Jump to content

Proxyhijacker problems


Recommended Posts

Through one way or another I've picked up a proxyhijacker and can't seem to shake it. Mbam finds it, quarantines and then I remove it but upon completing the prompted reboot and scanning again it finds the same files all over again.

Some other malware/adware that came along with it has all been cleared up but the proxyhijacker still persists. Continues to send me to browser windows with only the letter "a" on them whenever I search something related to malware removal.

Mbam is also picking up and blocking some outbound connections to an apparently malicious website. These are originating from a file in my Program files called "dizzy" contains some random files that either regenerate when they're deleted or just cannot be deleted (even by fileassassin). This program never shows up in my control panrl applications list so I can't Uninstalle it.

Any help would be greatly appreciated. Thanks!

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Settings.JPG
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

edge.pngChange default download folder location in Edge - Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....


Next,


Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…




If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...



Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.



Let me see those logs in your next reply...

Thank you,

Kevin...
 

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 3/9/2016

Scan Time: 4:29 PM

Logfile: 

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2016.03.09.06

Rootkit Database: v2016.02.27.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 10

CPU: x64

File System: NTFS

User: Joshua Jacquot

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 416131

Time Elapsed: 5 min, 43 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 2

PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\0iId9ycFhZoZ3WmMuUED-ni-2016-03-07-ni-16145-ni-1, Delete-on-Reboot, [ab0f1273fd9c14226d3fe98aa064b34d], 

PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\3476718347671834767183476718, Delete-on-Reboot, [e9d14c39b0e9340273fb62118d7703fd], 

 

Registry Values: 1

PUM.Optional.ProxyHijacker, HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8877;https=127.0.0.1:8877, Quarantined, [e4d67312f2a7d5615867719d7b881be5]

 

Registry Data: 0

(No malicious items detected)

 

Folders: 4

PUP.Optional.Amonetize, C:\ProgramData\78ecb1bb-1461-0, Quarantined, [5d5df98c8613fc3ae8b3030a63a0bb45], 

PUP.Optional.Amonetize, C:\ProgramData\78ecb1bb-6c25-1, Quarantined, [a4169aeba8f1d26454478e7f53b052ae], 

PUP.Optional.Amonetize, C:\ProgramData\e37d702e-0637-0, Quarantined, [b109592caced171f7427c34a966d1fe1], 

PUP.Optional.Amonetize, C:\ProgramData\e37d702e-75d3-1, Quarantined, [279397eeadec70c6c1dad4397a89d030], 

 

Files: 6

PUP.Optional.MultiPlug.PrxySvrRST, C:\Windows\System32\Tasks\3476718347671834767183476718, Quarantined, [7743c6bf4b4e3ef8f173a3d052b26997], 

PUP.Optional.MultiPlug.PrxySvrRST, C:\Windows\System32\Tasks\0iId9ycFhZoZ3WmMuUED-ni-2016-03-07-ni-16145-ni-1, Quarantined, [289294f1ff9ad1657f2375fe8c787a86], 

PUP.Optional.Amonetize, C:\ProgramData\78ecb1bb-1461-0\78ecb1bb-1461-0.d, Quarantined, [5d5df98c8613fc3ae8b3030a63a0bb45], 

PUP.Optional.Amonetize, C:\ProgramData\78ecb1bb-6c25-1\78ecb1bb-6c25-1.d, Quarantined, [a4169aeba8f1d26454478e7f53b052ae], 

PUP.Optional.Amonetize, C:\ProgramData\e37d702e-0637-0\e37d702e-0637-0.d, Quarantined, [b109592caced171f7427c34a966d1fe1], 

PUP.Optional.Amonetize, C:\ProgramData\e37d702e-75d3-1\e37d702e-75d3-1.d, Quarantined, [279397eeadec70c6c1dad4397a89d030], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

# AdwCleaner v5.101 - Logfile created 09/03/2016 at 16:56:26

# Updated 07/03/2016 by Xplode
# Database : 2016-03-06.3 [Local]
# Operating system : Windows 10 Home  (x64)
# Username : Joshua Jacquot - JOSHUAJACQUOT
# Running from : E:\Desktop\adwcleaner_5.101.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\Service1291
[-] Folder Deleted : C:\Users\JOSHUA~1\AppData\Local\Temp\MPC
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
[-] Shortcut Disinfected : E:\Desktop\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Joshua Jacquot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Joshua Jacquot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : [x64] HKLM\SOFTWARE\WebBar
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B81759E6-5669-4DB3-A3A7-6CD76555DE1D}_is1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2096 bytes] - [09/03/2016 16:56:26]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[s1].txt - [2231 bytes] - [09/03/2016 16:55:57]
 
########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2282 bytes] ##########
Link to post
Share on other sites






Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01

Ran by Joshua Jacquot (administrator) on JOSHUAJACQUOT (09-03-2016 17:03:13)

Running from E:\Desktop

Loaded Profiles: Joshua Jacquot (Available Profiles: Joshua Jacquot & DefaultAppPool)

Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Edge)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(curtain) C:\Windows\illustrious.exe

(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe

() C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation) C:\Windows\System32\mqsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(rustic) C:\Windows\vase.exe

(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(windows 99) C:\Program Files (x86)\dizzy\acoustics.exe

() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

() C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.113_none_7689896a26389b16\TiWorker.exe

(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-08] (NVIDIA Corporation)

HKLM\...\Run: [shadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)

HKLM-x32\...\Run: [sun7] => [X]

HKLM-x32\...\Run: [sun13] => [X]

HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [8192 2013-04-29] ()

HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\...\RunOnce: [uninstall C:\Users\Joshua Jacquot\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joshua Jacquot\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"

HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\...\RunOnce: [uninstall C:\Users\Joshua Jacquot\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joshua Jacquot\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1"

HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\...\MountPoints2: H - "H:\VZW_Software_upgrade_assistant.exe" 

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-26]

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\Joshua Jacquot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\APP Center.lnk [2015-01-21]

ShortcutTarget: APP Center.lnk -> C:\Program Files (x86)\Gigabyte\AppCenter\RunUpd.exe ()

Startup: C:\Users\Joshua Jacquot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-20]

ShortcutTarget: Dropbox.lnk -> C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyEnable: [s-1-5-21-3913031655-1247145700-3822439410-1000] => Proxy is enabled.

ProxyServer: [s-1-5-21-3913031655-1247145700-3822439410-1000] => http=127.0.0.1:8877;https=127.0.0.1:8877

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61

Tcpip\..\Interfaces\{98118546-dd26-41e5-b336-f948a0013bf2}: [DhcpNameServer] 209.18.47.62 209.18.47.61

ManualProxies: 

 

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP

HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?pc=UE01&ocid=UE01DHP

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

 

FireFox:

========

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)

 

Chrome: 

=======

CHR Profile: C:\Users\Joshua Jacquot\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Joshua Jacquot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-07]

CHR Extension: (Google Docs) - C:\Users\Joshua Jacquot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-07]

CHR Extension: (Google Drive) - C:\Users\Joshua Jacquot\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-07]

CHR Extension: (YouTube) - C:\Users\Joshua Jacquot\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-07]

CHR Extension: (Google Sheets) - C:\Users\Joshua Jacquot\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-07]

CHR Extension: (Google Docs Offline) - C:\Users\Joshua Jacquot\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-07]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Joshua Jacquot\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-07]

CHR Extension: (Gmail) - C:\Users\Joshua Jacquot\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-07]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 afraid; C:\WINDOWS\illustrious.exe [14848 2016-03-07] (curtain) [File not signed]

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)

R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] () [File not signed]

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-08] (NVIDIA Corporation)

S3 HwmRecordService; C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe [62784 2014-09-05] (GIGA-BYTE TECHNOLOGY CO., LTD.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)

R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-08] (NVIDIA Corporation)

R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-08] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-08] (NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-01] (Electronic Arts)

R2 playground; C:\WINDOWS\vase.exe [9216 2016-03-07] (rustic) [File not signed]

R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [367616 2014-10-19] (Razer Inc.) [File not signed]

S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-03-08] (Enigma Software Group USA, LLC.)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-29] (Microsoft Corporation)

S2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]

S2 MBAMService; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [X]

S2 nplus; "C:\Program Files\nplus\nplus.exe" /s iid=5311316 did=APSFInsTerra sid=6 ref=c805cf01-5c29-9e3d-2045-750836dc4bff-PolicyMac id=4027be73ceeecd75d5afd2a10472a78a87dcec7c4d272a0d0b4c864b4858138a [X]

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 CorsairAudioFilter; C:\Windows\system32\DRIVERS\corsveng2kamd64.sys [112808 2014-08-15] (Corsair Components, Inc.)

