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe

Task: {132198BD-E99A-4883-8595-3BEAFA6E6B7E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {13A049F6-B03C-47AA-A854-4941A36FC90F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe

Task: {163E3993-AE31-4A23-8B52-8B128D4D2EBD} - \Adobe Flash Player Updater -> No File <==== ATTENTION

Task: {1BA18A52-B774-4FA9-B7E3-F1BAD39660DA} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION

Task: {1E45A9AF-A6A6-4743-8E27-B2BA6DCEA13C} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe

Task: {26B8736C-158D-4B27-8538-25295FA90FA2} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe

Task: {2BA4A8A4-B497-40CC-B6BA-D70E917ED5B5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-08] (Microsoft Corporation)

Task: {30175BBD-9F99-4DDE-BE64-691DEEEEBFA0} - \osTip -> No File <==== ATTENTION

Task: {3757AAFE-BC9E-4D07-A058-254DAF4520B1} - \TKYGUGBWOODTNQRY -> No File <==== ATTENTION

Task: {3DC2DDBE-BFFF-4693-8BE4-CC5F3A3F0DE6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe

Task: {432A908C-F6E5-443D-8AFE-F871213080F7} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe

Task: {474C35E8-182B-4DA8-825F-A45B55D7E62F} - System32\Tasks\0iId9ycFhZoZ3WmMuUED-ni-2016-03-07-ni-16145-ni-1 => C:\Program Files (x86)\dizzy\acoustics.exe [2016-03-07] (windows 99)

Task: {4F6EAA43-948E-4D5C-A389-78F603B06973} - \CreateExplorerShellUnelevatedTask -> No File <==== ATTENTION

Task: {5FF954F2-08CE-4525-9C50-31733B90336F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {62F6B4C0-1954-496A-B7B3-0E830A0020DF} - \210322000 -> No File <==== ATTENTION

Task: {6A6A2C5B-A41A-4715-9C7E-7EB5A3F3F76D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe

Task: {6F484E41-E07A-4386-89E7-88C5F67C10BD} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe

Task: {71468B62-255E-4C8E-9CB1-39B4B8C75791} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe

Task: {732CD5B1-BAE8-452A-BFCE-2473C73E8ABA} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe

Task: {74FC2D81-60DB-4CE2-824D-3C8F98336889} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe

Task: {820BE8A1-7DA1-4F0B-9094-B2B290820CDD} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION

Task: {85868D0F-2B02-46C8-B35F-DB45815215B9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe

Task: {8827637D-F8E7-481A-B4E6-CA2C32194B04} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe

Task: {919AF23A-BAF8-4122-9F74-E1DEC581F1AB} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe

Task: {9BBD3744-3CFD-4E96-8424-E1F5773D9211} - System32\Tasks\3476718347671834767183476718 => C:\Program Files (x86)\dizzy\acoustics.exe [2016-03-07] (windows 99) <==== ATTENTION

Task: {9F65CC92-6B74-44FE-8D3B-3E16C2F42032} - \{F500B175-4884-49B6-AC1A-A8D57BFA3C30} -> No File <==== ATTENTION

Task: {A0B4EF59-F10B-48C9-A05D-834853F97B5D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {BE565111-F581-4E9D-9320-2B5F3547F44D} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe

Task: {C73C0D56-F463-4A30-8CA4-5593144EADCA} - \DropboxUpdateTaskUserS-1-5-21-3913031655-1247145700-3822439410-1000UA -> No File <==== ATTENTION

Task: {CCD016B7-4C8D-437B-86A5-CAB678F79DBA} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe

Task: {D4BE1C9E-602C-46F1-98E2-66055361AED6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe

Task: {DCD71E09-E99F-4FF6-A104-591E6F1B1CFE} - \Adobe Acrobat Update Task -> No File <==== ATTENTION

Task: {DE35FAD8-FF8E-439B-8909-770B22323B43} - System32\Tasks\170102 => C:\Program Files (x86)\dizzy\acoustics.exe [2016-03-07] (windows 99) <==== ATTENTION

Task: {DE8D2741-2BF4-4903-8ACD-8BCE6B632CB2} - System32\Tasks\{5C4815F9-06DE-4719-AF02-39AA07AA2B23} => pcalua.exe -a C:\Windows\system32\pbsvc.exe -c -u

Task: {DFECBD94-3A27-4042-97CA-37342024A1AF} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {E85F3C8B-F031-462A-A750-85BA3C9E9694} - \80952295 -> No File <==== ATTENTION

Task: {ED85C97B-F230-4F0D-80D6-6A8B1D3D6415} - \EVGAPrecisionX -> No File <==== ATTENTION

Task: {F5EB8B9C-724C-42D4-84A8-22DCAF88D20B} - \110322000 -> No File <==== ATTENTION

Task: {FDEC2236-26ED-4495-9B6C-E164002E54B3} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe

Task: {FECE741C-CE06-4011-A987-B8EB712B99DB} - \DropboxUpdateTaskUserS-1-5-21-3913031655-1247145700-3822439410-1000Core -> No File <==== ATTENTION

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3913031655-1247145700-3822439410-1000Core.job => C:\Users\Joshua Jacquot\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3913031655-1247145700-3822439410-1000UA.job => C:\Users\Joshua Jacquot\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\TKYGUGBWOODTNQRY.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{F48A614D-9813-4745-B969-48C137D54C42}.job => C:\WINDOWS\system32\msfeedssync.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

ShortcutWithArgument: C:\Users\Joshua Jacquot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G38zgutbl342,f70ea8ea-5eda-48bc-bbc6-608a7321c3a4,

ShortcutWithArgument: C:\Users\Joshua Jacquot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G38zgutbl342,f70ea8ea-5eda-48bc-bbc6-608a7321c3a4,

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G38zgutbl342,f70ea8ea-5eda-48bc-bbc6-608a7321c3a4,

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-10-29 23:18 - 2015-10-29 23:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll

2015-12-14 03:39 - 2015-12-16 06:54 - 00126256 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2015-04-14 15:27 - 2015-04-14 15:27 - 00016896 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe

2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-03-20 17:12 - 2015-03-20 17:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2015-12-19 11:27 - 2015-12-08 17:52 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll

2016-03-02 16:49 - 2016-02-23 03:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2016-03-02 16:49 - 2016-02-23 03:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

2016-01-23 00:56 - 2016-01-23 00:56 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe

2015-12-19 00:40 - 2015-12-06 20:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll

2016-03-02 16:49 - 2016-02-23 00:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll

2015-07-30 09:52 - 2015-07-30 09:52 - 01244456 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe

2016-01-12 15:25 - 2016-01-04 17:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2016-01-12 15:25 - 2016-01-04 17:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2016-01-31 14:46 - 2016-01-15 21:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2016-01-31 14:46 - 2016-01-15 21:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2016-01-23 00:56 - 2016-01-23 00:56 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll

2016-01-23 00:56 - 2016-01-23 00:56 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

2015-11-09 18:26 - 2015-12-08 17:53 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2014-01-22 13:53 - 2014-01-22 13:53 - 01607680 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\BDR_info.dll

2015-02-16 10:47 - 2015-02-16 10:47 - 00105472 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\ycc.dll

2016-03-08 22:41 - 2016-03-07 18:48 - 01676440 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll

2016-03-08 22:41 - 2016-03-07 18:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll

2016-03-09 16:32 - 2016-03-08 12:16 - 17541312 _____ () C:\Users\Joshua Jacquot\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.182\pepflashplayer.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 18:34 - 2016-03-07 20:03 - 00001005 ____N C:\WINDOWS\system32\Drivers\etc\hosts

 

0.0.0.1 mssplus.mcafee.com

127.0.0.1       down.baidu2016.com

127.0.0.1       123.sogou.com

127.0.0.1       www.czzsyzgm.com

127.0.0.1       www.czzsyzxl.com

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\Control Panel\Desktop\\Wallpaper -> E:\Libraries\Pictures\fallout 4 background.png

DNS Servers: 209.18.47.62 - 209.18.47.61

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"

HKLM\...\StartupApproved\Run: => "IAStorIcon"

HKLM\...\StartupApproved\Run: => "iTunesHelper"

HKLM\...\StartupApproved\Run: => "NvBackend"

HKLM\...\StartupApproved\Run: => "ShadowPlay"

HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\...\StartupApproved\StartupFolder: => "Dropbox.lnk"

HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\...\StartupApproved\StartupFolder: => "APP Center.lnk"

HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\...\StartupApproved\Run: => "Dynamation"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808

FirewallRules: [uDP Query User{A7BA4DD0-0F4B-4397-9BEA-B8FC566DBA51}B:\games\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) B:\games\steam\steamapps\common\fallout 4\fallout4.exe

FirewallRules: [TCP Query User{E48EA24F-DD25-4AEC-94B2-1E854AAEA1F2}B:\games\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) B:\games\steam\steamapps\common\fallout 4\fallout4.exe

FirewallRules: [uDP Query User{E3A7210C-685B-4591-ACBE-4EE14A0F8D2A}B:\games\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) B:\games\steam\steamapps\common\fallout 4\fallout4.exe

FirewallRules: [TCP Query User{16361CBF-C791-4EDF-9506-E23DB43DBB16}B:\games\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) B:\games\steam\steamapps\common\fallout 4\fallout4.exe

FirewallRules: [{393D04F3-0217-4156-9C11-47697E77BECA}] => (Allow) B:\Games\Steam\steamapps\common\EVGA PrecisionX\Skins\UxfTool.exe

FirewallRules: [{BCA93889-8623-43A5-BA61-82AAFF18E22A}] => (Allow) B:\Games\Steam\steamapps\common\EVGA PrecisionX\Skins\UxfTool.exe

FirewallRules: [{908EA51E-28EA-4B66-B0DE-2BE2CDA0B87D}] => (Allow) B:\Games\Steam\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe

FirewallRules: [{CB35A786-442C-4F01-BDCE-CF27157FEAF3}] => (Allow) B:\Games\Steam\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe

FirewallRules: [{0A0B8431-F52F-4A60-B97D-3E82F8E3B5FA}] => (Allow) B:\Games\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe

FirewallRules: [{74007FD4-4242-4828-82E6-4B727B1E0E2D}] => (Allow) B:\Games\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe

FirewallRules: [{61550D8A-4C15-424B-81E3-8EEBABE36DD3}] => (Allow) B:\Games\Steam\bin\steamwebhelper.exe

FirewallRules: [{291E9606-EB6A-4686-8C75-9B8D98612BAA}] => (Allow) B:\Games\Steam\bin\steamwebhelper.exe