R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [48808 2014-11-25] (Corsair)

R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [22696 2014-11-25] (Corsair)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2015-11-23] (Windows ® Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2015-11-23] (Windows ® Win 7 DDK provider)

R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-01-20] (Disc Soft Ltd)

S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-08] ()

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-09] (Malwarebytes)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)

S3 mv61xx; C:\Windows\System32\drivers\mv61xx.sys [173096 2008-06-23] (Marvell Semiconductor, Inc.)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-08] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-11-05] (NVIDIA Corporation)

S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)

R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)

R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)

U3 idsvc; no ImagePath

S0 mvs91xx; System32\drivers\mvs91xx.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-03-09 17:03 - 2016-03-09 17:03 - 00000000 ____D C:\FRST

2016-03-09 16:55 - 2016-03-09 16:56 - 00000000 ____D C:\Program Files (x86)\AdwCleaner

2016-03-09 16:36 - 2016-03-09 17:03 - 00003778 _____ C:\WINDOWS\System32\Tasks\3476718347671834767183476718

2016-03-09 16:36 - 2016-03-09 16:57 - 00003940 _____ C:\WINDOWS\System32\Tasks\0iId9ycFhZoZ3WmMuUED-ni-2016-03-07-ni-16145-ni-1

2016-03-08 22:37 - 2016-03-08 22:40 - 00000000 ____D C:\Program Files (x86)\dizzy

2016-03-08 22:37 - 2016-03-08 22:37 - 00000000 ____D C:\Program Files (x86)\lace

2016-03-08 18:25 - 2016-03-08 18:25 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys

2016-03-08 18:25 - 2016-03-08 18:25 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter

2016-03-08 18:25 - 2016-03-08 18:25 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Roaming\Enigma Software Group

2016-03-08 18:25 - 2016-03-08 18:25 - 00000000 ____D C:\sh4ldr

2016-03-08 18:25 - 2016-03-08 18:25 - 00000000 ____D C:\Program Files\Enigma Software Group

2016-03-08 17:34 - 2016-03-08 17:45 - 00000000 ____D C:\WINDOWS\pss

2016-03-08 17:11 - 2016-03-08 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN

2016-03-08 17:11 - 2016-03-08 17:11 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN

2016-03-08 16:53 - 2016-03-08 16:53 - 00000302 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{F48A614D-9813-4745-B969-48C137D54C42}.job

2016-03-08 16:03 - 2016-03-08 16:04 - 00261646 _____ C:\TDSSKiller.3.1.0.9_08.03.2016_16.03.01_log.txt

2016-03-08 16:00 - 2016-03-08 16:01 - 00261964 _____ C:\TDSSKiller.3.1.0.9_08.03.2016_16.00.40_log.txt

2016-03-08 15:56 - 2016-03-08 15:57 - 00262038 _____ C:\TDSSKiller.3.1.0.9_08.03.2016_15.56.17_log.txt

2016-03-08 15:46 - 2016-03-08 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-03-08 15:46 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2016-03-08 15:46 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2016-03-08 15:46 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

2016-03-07 21:37 - 2016-03-09 16:37 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2016-03-07 21:30 - 2016-03-09 16:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2016-03-07 21:30 - 2016-03-07 21:30 - 00000000 ____D C:\ProgramData\Malwarebytes

2016-03-07 21:27 - 2016-03-07 21:27 - 00000000 _____ C:\autoexec.bat

2016-03-07 21:24 - 2016-03-07 21:24 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Roaming\VERIZON

2016-03-07 20:55 - 2016-03-08 18:25 - 03226176 _____ C:\WINDOWS\ntbtlog.txt

2016-03-07 20:55 - 2016-03-08 18:19 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job

2016-03-07 20:45 - 2016-03-08 16:58 - 00000000 __SHD C:\Users\Joshua Jacquot\AppData\Local\Dynamation

2016-03-07 20:45 - 2016-03-07 20:45 - 00000000 ___HD C:\Users\Joshua Jacquot\AppData\Local\SatakMalwareBusterSetup

2016-03-07 20:42 - 2016-03-07 21:41 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Local\node-webkit

2016-03-07 20:35 - 2016-03-07 20:35 - 00187904 _____ C:\WINDOWS\rsrcs.dll

2016-03-07 20:35 - 2016-03-07 20:35 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results

2016-03-07 20:11 - 2016-03-07 20:11 - 00003244 _____ C:\WINDOWS\System32\Tasks\{5C4815F9-06DE-4719-AF02-39AA07AA2B23}

2016-03-07 20:04 - 2016-03-09 17:02 - 00004384 _____ C:\WINDOWS\System32\Tasks\170102

2016-03-07 20:04 - 2016-03-09 16:57 - 00000388 ____H C:\WINDOWS\Tasks\TKYGUGBWOODTNQRY.job

2016-03-07 20:04 - 2016-03-07 20:34 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Local\Setup Wizard

2016-03-07 20:04 - 2016-03-07 20:05 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Roaming\DivX

2016-03-07 20:04 - 2016-03-07 20:04 - 00000120 _____ C:\Users\Joshua Jacquot\AppData\Local\abcdtemf.txt

2016-03-07 20:04 - 2016-03-07 20:04 - 00000055 _____ C:\WINDOWS\key.ini

2016-03-07 20:04 - 2016-03-07 20:04 - 00000014 _____ C:\Users\Joshua Jacquot\AppData\Local\77592347.txt

2016-03-07 20:04 - 2016-03-07 20:03 - 00001005 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak

2016-03-07 20:03 - 2016-03-07 21:41 - 00000000 ____D C:\ProgramData\WindowsMsg

2016-03-07 20:03 - 2016-03-07 20:03 - 08037888 _____ C:\Users\Joshua Jacquot\AppData\Roaming\agent.dat

2016-03-07 20:03 - 2016-03-07 20:03 - 01902189 _____ C:\Users\Joshua Jacquot\AppData\Roaming\Opewarm.tst

2016-03-07 20:03 - 2016-03-07 20:03 - 00127488 _____ C:\Users\Joshua Jacquot\AppData\Roaming\Installer.dat

2016-03-07 20:03 - 2016-03-07 20:03 - 00072704 _____ C:\Users\Joshua Jacquot\AppData\Roaming\Scotrantrax.tst

2016-03-07 20:03 - 2016-03-07 20:03 - 00018432 _____ C:\Users\Joshua Jacquot\AppData\Roaming\Main.dat

2016-03-07 20:03 - 2016-03-07 20:03 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Roaming\Mozilla

2016-03-07 20:03 - 2016-03-07 20:03 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e

2016-03-07 20:02 - 2016-03-07 20:05 - 00000000 ____D C:\ProgramData\DivX

2016-03-07 20:02 - 2016-03-07 20:02 - 02531460 _____ C:\WINDOWS\chromebrowser.exe

2016-03-07 20:02 - 2016-03-07 20:02 - 00041720 _____ C:\WINDOWS\stain.exe

2016-03-07 20:02 - 2016-03-07 20:02 - 00039424 _____ (windows 99) C:\WINDOWS\mailbox.exe

2016-03-07 20:02 - 2016-03-07 20:02 - 00014848 _____ (curtain) C:\WINDOWS\illustrious.exe

2016-03-07 20:02 - 2016-03-07 20:02 - 00009216 _____ (rustic) C:\WINDOWS\vase.exe

2016-03-07 20:02 - 2016-03-07 20:02 - 00000019 _____ C:\WINDOWS\SysWOW64\1353901.bat

2016-03-02 16:49 - 2016-02-23 03:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2016-03-02 16:49 - 2016-02-23 03:27 - 07475040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2016-03-02 16:49 - 2016-02-23 03:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll

2016-03-02 16:49 - 2016-02-23 03:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2016-03-02 16:49 - 2016-02-23 03:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2016-03-02 16:49 - 2016-02-23 03:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

2016-03-02 16:49 - 2016-02-23 03:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2016-03-02 16:49 - 2016-02-23 03:23 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2016-03-02 16:49 - 2016-02-23 03:22 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2016-03-02 16:49 - 2016-02-23 03:15 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2016-03-02 16:49 - 2016-02-23 03:09 - 01614176 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll

2016-03-02 16:49 - 2016-02-23 02:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2016-03-02 16:49 - 2016-02-23 02:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2016-03-02 16:49 - 2016-02-23 02:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll

2016-03-02 16:49 - 2016-02-23 02:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2016-03-02 16:49 - 2016-02-23 02:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2016-03-02 16:49 - 2016-02-23 02:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll

2016-03-02 16:49 - 2016-02-23 02:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll

2016-03-02 16:49 - 2016-02-23 02:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll

2016-03-02 16:49 - 2016-02-23 02:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe

2016-03-02 16:49 - 2016-02-23 02:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll

2016-03-02 16:49 - 2016-02-23 02:31 - 00847656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll

2016-03-02 16:49 - 2016-02-23 02:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll

2016-03-02 16:49 - 2016-02-23 02:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