FirewallRules: [{F75B61AC-D8BF-4406-AC82-59087943DF39}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{5F8068CD-07C2-467A-9F7E-882B8CFA42E3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{82B34E95-9C18-4A20-B44E-66153344C319}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

FirewallRules: [{AE2D18BB-E7F8-4AC6-8D0E-09FB551082FE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{CF8BBD73-F830-443E-8050-8E61CEEE7653}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{07954813-3F58-4EDF-8D39-97C2AE531460}] => (Allow) B:\Games\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe

FirewallRules: [{20489001-D64F-45BF-810C-9C43D2F1877E}] => (Allow) B:\Games\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe

FirewallRules: [{82993C6F-C704-44FE-B564-403CD19FA5F5}] => (Allow) B:\Games\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe

FirewallRules: [{37EF3A59-68D1-44DB-A314-4352AA7520D0}] => (Allow) B:\Games\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe

FirewallRules: [{5CF1C7A6-FE9A-44BB-BB8C-93086F61C484}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{56A3536A-8C40-4C9E-B175-93A178D68CE1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{16C80442-CDC1-4F18-8229-743C5E54BB17}] => (Allow) C:\Games\Steam\Steam.exe

FirewallRules: [{3971902D-BAE7-47F8-B2A1-64C0E9ECC051}] => (Allow) C:\Games\Steam\Steam.exe

FirewallRules: [{7564BB97-B0C0-4B99-89BB-4B216561B6C3}] => (Allow) C:\Games\Steam\bin\steamwebhelper.exe

FirewallRules: [{3C84FA55-D71C-41E0-94D4-78A9FB7E71F5}] => (Allow) C:\Games\Steam\bin\steamwebhelper.exe

FirewallRules: [{0D39BDC9-AAF0-48AE-A6C0-18B950A99A87}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe

FirewallRules: [{E56A7330-AE76-4E5B-987C-9C7064E7B9EA}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe

FirewallRules: [{4946CFC0-D724-4E0A-88E7-015EDC37BA48}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe

FirewallRules: [{32B4A989-58CE-470C-ABB9-04BC08E26461}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe

FirewallRules: [{A2746088-9633-42DA-B646-2378A58D047A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe

FirewallRules: [{1142969E-8C89-49BC-9D68-398C508F60A8}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe

FirewallRules: [{814855F1-31DB-466C-A9DB-4704090A5BF8}] => (Allow) C:\Games\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe

FirewallRules: [{81FFD82F-0A32-4539-BC65-D3C27C13A331}] => (Allow) C:\Games\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe

FirewallRules: [{81CAFCD6-3DB2-445E-B98C-90CA00D1BBF5}] => (Allow) C:\Games\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe

FirewallRules: [{534E9860-0FA7-42D6-A7B4-EF0B54F8E310}] => (Allow) C:\Games\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe

FirewallRules: [{4E778DC5-A4B2-43C9-935A-C4E71B5FE74C}] => (Allow) C:\Games\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe

FirewallRules: [{26D51D76-8188-4F07-8C0F-BDE31D07320C}] => (Allow) C:\Games\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe

FirewallRules: [{D6144BFB-D7BE-4FCF-BCB8-F75DAF775271}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe

FirewallRules: [{B236DA4E-4508-4C72-9749-E8CEF7FAB1E2}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe

FirewallRules: [TCP Query User{D6364AEB-AE47-4D4B-A9BF-A41A9255E5B9}C:\users\joshua jacquot\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joshua jacquot\appdata\roaming\spotify\spotify.exe

FirewallRules: [uDP Query User{6C01D2CC-EB60-4F71-B382-F8BEA652C807}C:\users\joshua jacquot\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joshua jacquot\appdata\roaming\spotify\spotify.exe

FirewallRules: [{545698DC-FDA7-49C6-AE1C-B3A8F03D5A8C}] => (Allow) C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{9F927F5C-6767-4125-8EDA-C72C334CD144}] => (Allow) C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [TCP Query User{40049B3F-7DF4-487C-B25C-C4385B23785E}C:\users\joshua jacquot\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\joshua jacquot\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [uDP Query User{D4E0B034-4592-4268-9153-5101649BB2AF}C:\users\joshua jacquot\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\joshua jacquot\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [{5FCD2CD6-F5A7-40B2-8B0A-DE15FAB5CEB6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe

FirewallRules: [{BF073E7D-5A62-452F-B75E-C163A693A1B1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe

FirewallRules: [TCP Query User{F49B0A2E-80AC-4C8A-8852-C7DEED218BF3}C:\games\blizzard entertainment\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\games\blizzard entertainment\starcraft ii\versions\base32283\sc2.exe

FirewallRules: [uDP Query User{80830FDA-0CA4-4DD9-9780-8F930C392056}C:\games\blizzard entertainment\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\games\blizzard entertainment\starcraft ii\versions\base32283\sc2.exe

FirewallRules: [{ED068B34-0EF8-45CF-888E-5FDD84B20B6D}] => (Allow) C:\Games\Dragon Age Inquisition\DragonAgeInquisition.exe

FirewallRules: [{9016D81D-00D8-4D64-8D14-37973A10C76A}] => (Allow) C:\Games\Dragon Age Inquisition\DragonAgeInquisition.exe

FirewallRules: [{108A3074-9F4A-4BC6-82DB-1349269422CD}] => (Allow) C:\Games\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe

FirewallRules: [{8DE49252-557B-4882-ABC6-3B12E99F3B7A}] => (Allow) C:\Games\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe

FirewallRules: [{FDFADDC8-7893-4213-9619-24771943DF86}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe

FirewallRules: [{84A3B4D1-07BF-4D11-9860-99B7A14E9C61}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe

FirewallRules: [{A46FF6D4-B207-4F48-8B68-13F976A1BE9F}] => (Allow) B:\Games\Steam\Steam.exe

FirewallRules: [{C45959B8-3F17-4D86-B5B5-3B167969E38D}] => (Allow) B:\Games\Steam\Steam.exe

FirewallRules: [{2D221DF5-C553-4E21-805F-45F168C81CE9}] => (Allow) B:\Games\Blizzard Entertainment\Hearthstone\Hearthstone.exe

FirewallRules: [{BC37DD31-D1FA-419B-ABA9-8B980364679A}] => (Allow) B:\Games\Blizzard Entertainment\Hearthstone\Hearthstone.exe

FirewallRules: [{C92A74D8-2898-4C4B-B4B0-9566B5F273CA}] => (Allow) B:\Games\Steam\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{61CECB22-667E-409D-8E6F-1FB43EE01459}] => (Allow) B:\Games\Steam\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{AD461A10-9334-4A29-8CE5-9D205C321376}] => (Allow) B:\Games\Steam\steamapps\common\Lord of the Rings Online\TurbineInvoker.exe

FirewallRules: [{4F59BDC8-FA9A-4E37-A76F-5BE348A1178E}] => (Allow) B:\Games\Steam\steamapps\common\Lord of the Rings Online\TurbineInvoker.exe

FirewallRules: [{C79FCDEB-C652-4648-91FD-8DA2C2339845}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

FirewallRules: [{177D0E12-F05D-4E7D-83DE-72F6D19E351A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

FirewallRules: [{06E165F6-009C-4A1E-A52F-AA5598748847}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

FirewallRules: [{7195D857-0F96-47CA-9065-A127D7F9F288}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

FirewallRules: [{DC7083D8-DFC7-440E-97F1-6806ABFF37F1}] => (Allow) B:\Games\Ubisoft Game Launcher\games\AC3SP.exe

FirewallRules: [{7BCA9702-2295-4CD3-86B1-311B85A710CF}] => (Allow) B:\Games\Ubisoft Game Launcher\games\AC3SP.exe

FirewallRules: [{2BD6E953-CC64-49E9-8B50-7E739C2F6447}] => (Allow) B:\Games\Ubisoft Game Launcher\games\AC3MP.exe

FirewallRules: [{3CF31B1F-06B7-4557-A8CE-C5FCCD87AD2F}] => (Allow) B:\Games\Ubisoft Game Launcher\games\AC3MP.exe

FirewallRules: [{0D2C6922-CC4A-44CD-ABAC-E01DA339AE7F}] => (Allow) B:\Games\Ubisoft Game Launcher\games\AssassinsCreed3.exe

FirewallRules: [{B53DA54E-098C-46B3-8981-6DA2EBC0B43F}] => (Allow) B:\Games\Ubisoft Game Launcher\games\AssassinsCreed3.exe

FirewallRules: [{68B1D426-3281-4771-8FAE-60E71F3D2362}] => (Block) B:\Games\My Games\Metro 2033 Redux\metro.exe

FirewallRules: [{198D30D6-9F65-463F-820C-6C7DEDCF2E4B}] => (Block) B:\Games\My Games\Metro Last Light Redux\metro.exe

FirewallRules: [{7EE1C675-2129-4429-8562-E51E9B427586}] => (Block) B:\Games\My Games\Metro Last Light Redux\metro_benchmark.exe

FirewallRules: [{2C7C5727-82D1-410B-8462-532A769CF089}] => (Block) B:\Games\My Games\Metro 2033 Redux\metro_benchmark.exe

FirewallRules: [{EEB8BBFA-2132-4F11-991E-5C0770F22374}] => (Block) B:\Games\My Games\Assassins Creed Unity\ACU.exe

FirewallRules: [{34590BA5-5CE1-4E62-BA5D-31C28DBC87E6}] => (Allow) B:\Games\Dragon Age Inquisition\DragonAgeInquisition.exe

FirewallRules: [{508D7864-D3C1-41D3-A793-8F713C62D0B4}] => (Allow) B:\Games\Dragon Age Inquisition\DragonAgeInquisition.exe

FirewallRules: [{C724F967-1D82-492B-9523-64FA7072B6FE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe

FirewallRules: [{6BDB95E0-2CD0-41AF-9FA3-7B9785553D05}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe

FirewallRules: [TCP Query User{C12B9669-3641-4272-933D-9914F2345DE8}B:\games\blizzard entertainment\starcraft ii\versions\base32283\sc2.exe] => (Allow) B:\games\blizzard entertainment\starcraft ii\versions\base32283\sc2.exe

FirewallRules: [uDP Query User{6D48A61E-A448-4A69-A245-1A7742A558BA}B:\games\blizzard entertainment\starcraft ii\versions\base32283\sc2.exe] => (Allow) B:\games\blizzard entertainment\starcraft ii\versions\base32283\sc2.exe