2016-03-02 16:49 - 2016-02-23 02:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll

2016-03-02 16:49 - 2016-02-23 02:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2016-03-02 16:49 - 2016-02-23 02:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2016-03-02 16:49 - 2016-02-23 02:21 - 06606568 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll

2016-03-02 16:49 - 2016-02-23 01:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll

2016-03-02 16:49 - 2016-02-23 01:45 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2016-03-02 16:49 - 2016-02-23 01:45 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys

2016-03-02 16:49 - 2016-02-23 01:44 - 00640984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

2016-03-02 16:49 - 2016-02-23 01:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll

2016-03-02 16:49 - 2016-02-23 01:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2016-03-02 16:49 - 2016-02-23 01:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2016-03-02 16:49 - 2016-02-23 01:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll

2016-03-02 16:49 - 2016-02-23 01:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll

2016-03-02 16:49 - 2016-02-23 01:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll

2016-03-02 16:49 - 2016-02-23 01:38 - 00709176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll

2016-03-02 16:49 - 2016-02-23 01:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll

2016-03-02 16:49 - 2016-02-23 01:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll

2016-03-02 16:49 - 2016-02-23 01:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2016-03-02 16:49 - 2016-02-23 01:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2016-03-02 16:49 - 2016-02-23 01:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2016-03-02 16:49 - 2016-02-23 01:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll

2016-03-02 16:49 - 2016-02-23 01:26 - 05241984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll

2016-03-02 16:49 - 2016-02-23 01:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll

2016-03-02 16:49 - 2016-02-23 01:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll

2016-03-02 16:49 - 2016-02-23 00:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll

2016-03-02 16:49 - 2016-02-23 00:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2016-03-02 16:49 - 2016-02-23 00:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll

2016-03-02 16:49 - 2016-02-23 00:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll

2016-03-02 16:49 - 2016-02-23 00:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll

2016-03-02 16:49 - 2016-02-23 00:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll

2016-03-02 16:49 - 2016-02-23 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll

2016-03-02 16:49 - 2016-02-23 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll

2016-03-02 16:49 - 2016-02-23 00:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll

2016-03-02 16:49 - 2016-02-23 00:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll

2016-03-02 16:49 - 2016-02-23 00:30 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll

2016-03-02 16:49 - 2016-02-23 00:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll

2016-03-02 16:49 - 2016-02-23 00:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2016-03-02 16:49 - 2016-02-23 00:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll

2016-03-02 16:49 - 2016-02-23 00:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe

2016-03-02 16:49 - 2016-02-23 00:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll

2016-03-02 16:49 - 2016-02-23 00:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll

2016-03-02 16:49 - 2016-02-23 00:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll

2016-03-02 16:49 - 2016-02-23 00:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv

2016-03-02 16:49 - 2016-02-23 00:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll

2016-03-02 16:49 - 2016-02-23 00:13 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll

2016-03-02 16:49 - 2016-02-23 00:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll

2016-03-02 16:49 - 2016-02-23 00:11 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll

2016-03-02 16:49 - 2016-02-23 00:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll

2016-03-02 16:49 - 2016-02-23 00:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll

2016-03-02 16:49 - 2016-02-23 00:09 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2016-03-02 16:49 - 2016-02-23 00:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2016-03-02 16:49 - 2016-02-23 00:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll

2016-03-02 16:49 - 2016-02-23 00:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll

2016-03-02 16:49 - 2016-02-23 00:06 - 01848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe

2016-03-02 16:49 - 2016-02-23 00:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll

2016-03-02 16:49 - 2016-02-23 00:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll

2016-03-02 16:49 - 2016-02-23 00:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll

2016-03-02 16:49 - 2016-02-23 00:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll

2016-03-02 16:49 - 2016-02-23 00:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll

2016-03-02 16:49 - 2016-02-23 00:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll

2016-03-02 16:49 - 2016-02-23 00:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll

2016-03-02 16:49 - 2016-02-22 23:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll

2016-03-02 16:49 - 2016-02-22 23:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll

2016-03-02 16:49 - 2016-02-22 23:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll

2016-03-02 16:49 - 2016-02-22 23:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll

2016-03-02 16:49 - 2016-02-22 23:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll

2016-03-02 16:49 - 2016-02-22 23:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll

2016-03-02 16:49 - 2016-02-22 23:47 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll

2016-03-02 16:49 - 2016-02-22 23:41 - 03594240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2016-03-02 16:49 - 2016-02-22 23:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll

2016-03-02 16:49 - 2016-02-22 23:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll

2016-03-02 16:49 - 2016-02-22 23:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv

2016-03-02 16:49 - 2016-02-22 23:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll

2016-03-02 16:49 - 2016-02-22 23:31 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll

2016-03-02 16:49 - 2016-02-22 23:30 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2016-03-02 16:49 - 2016-02-22 23:30 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll

2016-03-02 16:49 - 2016-02-22 23:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2016-03-02 16:49 - 2016-02-22 23:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll

2016-03-02 16:49 - 2016-02-22 23:29 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll

2016-03-02 16:49 - 2016-02-22 23:26 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2016-03-02 16:49 - 2016-02-22 23:25 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll

2016-03-02 16:49 - 2016-02-22 23:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll

2016-03-02 16:49 - 2016-02-22 23:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2016-03-02 16:49 - 2016-02-22 23:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll

2016-03-02 16:49 - 2016-02-22 23:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll

2016-03-02 16:49 - 2016-02-22 23:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll

2016-03-02 16:49 - 2016-02-22 23:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll

2016-03-02 16:49 - 2016-02-22 23:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll

2016-03-02 16:49 - 2016-02-22 23:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll

2016-03-02 16:49 - 2016-02-22 23:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll

2016-03-02 16:49 - 2016-02-22 23:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll

2016-03-02 16:49 - 2016-02-22 23:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll

2016-03-02 16:49 - 2016-02-22 22:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2016-03-02 16:49 - 2016-02-22 22:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll

2016-03-02 16:49 - 2016-02-22 22:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2016-03-02 16:49 - 2016-02-22 22:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2016-03-02 16:49 - 2016-02-22 22:55 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll

2016-03-02 16:49 - 2016-02-22 22:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll

2016-03-02 16:49 - 2016-02-22 22:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2016-03-02 16:49 - 2016-02-22 22:50 - 22396416 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2016-03-02 16:49 - 2016-02-22 22:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2016-03-02 16:49 - 2016-02-22 22:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2016-03-02 16:49 - 2016-02-22 22:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll

2016-03-02 16:49 - 2016-02-22 22:40 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2016-03-02 16:49 - 2016-02-22 22:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2016-03-02 16:49 - 2016-02-22 22:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

2016-03-02 16:49 - 2016-02-22 22:36 - 19341312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2016-03-02 16:49 - 2016-02-22 22:36 - 18680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2016-03-02 16:49 - 2016-02-22 22:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2016-03-02 16:49 - 2016-02-22 22:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2016-03-02 16:49 - 2016-02-22 22:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2016-03-02 16:49 - 2016-02-22 22:33 - 14254080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll

2016-03-02 16:49 - 2016-02-22 22:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll

2016-03-02 16:49 - 2016-02-22 22:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2016-03-02 16:49 - 2016-02-22 22:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

2016-03-02 16:49 - 2016-02-22 22:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2016-03-02 16:49 - 2016-02-22 22:26 - 12587520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll

2016-03-02 16:49 - 2016-02-08 19:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll

2016-03-02 16:49 - 2016-02-08 19:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2016-03-02 16:49 - 2016-02-08 19:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe

2016-03-02 16:49 - 2016-02-08 19:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2016-03-02 16:48 - 2016-02-23 03:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2016-03-02 16:48 - 2016-02-23 03:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys

2016-03-02 16:48 - 2016-02-23 03:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll

2016-03-02 16:48 - 2016-02-23 03:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi

2016-03-02 16:48 - 2016-02-23 02:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll

2016-03-02 16:48 - 2016-02-23 02:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll

2016-03-02 16:48 - 2016-02-23 02:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll

2016-03-02 16:48 - 2016-02-23 02:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys

2016-03-02 16:48 - 2016-02-23 01:49 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll

2016-03-02 16:48 - 2016-02-23 01:45 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2016-03-02 16:48 - 2016-02-23 01:45 - 00259336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll

2016-03-02 16:48 - 2016-02-23 01:44 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe

2016-03-02 16:48 - 2016-02-23 01:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys

2016-03-02 16:48 - 2016-02-23 01:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll

2016-03-02 16:48 - 2016-02-23 01:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS

2016-03-02 16:48 - 2016-02-23 01:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys

2016-03-02 16:48 - 2016-02-23 01:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys

2016-03-02 16:48 - 2016-02-23 01:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll

2016-03-02 16:48 - 2016-02-23 01:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll

2016-03-02 16:48 - 2016-02-23 01:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe

2016-03-02 16:48 - 2016-02-23 01:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll

2016-03-02 16:48 - 2016-02-23 01:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll

2016-03-02 16:48 - 2016-02-23 01:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys

2016-03-02 16:48 - 2016-02-23 01:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll

2016-03-02 16:48 - 2016-02-23 01:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll

2016-03-02 16:48 - 2016-02-23 00:58 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll

2016-03-02 16:48 - 2016-02-23 00:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll

2016-03-02 16:48 - 2016-02-23 00:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe

2016-03-02 16:48 - 2016-02-23 00:55 - 00221600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll

2016-03-02 16:48 - 2016-02-23 00:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys

2016-03-02 16:48 - 2016-02-23 00:54 - 00539256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

2016-03-02 16:48 - 2016-02-23 00:54 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe

2016-03-02 16:48 - 2016-02-23 00:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll

2016-03-02 16:48 - 2016-02-23 00:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe

2016-03-02 16:48 - 2016-02-23 00:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe

2016-03-02 16:48 - 2016-02-23 00:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll

2016-03-02 16:48 - 2016-02-23 00:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll

2016-03-02 16:48 - 2016-02-23 00:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll

2016-03-02 16:48 - 2016-02-23 00:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll

2016-03-02 16:48 - 2016-02-23 00:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll

2016-03-02 16:48 - 2016-02-23 00:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll

2016-03-02 16:48 - 2016-02-23 00:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll

2016-03-02 16:48 - 2016-02-23 00:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe

2016-03-02 16:48 - 2016-02-23 00:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll

2016-03-02 16:48 - 2016-02-23 00:28 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll

2016-03-02 16:48 - 2016-02-23 00:25 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll

2016-03-02 16:48 - 2016-02-23 00:25 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe

2016-03-02 16:48 - 2016-02-23 00:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll

2016-03-02 16:48 - 2016-02-23 00:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll

2016-03-02 16:48 - 2016-02-23 00:22 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll

2016-03-02 16:48 - 2016-02-23 00:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll

2016-03-02 16:48 - 2016-02-23 00:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2016-03-02 16:48 - 2016-02-23 00:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll

2016-03-02 16:48 - 2016-02-23 00:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe

2016-03-02 16:48 - 2016-02-23 00:13 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll

2016-03-02 16:48 - 2016-02-23 00:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll

2016-03-02 16:48 - 2016-02-23 00:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe

2016-03-02 16:48 - 2016-02-23 00:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

2016-03-02 16:48 - 2016-02-23 00:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe

2016-03-02 16:48 - 2016-02-23 00:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys

2016-03-02 16:48 - 2016-02-22 23:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll

2016-03-02 16:48 - 2016-02-22 23:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll

2016-03-02 16:48 - 2016-02-22 23:54 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll

2016-03-02 16:48 - 2016-02-22 23:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll

2016-03-02 16:48 - 2016-02-22 23:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll

2016-03-02 16:48 - 2016-02-22 23:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll

2016-03-02 16:48 - 2016-02-22 23:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2016-03-02 16:48 - 2016-02-22 23:37 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll

2016-03-02 16:48 - 2016-02-22 23:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll

2016-03-02 16:48 - 2016-02-22 23:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2016-03-02 16:48 - 2016-02-22 23:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll

2016-03-02 16:48 - 2016-02-22 23:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll

2016-03-02 16:48 - 2016-02-22 23:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll

2016-03-02 16:48 - 2016-02-22 23:26 - 01498112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe

2016-03-02 16:48 - 2016-02-22 23:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll

2016-03-02 16:48 - 2016-02-22 23:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll

2016-03-02 16:48 - 2016-02-22 22:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll

2016-03-02 16:48 - 2016-02-22 22:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll

2016-03-02 16:48 - 2016-02-08 20:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

2016-03-02 16:48 - 2016-02-08 20:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys

2016-03-02 16:48 - 2016-02-08 19:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll

2016-03-02 16:48 - 2016-02-08 19:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll

2016-03-01 10:50 - 2016-03-01 10:50 - 00001058 _____ C:\WINDOWS\run.vbs

2016-02-26 12:00 - 2016-02-26 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

2016-02-20 12:01 - 2016-02-20 12:01 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2016-02-16 10:47 - 2016-02-16 10:47 - 00006656 _____ C:\Users\Joshua Jacquot\AppData\Local\tinstall.exe

2016-02-16 10:46 - 2016-02-16 10:46 - 00007168 _____ C:\Users\Joshua Jacquot\AppData\Local\tinstall4.exe

2016-02-16 09:23 - 2016-02-16 09:23 - 00008192 _____ C:\Users\Joshua Jacquot\AppData\Local\uid.exe

2016-02-11 10:44 - 2016-01-28 22:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe

2016-02-11 10:44 - 2016-01-28 22:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

2016-02-11 10:44 - 2016-01-26 22:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2016-02-11 10:44 - 2016-01-26 22:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2016-02-11 10:44 - 2016-01-26 21:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe

2016-02-11 10:44 - 2016-01-26 21:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll

2016-02-11 10:44 - 2016-01-26 21:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll

2016-02-11 10:44 - 2016-01-26 21:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe

2016-02-11 10:44 - 2016-01-26 21:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll

2016-02-11 10:44 - 2016-01-26 21:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll

2016-02-11 10:44 - 2016-01-26 21:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll

2016-02-11 10:44 - 2016-01-26 21:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2016-02-11 10:44 - 2016-01-26 21:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe

2016-02-11 10:44 - 2016-01-26 21:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll

2016-02-11 10:44 - 2016-01-26 21:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll

2016-02-11 10:44 - 2016-01-26 21:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll

2016-02-11 10:44 - 2016-01-26 21:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll

2016-02-11 10:44 - 2016-01-26 21:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll

2016-02-11 10:44 - 2016-01-26 21:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll

2016-02-11 10:44 - 2016-01-26 21:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll

2016-02-11 10:44 - 2016-01-26 21:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll

2016-02-11 10:44 - 2016-01-26 21:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll

2016-02-11 10:44 - 2016-01-26 21:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll

2016-02-11 10:44 - 2016-01-26 21:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2016-02-11 10:44 - 2016-01-26 20:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll

2016-02-11 10:44 - 2016-01-26 20:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

2016-02-11 10:44 - 2016-01-26 20:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2016-02-11 10:44 - 2016-01-26 20:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys

2016-02-11 10:44 - 2016-01-26 20:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2016-02-11 10:44 - 2016-01-26 20:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll

2016-02-11 10:44 - 2016-01-26 20:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2016-02-11 10:44 - 2016-01-26 20:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2016-02-11 10:44 - 2016-01-26 20:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll

2016-02-11 10:44 - 2016-01-26 20:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-03-09 17:00 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\AppReadiness

2016-03-09 16:57 - 2015-12-14 03:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-03-09 16:57 - 2015-12-14 03:39 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2016-03-09 16:57 - 2015-12-14 03:39 - 00000000 ____D C:\ProgramData\NVIDIA

2016-03-09 16:57 - 2015-10-29 22:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI

2016-03-09 16:57 - 2015-01-15 19:59 - 00026192 _____ (Windows ® Server 2003 DDK provider) C:\WINDOWS\gdrv.sys

2016-03-09 16:57 - 2014-11-29 05:52 - 00000000 __SHD C:\Users\Joshua Jacquot\IntelGraphicsProfiles

2016-03-09 16:57 - 2014-11-29 05:35 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2016-03-09 16:51 - 2015-10-29 23:11 - 00000000 ____D C:\WINDOWS\CbsTemp

2016-03-09 16:43 - 2015-12-14 03:41 - 01011572 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2016-03-09 16:43 - 2015-10-29 23:21 - 00000000 ____D C:\WINDOWS\INF

2016-03-09 16:36 - 2015-12-19 12:08 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Local\CrashDumps

2016-03-09 16:36 - 2014-11-29 05:35 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2016-03-09 16:35 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\Globalization

2016-03-08 22:41 - 2014-11-29 05:36 - 00002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-03-08 22:37 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow

2016-03-08 22:37 - 2015-06-16 18:00 - 00000954 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3913031655-1247145700-3822439410-1000UA.job

2016-03-08 22:37 - 2015-06-16 18:00 - 00000902 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3913031655-1247145700-3822439410-1000Core.job