FirewallRules: [TCP Query User{AD9234D3-54D1-4B20-AE46-F709145AAB47}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe

FirewallRules: [uDP Query User{185F3A61-4C25-4BE6-BBC6-B18ADAFA0DE5}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe

FirewallRules: [TCP Query User{3D0CABDC-7C42-488D-921F-1B9B275DA816}C:\users\joshua jacquot\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joshua jacquot\appdata\roaming\spotify\spotify.exe

FirewallRules: [uDP Query User{D8E9B302-30DB-42C0-82A8-9BD4B33CD785}C:\users\joshua jacquot\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joshua jacquot\appdata\roaming\spotify\spotify.exe

FirewallRules: [{CD67C327-BD19-461A-A810-31510E30AA7A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{84771A16-4A90-4C9A-A81A-F0DF3C1C101C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{F75F53D0-A23A-429D-BD3B-D03CB70F702D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{50E2C7B8-4D7D-4984-8D76-1EA4F7BC01B0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{FA1F6153-8FFD-4C7D-B990-0B172CB2620E}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{BAD3DF29-3A9B-4D41-94A0-DBC4D89A62C7}] => (Allow) C:\Program Files (x86)\dizzy\acoustics.exe

FirewallRules: [{F65AB188-0468-4E7C-BDC1-19D15E3B1963}] => (Allow) C:\Program Files (x86)\dizzy\acoustics.exe

FirewallRules: [{7174BDC1-9A0A-4AD5-AA73-5922EF4A7C5F}] => (Allow) C:\Program Files (x86)\dizzy\getcap.exe

FirewallRules: [{50834666-AB63-411C-A45D-62BF8C14D7AB}] => (Allow) C:\Program Files (x86)\dizzy\getcap.exe

FirewallRules: [{FFDF120D-9272-4D70-8511-5621F6837B15}] => (Allow) C:\a\winonit.exe

FirewallRules: [{151BD223-59C0-4C4E-9DB7-54E046C3272F}] => (Allow) C:\a\winonit.exe

FirewallRules: [{7FC7835E-CB6A-4AA1-9679-A56E56B626C7}] => (Allow) C:\Program Files (x86)\dizzy\useless.exe

FirewallRules: [{00C60F98-E32B-49DD-B184-880F41AAF288}] => (Allow) C:\Program Files (x86)\dizzy\useless.exe

FirewallRules: [{CF7080B0-3DE1-456E-98F5-5581B6AA7565}] => (Allow) C:\a\vchk.exe

FirewallRules: [{823BA44A-C555-4B51-B325-2AA5E6037C80}] => (Allow) C:\a\vchk.exe

FirewallRules: [{8325164A-6069-4893-8056-B050D89E6714}] => (Allow) C:\a\0iId9ycFhZoZ3WmMuUED-ni-2016-03-07-ni-16145-ni-1.exe

FirewallRules: [{5E32871C-9E48-4096-B5E5-898E9EA8C4B0}] => (Allow) C:\a\0iId9ycFhZoZ3WmMuUED-ni-2016-03-07-ni-16145-ni-1.exe

FirewallRules: [{6538C808-3872-4017-83BB-AE01485CF36D}] => (Allow) C:\Program Files (x86)\lace\prefer.exe

FirewallRules: [{EAD6E54F-D39C-4AD5-8FB3-9FA34BCADFAE}] => (Allow) C:\Program Files (x86)\lace\prefer.exe

FirewallRules: [{02E008E9-9DF4-4D7E-ACF1-9740F61EB9A8}] => (Allow) C:\Program Files (x86)\cowardly\wipe.exe

FirewallRules: [{867B000B-8B50-4E11-A2AA-81CEC38F4D55}] => (Allow) C:\Program Files (x86)\cowardly\wipe.exe

FirewallRules: [{DDE6445F-7B6F-4841-A37B-432562C68892}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Restore Points =========================

 

ATTENTION: System Restore is disabled

 

==================== Faulty Device Manager Devices =============

 

Name: Ethernet Controller

Description: Ethernet Controller

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (03/09/2016 04:57:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Local Hostname JoshuaJacquot.local already in use; will try JoshuaJacquot-2.local instead

 

Error: (03/09/2016 04:57:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister   16 JoshuaJacquot.local. AAAA FE80:0000:0000:0000:3919:B880:83DC:0A6B

 

Error: (03/09/2016 04:57:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:3919:B880:83DC:0A6B:5353   16 JoshuaJacquot.local. AAAA 2605:E000:3594:A100:0000:0000:0000:0001

 

Error: (03/09/2016 04:36:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   21 B.6.A.0.C.D.3.8.0.8.8.B.9.1.9.3.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR JoshuaJacquot.local.

 

Error: (03/09/2016 04:36:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.0.2:5353   23 B.6.A.0.C.D.3.8.0.8.8.B.9.1.9.3.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR JoshuaJacquot-2.local.

 

Error: (03/09/2016 04:36:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   21 1.7.E.8.F.2.F.A.8.3.B.A.1.1.8.B.0.0.1.A.4.9.5.3.0.0.0.E.5.0.6.2.ip6.arpa. PTR JoshuaJacquot.local.

 

Error: (03/09/2016 04:36:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.0.2:5353   23 1.7.E.8.F.2.F.A.8.3.B.A.1.1.8.B.0.0.1.A.4.9.5.3.0.0.0.E.5.0.6.2.ip6.arpa. PTR JoshuaJacquot-2.local.