2016-03-08 22:37 - 2015-05-02 16:29 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2016-03-08 17:46 - 2014-12-01 15:55 - 00000000 ___RD C:\Users\Joshua Jacquot\Dropbox

2016-03-08 17:46 - 2014-12-01 15:54 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox

2016-03-08 16:44 - 2015-08-02 02:38 - 00000000 ____D C:\WINDOWS\system32\MRT

2016-03-08 16:42 - 2015-08-02 02:38 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2016-03-08 16:36 - 2015-06-13 14:14 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Roaming\Apple Computer

2016-03-08 16:18 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\NDF

2016-03-08 16:18 - 2015-01-22 21:40 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Local\ElevatedDiagnostics

2016-03-08 16:11 - 2015-12-14 03:39 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2016-03-08 16:11 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SchCache

2016-03-08 15:35 - 2015-10-29 23:24 - 00000000 ___HD C:\Program Files\WindowsApps

2016-03-08 15:15 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\Branding

2016-03-08 14:44 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\tracing

2016-03-07 21:41 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\schemas

2016-03-07 20:36 - 2015-12-14 03:41 - 00000000 ____D C:\Users\Joshua Jacquot

2016-03-07 20:36 - 2015-08-03 12:59 - 00000000 __RHD C:\Users\Public\AccountPictures

2016-03-07 20:18 - 2015-12-15 20:37 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Local\MicrosoftEdge

2016-03-07 19:31 - 2014-11-30 15:22 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Roaming\vlc

2016-03-07 15:12 - 2014-11-29 06:36 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Roaming\Azureus

2016-03-06 01:50 - 2014-12-01 15:38 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Local\Spotify

2016-03-06 00:55 - 2014-12-01 15:38 - 00000000 ____D C:\Users\Joshua Jacquot\AppData\Roaming\Spotify

2016-03-04 22:21 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\rescache

2016-03-04 20:10 - 2015-12-14 03:38 - 00241704 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2016-03-02 22:42 - 2015-10-30 01:07 - 00000000 ____D C:\Program Files\Windows Journal

2016-03-02 22:42 - 2015-10-29 23:24 - 00000000 __RSD C:\WINDOWS\Media

2016-03-02 22:42 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog

2016-03-02 22:42 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2016-03-02 22:42 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform

2016-03-02 22:42 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\appraiser

2016-03-02 22:42 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\bcastdvr

2016-03-02 22:42 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files\Windows Portable Devices

2016-03-02 22:42 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform

2016-03-02 22:42 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices

2016-03-02 22:42 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform

2016-03-02 22:42 - 2015-10-29 22:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism

2016-03-02 22:42 - 2015-10-29 22:28 - 00000000 ____D C:\WINDOWS\system32\Dism

2016-02-26 12:00 - 2015-11-13 23:48 - 00000000 ____D C:\Program Files\McAfee Security Scan

2016-02-16 18:17 - 2015-07-27 22:39 - 00000000 ____D C:\EAGLE-7.3.0

2016-02-12 10:43 - 2015-08-03 13:01 - 00002441 _____ C:\Users\Joshua Jacquot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2016-02-12 10:43 - 2015-08-03 13:01 - 00000000 ___RD C:\Users\Joshua Jacquot\OneDrive

 

==================== Files in the root of some directories =======

 

2016-03-07 20:03 - 2016-03-07 20:03 - 8037888 _____ () C:\Users\Joshua Jacquot\AppData\Roaming\agent.dat

2016-03-07 20:03 - 2016-03-07 20:03 - 0127488 _____ () C:\Users\Joshua Jacquot\AppData\Roaming\Installer.dat

2016-03-07 20:03 - 2016-03-07 20:03 - 0018432 _____ () C:\Users\Joshua Jacquot\AppData\Roaming\Main.dat

2016-03-07 20:03 - 2016-03-07 20:03 - 1902189 _____ () C:\Users\Joshua Jacquot\AppData\Roaming\Opewarm.tst

2016-03-07 20:03 - 2016-03-07 20:03 - 0072704 _____ () C:\Users\Joshua Jacquot\AppData\Roaming\Scotrantrax.tst

2016-03-07 20:04 - 2016-03-07 20:04 - 0000014 _____ () C:\Users\Joshua Jacquot\AppData\Local\77592347.txt

2016-03-07 20:04 - 2016-03-07 20:04 - 0000120 _____ () C:\Users\Joshua Jacquot\AppData\Local\abcdtemf.txt

2015-01-03 19:09 - 2015-11-09 18:40 - 2128896 _____ () C:\Users\Joshua Jacquot\AppData\Local\file__0.localstorage

2016-02-06 15:16 - 2016-02-06 15:16 - 0000036 _____ () C:\Users\Joshua Jacquot\AppData\Local\housecall.guid.cache

2015-11-02 02:45 - 2015-11-02 02:45 - 0005192 _____ () C:\Users\Joshua Jacquot\AppData\Local\recently-used.xbel

2016-02-16 10:47 - 2016-02-16 10:47 - 0006656 _____ () C:\Users\Joshua Jacquot\AppData\Local\tinstall.exe

2016-02-16 10:46 - 2016-02-16 10:46 - 0007168 _____ () C:\Users\Joshua Jacquot\AppData\Local\tinstall4.exe

2016-02-16 09:23 - 2016-02-16 09:23 - 0008192 _____ () C:\Users\Joshua Jacquot\AppData\Local\uid.exe

2015-12-14 03:39 - 2015-12-14 03:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

 

Some files in TEMP:

====================

C:\Users\Joshua Jacquot\AppData\Local\Temp\compete.exe

C:\Users\Joshua Jacquot\AppData\Local\Temp\DW75UZKZMW.exe

C:\Users\Joshua Jacquot\AppData\Local\Temp\dxdiag.exe

C:\Users\Joshua Jacquot\AppData\Local\Temp\i4jdel0.exe

C:\Users\Joshua Jacquot\AppData\Local\Temp\io4.exe

C:\Users\Joshua Jacquot\AppData\Local\Temp\io5.exe

C:\Users\Joshua Jacquot\AppData\Local\Temp\MSUO27HRMG.exe

C:\Users\Joshua Jacquot\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Joshua Jacquot\AppData\Local\Temp\nvSCPAPI64.dll

C:\Users\Joshua Jacquot\AppData\Local\Temp\nvStInst.exe

C:\Users\Joshua Jacquot\AppData\Local\Temp\sqlite3.dll

C:\Users\Joshua Jacquot\AppData\Local\Temp\tu17p84.exe

C:\Users\Joshua Jacquot\AppData\Local\Temp\{FF6EACB1-D30E-4172-B55F-A58419A59BF8}-49.0.2623.75_chrome_installer.exe

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2016-02-29 05:09

 

==================== End of FRST.txt ============================

 

 

 

 






Link to post
Share on other sites

For some reason I couldn't find the attachment button on here, so I;m posting the 'ADDITION.TXT" here...

 

 

 

 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Joshua Jacquot (2016-03-09 17:03:28)
Running from E:\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-14 11:46:31)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3913031655-1247145700-3822439410-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3913031655-1247145700-3822439410-503 - Limited - Disabled)
Guest (S-1-5-21-3913031655-1247145700-3822439410-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3913031655-1247145700-3822439410-1002 - Limited - Enabled)
Joshua Jacquot (S-1-5-21-3913031655-1247145700-3822439410-1000 - Administrator - Enabled) => C:\Users\Joshua Jacquot
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\...\Amazon Amazon Music) (Version: 3.7.0.693 - Amazon Services LLC)
APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.15.0811 - Gigabyte)
APP Center (x32 Version: 1.15.0811 - Gigabyte) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed® III v1.02 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.02 - Ubisoft)
AVS Video Converter 9.1 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 9.1.4.574 - Online Media Technologies Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Corsair Gaming Headset Software (HKLM-x32\...\{6118E939-08B6-4180-8B5B-97836617813B}) (Version: 2.0.35 - Corsair)
Corsair Utility Engine (HKLM-x32\...\{19891EA3-D477-44FB-96A6-C846A40DB4D6}) (Version: 1.3.91 - Corsair)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DesignSpark PCB 7.0 (x32 Version: 7.0.2 - RS Components) Hidden
DesignSpark PCB Version 7.0.2 (HKLM-x32\...\InstallShield_{D50700AA-D25A-463B-98BF-E09585325711}) (Version: 7.0.2 - RS Components)
DipTrace (HKLM\...\DipTrace) (Version: 2.4 - Novarm)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.5 - Electronic Arts)
Dropbox (HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
EAGLE 7.2.0 (HKLM-x32\...\EAGLE 7.2.0) (Version: 7.2.0 - CadSoft Computer GmbH)
EAGLE 7.3.0 (HKLM\...\EAGLE 7.3.0) (Version: 7.3.0 - CadSoft Computer GmbH)
EAGLE PCB Power Tools 5.06 (HKLM-x32\...\EAGLE PCB Power Tools 5.06) (Version:  - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EVGA PrecisionX 16 (HKLM-x32\...\{DD747735-7FA7-4F0F-903A-271D0DCE7240}) (Version: 5.2.7 - EVGA Corporation)
EVGA PrecisionX 16 (HKLM-x32\...\Steam App 268850) (Version:  - EVGA)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Geeks3D FurMark 1.15.1.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Network Connections 18.8.136.0 (HKLM\...\PROSetDX) (Version: 18.8.136.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LOOT (HKLM-x32\...\LOOT) (Version: 0.6.0 - LOOT Development Team)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.292.3 - McAfee, Inc.)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.23.2817 - Electronic Arts, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden
SIV (HKLM-x32\...\InstallShield_{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.00.0000 - GIGABYTE)
SIV (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Spotify (HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\...\Spotify) (Version: 1.0.23.90.g42187855 - Spotify AB)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.21.18.4608 - Enigma Software Group, LLC)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Lord of the Rings Online™ (HKLM-x32\...\Steam App 212500) (Version:  - Turbine, Inc.)
Tone Stack Calculator version 1.3 (HKLM-x32\...\{D1385B9C-DD6D-43FE-B07C-28A80B23422F}_is1) (Version: 1.3 - Duncan Amplification)
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.20 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.4 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3913031655-1247145700-3822439410-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3913031655-1247145700-3822439410-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Joshua Jacquot\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3913031655-1247145700-3822439410-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3913031655-1247145700-3822439410-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3913031655-1247145700-3822439410-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3913031655-1247145700-3822439410-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3913031655-1247145700-3822439410-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3913031655-1247145700-3822439410-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3913031655-1247145700-3822439410-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3913031655-1247145700-3822439410-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3913031655-1247145700-3822439410-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3913031655-1247145700-3822439410-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B81C0C5-84A6-42E5-9567-422A8ED4CBA5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {12A02143-F7F7-4218-B4A9-C1361CD9EA14} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {132198BD-E99A-4883-8595-3BEAFA6E6B7E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {13A049F6-B03C-47AA-A854-4941A36FC90F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {163E3993-AE31-4A23-8B52-8B128D4D2EBD} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {1BA18A52-B774-4FA9-B7E3-F1BAD39660DA} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {1E45A9AF-A6A6-4743-8E27-B2BA6DCEA13C} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {26B8736C-158D-4B27-8538-25295FA90FA2} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {2BA4A8A4-B497-40CC-B6BA-D70E917ED5B5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-08] (Microsoft Corporation)
Task: {30175BBD-9F99-4DDE-BE64-691DEEEEBFA0} - \osTip -> No File <==== ATTENTION
Task: {3757AAFE-BC9E-4D07-A058-254DAF4520B1} - \TKYGUGBWOODTNQRY -> No File <==== ATTENTION
Task: {3DC2DDBE-BFFF-4693-8BE4-CC5F3A3F0DE6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {432A908C-F6E5-443D-8AFE-F871213080F7} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {474C35E8-182B-4DA8-825F-A45B55D7E62F} - System32\Tasks\0iId9ycFhZoZ3WmMuUED-ni-2016-03-07-ni-16145-ni-1 => C:\Program Files (x86)\dizzy\acoustics.exe [2016-03-07] (windows 99)
Task: {4F6EAA43-948E-4D5C-A389-78F603B06973} - \CreateExplorerShellUnelevatedTask -> No File <==== ATTENTION
Task: {5FF954F2-08CE-4525-9C50-31733B90336F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {62F6B4C0-1954-496A-B7B3-0E830A0020DF} - \210322000 -> No File <==== ATTENTION
Task: {6A6A2C5B-A41A-4715-9C7E-7EB5A3F3F76D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6F484E41-E07A-4386-89E7-88C5F67C10BD} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {71468B62-255E-4C8E-9CB1-39B4B8C75791} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {732CD5B1-BAE8-452A-BFCE-2473C73E8ABA} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {74FC2D81-60DB-4CE2-824D-3C8F98336889} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {820BE8A1-7DA1-4F0B-9094-B2B290820CDD} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {85868D0F-2B02-46C8-B35F-DB45815215B9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {8827637D-F8E7-481A-B4E6-CA2C32194B04} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {919AF23A-BAF8-4122-9F74-E1DEC581F1AB} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {9BBD3744-3CFD-4E96-8424-E1F5773D9211} - System32\Tasks\3476718347671834767183476718 => C:\Program Files (x86)\dizzy\acoustics.exe [2016-03-07] (windows 99) <==== ATTENTION
Task: {9F65CC92-6B74-44FE-8D3B-3E16C2F42032} - \{F500B175-4884-49B6-AC1A-A8D57BFA3C30} -> No File <==== ATTENTION
Task: {A0B4EF59-F10B-48C9-A05D-834853F97B5D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {BE565111-F581-4E9D-9320-2B5F3547F44D} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {C73C0D56-F463-4A30-8CA4-5593144EADCA} - \DropboxUpdateTaskUserS-1-5-21-3913031655-1247145700-3822439410-1000UA -> No File <==== ATTENTION
Task: {CCD016B7-4C8D-437B-86A5-CAB678F79DBA} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {D4BE1C9E-602C-46F1-98E2-66055361AED6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {DCD71E09-E99F-4FF6-A104-591E6F1B1CFE} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {DE35FAD8-FF8E-439B-8909-770B22323B43} - System32\Tasks\170102 => C:\Program Files (x86)\dizzy\acoustics.exe [2016-03-07] (windows 99) <==== ATTENTION
Task: {DE8D2741-2BF4-4903-8ACD-8BCE6B632CB2} - System32\Tasks\{5C4815F9-06DE-4719-AF02-39AA07AA2B23} => pcalua.exe -a C:\Windows\system32\pbsvc.exe -c -u
Task: {DFECBD94-3A27-4042-97CA-37342024A1AF} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {E85F3C8B-F031-462A-A750-85BA3C9E9694} - \80952295 -> No File <==== ATTENTION
Task: {ED85C97B-F230-4F0D-80D6-6A8B1D3D6415} - \EVGAPrecisionX -> No File <==== ATTENTION
Task: {F5EB8B9C-724C-42D4-84A8-22DCAF88D20B} - \110322000 -> No File <==== ATTENTION
Task: {FDEC2236-26ED-4495-9B6C-E164002E54B3} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {FECE741C-CE06-4011-A987-B8EB712B99DB} - \DropboxUpdateTaskUserS-1-5-21-3913031655-1247145700-3822439410-1000Core -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3913031655-1247145700-3822439410-1000Core.job => C:\Users\Joshua Jacquot\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3913031655-1247145700-3822439410-1000UA.job => C:\Users\Joshua Jacquot\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\TKYGUGBWOODTNQRY.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{F48A614D-9813-4745-B969-48C137D54C42}.job => C:\WINDOWS\system32\msfeedssync.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Joshua Jacquot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G38zgutbl342,f70ea8ea-5eda-48bc-bbc6-608a7321c3a4,
ShortcutWithArgument: C:\Users\Joshua Jacquot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G38zgutbl342,f70ea8ea-5eda-48bc-bbc6-608a7321c3a4,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G38zgutbl342,f70ea8ea-5eda-48bc-bbc6-608a7321c3a4,
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-29 23:18 - 2015-10-29 23:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-14 03:39 - 2015-12-16 06:54 - 00126256 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-04-14 15:27 - 2015-04-14 15:27 - 00016896 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-19 11:27 - 2015-12-08 17:52 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-02 16:49 - 2016-02-23 03:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-02 16:49 - 2016-02-23 03:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-23 00:56 - 2016-01-23 00:56 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-19 00:40 - 2015-12-06 20:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 16:49 - 2016-02-23 00:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-30 09:52 - 2015-07-30 09:52 - 01244456 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe
2016-01-12 15:25 - 2016-01-04 17:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 15:25 - 2016-01-04 17:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-31 14:46 - 2016-01-15 21:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-31 14:46 - 2016-01-15 21:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-23 00:56 - 2016-01-23 00:56 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-23 00:56 - 2016-01-23 00:56 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-11-09 18:26 - 2015-12-08 17:53 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-01-22 13:53 - 2014-01-22 13:53 - 01607680 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\BDR_info.dll
2015-02-16 10:47 - 2015-02-16 10:47 - 00105472 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\ycc.dll
2016-03-08 22:41 - 2016-03-07 18:48 - 01676440 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll
2016-03-08 22:41 - 2016-03-07 18:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll
2016-03-09 16:32 - 2016-03-08 12:16 - 17541312 _____ () C:\Users\Joshua Jacquot\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.182\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2016-03-07 20:03 - 00001005 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\Control Panel\Desktop\\Wallpaper -> E:\Libraries\Pictures\fallout 4 background.png
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\...\StartupApproved\StartupFolder: => "APP Center.lnk"
HKU\S-1-5-21-3913031655-1247145700-3822439410-1000\...\StartupApproved\Run: => "Dynamation"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [uDP Query User{A7BA4DD0-0F4B-4397-9BEA-B8FC566DBA51}B:\games\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) B:\games\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [TCP Query User{E48EA24F-DD25-4AEC-94B2-1E854AAEA1F2}B:\games\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) B:\games\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [uDP Query User{E3A7210C-685B-4591-ACBE-4EE14A0F8D2A}B:\games\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) B:\games\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [TCP Query User{16361CBF-C791-4EDF-9506-E23DB43DBB16}B:\games\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) B:\games\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [{393D04F3-0217-4156-9C11-47697E77BECA}] => (Allow) B:\Games\Steam\steamapps\common\EVGA PrecisionX\Skins\UxfTool.exe