 

Error: (03/09/2016 04:36:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   21 B.6.A.0.C.D.3.8.0.8.8.B.9.1.9.3.0.0.1.A.4.9.5.3.0.0.0.E.5.0.6.2.ip6.arpa. PTR JoshuaJacquot.local.

 

Error: (03/09/2016 04:36:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.0.2:5353   23 B.6.A.0.C.D.3.8.0.8.8.B.9.1.9.3.0.0.1.A.4.9.5.3.0.0.0.E.5.0.6.2.ip6.arpa. PTR JoshuaJacquot-2.local.

 

Error: (03/09/2016 04:36:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   21 2.0.168.192.in-addr.arpa. PTR JoshuaJacquot.local.

 

 

System errors:

=============

Error: (03/09/2016 04:57:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The nplus service failed to start due to the following error: 

%%2

 

Error: (03/09/2016 04:57:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The MBAMScheduler service failed to start due to the following error: 

%%2

 

Error: (03/09/2016 04:57:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The MBAMService service failed to start due to the following error: 

%%2

 

Error: (03/09/2016 04:57:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 

%%1058

 

Error: (03/09/2016 04:57:20 PM) (Source: DCOM) (EventID: 10010) (User: JOSHUAJACQUOT)

Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

 

Error: (03/09/2016 04:57:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The User Data Access_4f424 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

 

Error: (03/09/2016 04:57:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The User Data Storage_4f424 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

 

Error: (03/09/2016 04:57:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Contact Data_4f424 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

 

Error: (03/09/2016 04:57:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Sync Host_4f424 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

 

Error: (03/09/2016 04:56:56 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 

%%1056

 

 

CodeIntegrity:

===================================

  Date: 2016-03-07 21:19:40.967

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-07 20:02:49.677

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-03-07 20:02:49.671

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-03-07 20:01:46.834

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-07 20:01:46.718

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-07 20:01:46.623

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-07 20:01:46.617

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-07 20:01:46.592

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-07 20:01:46.586

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-07 20:01:46.564

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5-4690K CPU @ 3.50GHz

Percentage of memory in use: 26%

Total physical RAM: 8037.58 MB

Available physical RAM: 5913.04 MB

Total Virtual: 16229.58 MB

Available Virtual: 13647.65 MB

 

==================== Drives ================================

 

Drive b: (SSD2) (Fixed) (Total:465.76 GB) (Free:209.45 GB) NTFS

Drive c: (SSD1) (Fixed) (Total:232.35 GB) (Free:137.42 GB) NTFS

Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive e: (HDD) (Fixed) (Total:931.41 GB) (Free:696.18 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A7F1EF94)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 8B7987BF)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

 

========================================================

Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 67C3F1EF)

Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

 

 

==================== End of Addition.txt ============================

[kevinf80]

To attach a log or file select "More Reply Options" under the reply box, from the new box select "Browse" to find the log or file, double click direct on the unopened log or file to upload, then select "Attach This File" to do just that....

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.
 

Next,

 

Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)
 

• The file will be randomly named
• Reboot to safe mode <<<<<------------ http://www.computerhope.com/issues/chsafe.htm
• Run Dr Web
• Tick the I agree box and select continue
• Click select objects for scanning
  
  
  
   
• Tick all boxes as shown
• Click the wrench and select automatically apply actions to threats
  
  
  
   
• Press start scan
• The scan will now commence
  
  
  
   
• Once the scan has finished click open report <<<--- Do not miss this step
  
  
  
   
• A notepad will open
• Select File > Save as..
• Save it to your desktop

This log will be excessive,  Please attach it to your next reply…
 

 

Next,

 

Please open Malwarebytes Anti-Malware.
 

• On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
• Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
• Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
• A Threat Scan will begin.
• When the scan is complete Apply Actions to any found entries.
• Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
• After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:
 

• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click Export > From export you have three options:
  
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
• Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

 

 

Let me see those logs in your reply, also give an update on any remaining issues or concerns...

 

Thank you,

 

Kevin...

 

 

Fixlist.txt

[Thejockobird]

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 3/10/2016

Scan Time: 1:36 PM

Logfile: 

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2015.09.22.05

Rootkit Database: v2015.09.18.01

License: Trial

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8

CPU: x64

File System: NTFS

User: Joshua Jacquot

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 424173

Time Elapsed: 5 min, 11 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 1

Trojan.Agent, C:\Windows\chromebrowser.exe, Quarantined, [29c4a989bfcc8babc2dbb82bb84948b8], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

cureit.log

Fixlog.txt

[Thejockobird]

I still have the same program file trying to make connections over the network. the MBAM trial is blocking it currently but it's coming from the same file that's impossible to delete.