FirewallRules: [{BCA93889-8623-43A5-BA61-82AAFF18E22A}] => (Allow) B:\Games\Steam\steamapps\common\EVGA PrecisionX\Skins\UxfTool.exe
FirewallRules: [{908EA51E-28EA-4B66-B0DE-2BE2CDA0B87D}] => (Allow) B:\Games\Steam\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe
FirewallRules: [{CB35A786-442C-4F01-BDCE-CF27157FEAF3}] => (Allow) B:\Games\Steam\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe
FirewallRules: [{0A0B8431-F52F-4A60-B97D-3E82F8E3B5FA}] => (Allow) B:\Games\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{74007FD4-4242-4828-82E6-4B727B1E0E2D}] => (Allow) B:\Games\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{61550D8A-4C15-424B-81E3-8EEBABE36DD3}] => (Allow) B:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{291E9606-EB6A-4686-8C75-9B8D98612BAA}] => (Allow) B:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{F75B61AC-D8BF-4406-AC82-59087943DF39}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5F8068CD-07C2-467A-9F7E-882B8CFA42E3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{82B34E95-9C18-4A20-B44E-66153344C319}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{AE2D18BB-E7F8-4AC6-8D0E-09FB551082FE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CF8BBD73-F830-443E-8050-8E61CEEE7653}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{07954813-3F58-4EDF-8D39-97C2AE531460}] => (Allow) B:\Games\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{20489001-D64F-45BF-810C-9C43D2F1877E}] => (Allow) B:\Games\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{82993C6F-C704-44FE-B564-403CD19FA5F5}] => (Allow) B:\Games\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{37EF3A59-68D1-44DB-A314-4352AA7520D0}] => (Allow) B:\Games\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{5CF1C7A6-FE9A-44BB-BB8C-93086F61C484}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{56A3536A-8C40-4C9E-B175-93A178D68CE1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{16C80442-CDC1-4F18-8229-743C5E54BB17}] => (Allow) C:\Games\Steam\Steam.exe
FirewallRules: [{3971902D-BAE7-47F8-B2A1-64C0E9ECC051}] => (Allow) C:\Games\Steam\Steam.exe
FirewallRules: [{7564BB97-B0C0-4B99-89BB-4B216561B6C3}] => (Allow) C:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{3C84FA55-D71C-41E0-94D4-78A9FB7E71F5}] => (Allow) C:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{0D39BDC9-AAF0-48AE-A6C0-18B950A99A87}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{E56A7330-AE76-4E5B-987C-9C7064E7B9EA}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{4946CFC0-D724-4E0A-88E7-015EDC37BA48}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{32B4A989-58CE-470C-ABB9-04BC08E26461}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{A2746088-9633-42DA-B646-2378A58D047A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{1142969E-8C89-49BC-9D68-398C508F60A8}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{814855F1-31DB-466C-A9DB-4704090A5BF8}] => (Allow) C:\Games\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{81FFD82F-0A32-4539-BC65-D3C27C13A331}] => (Allow) C:\Games\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{81CAFCD6-3DB2-445E-B98C-90CA00D1BBF5}] => (Allow) C:\Games\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{534E9860-0FA7-42D6-A7B4-EF0B54F8E310}] => (Allow) C:\Games\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{4E778DC5-A4B2-43C9-935A-C4E71B5FE74C}] => (Allow) C:\Games\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{26D51D76-8188-4F07-8C0F-BDE31D07320C}] => (Allow) C:\Games\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{D6144BFB-D7BE-4FCF-BCB8-F75DAF775271}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{B236DA4E-4508-4C72-9749-E8CEF7FAB1E2}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{D6364AEB-AE47-4D4B-A9BF-A41A9255E5B9}C:\users\joshua jacquot\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joshua jacquot\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{6C01D2CC-EB60-4F71-B382-F8BEA652C807}C:\users\joshua jacquot\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joshua jacquot\appdata\roaming\spotify\spotify.exe
FirewallRules: [{545698DC-FDA7-49C6-AE1C-B3A8F03D5A8C}] => (Allow) C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9F927F5C-6767-4125-8EDA-C72C334CD144}] => (Allow) C:\Users\Joshua Jacquot\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{40049B3F-7DF4-487C-B25C-C4385B23785E}C:\users\joshua jacquot\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\joshua jacquot\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [uDP Query User{D4E0B034-4592-4268-9153-5101649BB2AF}C:\users\joshua jacquot\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\joshua jacquot\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{5FCD2CD6-F5A7-40B2-8B0A-DE15FAB5CEB6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{BF073E7D-5A62-452F-B75E-C163A693A1B1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [TCP Query User{F49B0A2E-80AC-4C8A-8852-C7DEED218BF3}C:\games\blizzard entertainment\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\games\blizzard entertainment\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [uDP Query User{80830FDA-0CA4-4DD9-9780-8F930C392056}C:\games\blizzard entertainment\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\games\blizzard entertainment\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{ED068B34-0EF8-45CF-888E-5FDD84B20B6D}] => (Allow) C:\Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{9016D81D-00D8-4D64-8D14-37973A10C76A}] => (Allow) C:\Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{108A3074-9F4A-4BC6-82DB-1349269422CD}] => (Allow) C:\Games\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{8DE49252-557B-4882-ABC6-3B12E99F3B7A}] => (Allow) C:\Games\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{FDFADDC8-7893-4213-9619-24771943DF86}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{84A3B4D1-07BF-4D11-9860-99B7A14E9C61}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{A46FF6D4-B207-4F48-8B68-13F976A1BE9F}] => (Allow) B:\Games\Steam\Steam.exe
FirewallRules: [{C45959B8-3F17-4D86-B5B5-3B167969E38D}] => (Allow) B:\Games\Steam\Steam.exe
FirewallRules: [{2D221DF5-C553-4E21-805F-45F168C81CE9}] => (Allow) B:\Games\Blizzard Entertainment\Hearthstone\Hearthstone.exe
FirewallRules: [{BC37DD31-D1FA-419B-ABA9-8B980364679A}] => (Allow) B:\Games\Blizzard Entertainment\Hearthstone\Hearthstone.exe
FirewallRules: [{C92A74D8-2898-4C4B-B4B0-9566B5F273CA}] => (Allow) B:\Games\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{61CECB22-667E-409D-8E6F-1FB43EE01459}] => (Allow) B:\Games\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{AD461A10-9334-4A29-8CE5-9D205C321376}] => (Allow) B:\Games\Steam\steamapps\common\Lord of the Rings Online\TurbineInvoker.exe
FirewallRules: [{4F59BDC8-FA9A-4E37-A76F-5BE348A1178E}] => (Allow) B:\Games\Steam\steamapps\common\Lord of the Rings Online\TurbineInvoker.exe
FirewallRules: [{C79FCDEB-C652-4648-91FD-8DA2C2339845}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{177D0E12-F05D-4E7D-83DE-72F6D19E351A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{06E165F6-009C-4A1E-A52F-AA5598748847}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{7195D857-0F96-47CA-9065-A127D7F9F288}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{DC7083D8-DFC7-440E-97F1-6806ABFF37F1}] => (Allow) B:\Games\Ubisoft Game Launcher\games\AC3SP.exe
FirewallRules: [{7BCA9702-2295-4CD3-86B1-311B85A710CF}] => (Allow) B:\Games\Ubisoft Game Launcher\games\AC3SP.exe
FirewallRules: [{2BD6E953-CC64-49E9-8B50-7E739C2F6447}] => (Allow) B:\Games\Ubisoft Game Launcher\games\AC3MP.exe
FirewallRules: [{3CF31B1F-06B7-4557-A8CE-C5FCCD87AD2F}] => (Allow) B:\Games\Ubisoft Game Launcher\games\AC3MP.exe
FirewallRules: [{0D2C6922-CC4A-44CD-ABAC-E01DA339AE7F}] => (Allow) B:\Games\Ubisoft Game Launcher\games\AssassinsCreed3.exe
FirewallRules: [{B53DA54E-098C-46B3-8981-6DA2EBC0B43F}] => (Allow) B:\Games\Ubisoft Game Launcher\games\AssassinsCreed3.exe
FirewallRules: [{68B1D426-3281-4771-8FAE-60E71F3D2362}] => (Block) B:\Games\My Games\Metro 2033 Redux\metro.exe
FirewallRules: [{198D30D6-9F65-463F-820C-6C7DEDCF2E4B}] => (Block) B:\Games\My Games\Metro Last Light Redux\metro.exe
FirewallRules: [{7EE1C675-2129-4429-8562-E51E9B427586}] => (Block) B:\Games\My Games\Metro Last Light Redux\metro_benchmark.exe
FirewallRules: [{2C7C5727-82D1-410B-8462-532A769CF089}] => (Block) B:\Games\My Games\Metro 2033 Redux\metro_benchmark.exe
FirewallRules: [{EEB8BBFA-2132-4F11-991E-5C0770F22374}] => (Block) B:\Games\My Games\Assassins Creed Unity\ACU.exe
FirewallRules: [{34590BA5-5CE1-4E62-BA5D-31C28DBC87E6}] => (Allow) B:\Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{508D7864-D3C1-41D3-A793-8F713C62D0B4}] => (Allow) B:\Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{C724F967-1D82-492B-9523-64FA7072B6FE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{6BDB95E0-2CD0-41AF-9FA3-7B9785553D05}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{C12B9669-3641-4272-933D-9914F2345DE8}B:\games\blizzard entertainment\starcraft ii\versions\base32283\sc2.exe] => (Allow) B:\games\blizzard entertainment\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [uDP Query User{6D48A61E-A448-4A69-A245-1A7742A558BA}B:\games\blizzard entertainment\starcraft ii\versions\base32283\sc2.exe] => (Allow) B:\games\blizzard entertainment\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{AD9234D3-54D1-4B20-AE46-F709145AAB47}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [uDP Query User{185F3A61-4C25-4BE6-BBC6-B18ADAFA0DE5}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [TCP Query User{3D0CABDC-7C42-488D-921F-1B9B275DA816}C:\users\joshua jacquot\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joshua jacquot\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{D8E9B302-30DB-42C0-82A8-9BD4B33CD785}C:\users\joshua jacquot\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joshua jacquot\appdata\roaming\spotify\spotify.exe
FirewallRules: [{CD67C327-BD19-461A-A810-31510E30AA7A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{84771A16-4A90-4C9A-A81A-F0DF3C1C101C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F75F53D0-A23A-429D-BD3B-D03CB70F702D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{50E2C7B8-4D7D-4984-8D76-1EA4F7BC01B0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FA1F6153-8FFD-4C7D-B990-0B172CB2620E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BAD3DF29-3A9B-4D41-94A0-DBC4D89A62C7}] => (Allow) C:\Program Files (x86)\dizzy\acoustics.exe
FirewallRules: [{F65AB188-0468-4E7C-BDC1-19D15E3B1963}] => (Allow) C:\Program Files (x86)\dizzy\acoustics.exe
FirewallRules: [{7174BDC1-9A0A-4AD5-AA73-5922EF4A7C5F}] => (Allow) C:\Program Files (x86)\dizzy\getcap.exe
FirewallRules: [{50834666-AB63-411C-A45D-62BF8C14D7AB}] => (Allow) C:\Program Files (x86)\dizzy\getcap.exe
FirewallRules: [{FFDF120D-9272-4D70-8511-5621F6837B15}] => (Allow) C:\a\winonit.exe
FirewallRules: [{151BD223-59C0-4C4E-9DB7-54E046C3272F}] => (Allow) C:\a\winonit.exe
FirewallRules: [{7FC7835E-CB6A-4AA1-9679-A56E56B626C7}] => (Allow) C:\Program Files (x86)\dizzy\useless.exe
FirewallRules: [{00C60F98-E32B-49DD-B184-880F41AAF288}] => (Allow) C:\Program Files (x86)\dizzy\useless.exe
FirewallRules: [{CF7080B0-3DE1-456E-98F5-5581B6AA7565}] => (Allow) C:\a\vchk.exe
FirewallRules: [{823BA44A-C555-4B51-B325-2AA5E6037C80}] => (Allow) C:\a\vchk.exe
FirewallRules: [{8325164A-6069-4893-8056-B050D89E6714}] => (Allow) C:\a\0iId9ycFhZoZ3WmMuUED-ni-2016-03-07-ni-16145-ni-1.exe
FirewallRules: [{5E32871C-9E48-4096-B5E5-898E9EA8C4B0}] => (Allow) C:\a\0iId9ycFhZoZ3WmMuUED-ni-2016-03-07-ni-16145-ni-1.exe
FirewallRules: [{6538C808-3872-4017-83BB-AE01485CF36D}] => (Allow) C:\Program Files (x86)\lace\prefer.exe
FirewallRules: [{EAD6E54F-D39C-4AD5-8FB3-9FA34BCADFAE}] => (Allow) C:\Program Files (x86)\lace\prefer.exe
FirewallRules: [{02E008E9-9DF4-4D7E-ACF1-9740F61EB9A8}] => (Allow) C:\Program Files (x86)\cowardly\wipe.exe
FirewallRules: [{867B000B-8B50-4E11-A2AA-81CEC38F4D55}] => (Allow) C:\Program Files (x86)\cowardly\wipe.exe
FirewallRules: [{DDE6445F-7B6F-4841-A37B-432562C68892}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/09/2016 04:57:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname JoshuaJacquot.local already in use; will try JoshuaJacquot-2.local instead
 