[kevinf80]

Can you post the most recent Protection log, To get the log from Malwarebytes do the following:

• Click on the History tab > Application Logs.
• Double click on the Protection log which shows the most recent Date and time
• Click Export > From export you have three options:
  
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
• Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…
  

 

[Thejockobird]

Malwarebytes Anti-Malware

www.malwarebytes.org

 

 

Update, 3/10/2016 1:35 PM, SYSTEM, JOSHUAJACQUOT, Manual, Failed, No Internet connection detected, 

Update, 3/10/2016 1:36 PM, SYSTEM, JOSHUAJACQUOT, Manual, Failed, No Internet connection detected, 

Scan, 3/10/2016 1:41 PM, SYSTEM, JOSHUAJACQUOT, Manual, Start:3/10/2016 1:36 PM, Duration:5 min 11 sec, Threat Scan, Completed, 1 Malware Detection, 0 Non-Malware Detections, 

Protection, 3/10/2016 1:42 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malware Protection, Starting, 

Protection, 3/10/2016 1:42 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malware Protection, Started, 

Protection, 3/10/2016 1:42 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Starting, 

Protection, 3/10/2016 1:42 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Started, 

Update, 3/10/2016 1:43 PM, SYSTEM, JOSHUAJACQUOT, Scheduler, Rootkit Database, 2015.9.18.1, 2016.2.27.1, 

Update, 3/10/2016 1:43 PM, SYSTEM, JOSHUAJACQUOT, Scheduler, Remediation Database, 2015.9.16.1, 2016.3.5.1, 

Update, 3/10/2016 1:43 PM, SYSTEM, JOSHUAJACQUOT, Scheduler, IP Database, 2015.9.21.2, 2016.3.3.1, 

Update, 3/10/2016 1:43 PM, SYSTEM, JOSHUAJACQUOT, Scheduler, Domain Database, 2015.9.22.3, 2016.3.10.3, 

Update, 3/10/2016 1:43 PM, SYSTEM, JOSHUAJACQUOT, Scheduler, Malware Database, 2015.9.22.5, 2016.3.10.6, 

Protection, 3/10/2016 1:43 PM, SYSTEM, JOSHUAJACQUOT, Protection, Refresh, Starting, 

Protection, 3/10/2016 1:43 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Stopping, 

Protection, 3/10/2016 1:43 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Stopped, 

Protection, 3/10/2016 1:43 PM, SYSTEM, JOSHUAJACQUOT, Protection, Refresh, Success, 

Protection, 3/10/2016 1:43 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Starting, 

Protection, 3/10/2016 1:43 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Started, 

Detection, 3/10/2016 1:52 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51552, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 1:52 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51552, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 1:52 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51553, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 1:52 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51554, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 1:52 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51555, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:02 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51810, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:02 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51812, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:02 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51811, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:02 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51813, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:02 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51814, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:12 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51949, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:12 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51950, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:12 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51952, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:12 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51951, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:12 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51953, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:22 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51996, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:22 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51997, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:22 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51998, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:22 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51999, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

 

(end)

[kevinf80]

Thanks for the log, can you navigate to this file: C:\Program Files (x86)\dizzy\acoustics.exe

 

Do not open the executable, right click direct onto it then select > send to > compressed (zipped) folder... Attach that folder to your reply..

 

Next,

 

Upload a File to Virustotal

Go to http://www.virustotal.com/

• Click the Choose file button
• Navigate to the file C:\Program Files (x86)\dizzy\acoustics.exe
• Click the Scan it tab
• If you get a message saying File has already been analyzed: click Reanalyze file now
• Copy and paste the results back here please.
  

 

Thanks,

 

Kevin
 

[Thejockobird]

Which tab am I copying and pasting from virustotal?

[Thejockobird]

Antivirus Result Update Qihoo-360 HEUR/QVM03.0.0000.Malware.Gen 20160310 ALYac   20160310 AVG   20160310 AVware   20160310 Ad-Aware   20160310 AegisLab   20160310 Agnitum   20160310 AhnLab-V3   20160310 Alibaba   20160310 Antiy-AVL   20160310 Arcabit   20160310 Avast   20160310 Avira (no cloud)   20160310 Baidu   20160310 Baidu-International   20160310 BitDefender   20160310 Bkav   20160310 ByteHero   20160310 CAT-QuickHeal   20160310 CMC   20160307 ClamAV   20160310 Comodo   20160310 Cyren   20160310 DrWeb   20160310 ESET-NOD32   20160310 Emsisoft   20160310 F-Prot   20160310 F-Secure   20160310 Fortinet   20160310 GData   20160310 Ikarus   20160310 Jiangmin   20160310 K7AntiVirus   20160310 K7GW   20160310 Kaspersky   20160310 Malwarebytes   20160310 McAfee   20160310 McAfee-GW-Edition   20160310 eScan   20160310 Microsoft   20160310 NANO-Antivirus   20160310 Panda   20160310 Rising   20160310 SUPERAntiSpyware   20160310 Sophos   20160310 Symantec   20160310 Tencent   20160310 TheHacker   20160310 TrendMicro   20160310 TrendMicro-HouseCall   20160310 VBA32   20160310 VIPRE   20160310 ViRobot   20160310 Zillya   20160310 Zoner   20160310 nProtect   20160310

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

 FileVersionInfo properties

Copyright

2015

Product network service

Original name acoustics.exe

Internal name acoustics.exe

File version 1.0.2.0

Description network service

Comments network service

 PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2016-03-08 04:02:10

Entry Point 0x0000AF9E

Number of sections 3

 .NET details

Module Version ID 04a7b67a-9c24-4490-be39-18f2ad4cfc2a

 PE sections

Name Virtual address Virtual size Raw size Entropy MD5

.text 8192 36772 36864 5.44 1779b4764e63ec333598de08f5baebc7

.rsrc 49152 1512 1536 4.17 bc24c08ddca69ed1ca05fc4c13ac6482

.reloc 57344 12 512 0.08 56add030f8e08e0b0319969a5ad7a879

 PE imports

[+] mscoree.dll

 Number of PE resources by type

RT_MANIFEST 1

RT_VERSION 1

 Number of PE resources by language

NEUTRAL 2

 Debug information

Type Timestamp Offset Size

IMAGE_DEBUG_TYPE_CODEVIEW (2) Tue Mar 08 04:02:10 2016 36912 284 Bytes

 ExifTool file metadata

LegalTrademarks

trade

SubsystemVersion

4.0

Comments

network service

LinkerVersion

11.0

ImageVersion

0.0

FileSubtype

0

FileVersionNumber

1.0.2.0

LanguageCode

Neutral

FileFlagsMask

0x003f

FileDescription

network service

CharacterSet

Unicode

InitializedDataSize

2048

EntryPoint

0xaf9e

OriginalFileName

acoustics.exe

MIMEType

application/octet-stream

LegalCopyright

2015

FileVersion

1.0.2.0

TimeStamp

2016:03:08 05:02:10+01:00

FileType

Win32 EXE

PEType

PE32

InternalName

acoustics.exe

ProductVersion

1.0.2.0

UninitializedDataSize

0

OSVersion

4.0

FileOS

Win32

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

CompanyName

windows 99

CodeSize

36864

ProductName

network service

ProductVersionNumber

1.0.2.0

FileTypeExtension

exe

ObjectFileType

Executable application

AssemblyVersion

1.0.2.0

 

 

 

 File identification

MD5 00c496bc6a24710dc4824d1da914bafc

SHA1 d5eb8925ffdad94c3fba4ad544ddec7c77563981

SHA256 d1751a8c4b94211d4916d82580ea1781583efcdb16ef4dade338da99e7467bf5

ssdeep

768:yJaaKpZcbrgsc0swYHe8bSstSedczh1RdR:Rg3/c0RYHbbSWSeidPv

authentihash  cf44f4b88118ce1203f5c9474dc1557c9da55079d4fd42dac4dc76e74617a2a1

imphash  f34d5f2d4577ed6d9ceec516c1f5a744

File size 38.5 KB ( 39424 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (72.2%)

Windows screen saver (12.9%)

Win32 Dynamic Link Library (generic) (6.4%)

Win32 Executable (generic) (4.4%)

Generic Win/DOS Executable (1.9%)

Tags

peexe assembly

 VirusTotal metadata

First submission 2016-03-10 22:56:45 UTC ( 14 minutes ago )

Last submission 2016-03-10 22:56:45 UTC ( 14 minutes ago )

File names acoustics.exe

 

acoustics.zip

[kevinf80]

Thanks for the log and attachment... Run FRST again exactly as follows:

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt and Shortcut.txt under "Optional scan" Select scan, when done post the new logs....

 

Thank you,

 

Kevin...
 

[Thejockobird]

Here they are.

Addition.txt

FRST.txt

Shortcut.txt

[kevinf80]

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.
 

Next,

 

Please open Malwarebytes Anti-Malware.

• On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
• Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
• Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
• A Threat Scan will begin.
• When the scan is complete Apply Actions to any found entries.
• Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
• After the restart once you are back at your desktop, open MBAM once more.
  

To get the log from Malwarebytes do the following:

• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click Export > From export you have three options:
  
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  
• Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…
  

 

Post those logs, let me know if there is any improvement..

 

Thank you,

 

Kevin

 

 

Fixlist.txt

[Thejockobird]

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 3/10/2016

Scan Time: 4:10 PM

Logfile: 

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2016.03.10.07

Rootkit Database: v2016.02.27.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 10

CPU: x64

File System: NTFS

User: Joshua Jacquot

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 414082

Time Elapsed: 5 min, 20 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Fixlog.txt

[Thejockobird]

it looks like that whole folder is now gone. 
Haven't gotten any connection blocks from MBAM since that fix either.

I'm guessing that means we're all good.

Thanks so much!
Let me know if everything looks fine to you on the log side of things so I can use my main PC without worry.
 

[kevinf80]

How is your system responding now, any issues or concerns......

[Thejockobird]

It's loading malware removal websites again (wasnt before), according to mbam isnt trying to make malicious connections anymore and I no longer have that program file in my (x86) files. My processes arent overloading themselves anymore either.

Things look great!

Thank you so very much. You were super prompt and helpful. This is why mbam and its support are the best.

[kevinf80]

I think we cross post there, yes a lot going on with your system. I`d like you to run FRST again, make sure we leave no remnants....

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....

 

Thanks,

 

Kevin
 

[Thejockobird]

New logs.

Addition.txt

FRST.txt

[kevinf80]

Yes those logs look ok, only one entry I miss... C:\WINDOWS\run.vbs unless you are aware of that file do the following...

 

Open Notepad, select "Format" from the menu bar, make sure "Word Wrap" is not checked. Copy the text from the code box below to Notepad.

@echo offdel /f /s /q "C:\WINDOWS\run.vbs"del %0

Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
It should look like this: <--XP <--vista or windows 7/8
Double click on delfile.bat to execute it.
A black CMD window will flash, then disappear...this is normal.
The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

 

Next,

 

Clean up as follows...

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

• 
     
• Remove disinfection tools
     
• Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
     
• Reset system settings
  

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

 

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... 


 

[Thejockobird]

Awesome. Things seem to be running great.
Thanks again!