Error: (03/09/2016 04:57:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister   16 JoshuaJacquot.local. AAAA FE80:0000:0000:0000:3919:B880:83DC:0A6B
 
Error: (03/09/2016 04:57:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:3919:B880:83DC:0A6B:5353   16 JoshuaJacquot.local. AAAA 2605:E000:3594:A100:0000:0000:0000:0001
 
Error: (03/09/2016 04:36:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   21 B.6.A.0.C.D.3.8.0.8.8.B.9.1.9.3.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR JoshuaJacquot.local.
 
Error: (03/09/2016 04:36:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.2:5353   23 B.6.A.0.C.D.3.8.0.8.8.B.9.1.9.3.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR JoshuaJacquot-2.local.
 
Error: (03/09/2016 04:36:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   21 1.7.E.8.F.2.F.A.8.3.B.A.1.1.8.B.0.0.1.A.4.9.5.3.0.0.0.E.5.0.6.2.ip6.arpa. PTR JoshuaJacquot.local.
 
Error: (03/09/2016 04:36:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.2:5353   23 1.7.E.8.F.2.F.A.8.3.B.A.1.1.8.B.0.0.1.A.4.9.5.3.0.0.0.E.5.0.6.2.ip6.arpa. PTR JoshuaJacquot-2.local.
 
Error: (03/09/2016 04:36:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   21 B.6.A.0.C.D.3.8.0.8.8.B.9.1.9.3.0.0.1.A.4.9.5.3.0.0.0.E.5.0.6.2.ip6.arpa. PTR JoshuaJacquot.local.
 
Error: (03/09/2016 04:36:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.2:5353   23 B.6.A.0.C.D.3.8.0.8.8.B.9.1.9.3.0.0.1.A.4.9.5.3.0.0.0.E.5.0.6.2.ip6.arpa. PTR JoshuaJacquot-2.local.
 
Error: (03/09/2016 04:36:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   21 2.0.168.192.in-addr.arpa. PTR JoshuaJacquot.local.
 
 
System errors:
=============
Error: (03/09/2016 04:57:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The nplus service failed to start due to the following error: 
%%2
 
Error: (03/09/2016 04:57:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%2
 
Error: (03/09/2016 04:57:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMService service failed to start due to the following error: 
%%2
 
Error: (03/09/2016 04:57:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
%%1058
 
Error: (03/09/2016 04:57:20 PM) (Source: DCOM) (EventID: 10010) (User: JOSHUAJACQUOT)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (03/09/2016 04:57:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_4f424 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (03/09/2016 04:57:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_4f424 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (03/09/2016 04:57:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_4f424 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (03/09/2016 04:57:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4f424 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (03/09/2016 04:56:56 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
 
CodeIntegrity:
===================================
  Date: 2016-03-07 21:19:40.967
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-07 20:02:49.677
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-07 20:02:49.671
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-07 20:01:46.834
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-07 20:01:46.718
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-07 20:01:46.623
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-07 20:01:46.617
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-07 20:01:46.592
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-07 20:01:46.586
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-07 20:01:46.564
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 26%
Total physical RAM: 8037.58 MB
Available physical RAM: 5913.04 MB
Total Virtual: 16229.58 MB
Available Virtual: 13647.65 MB
 
==================== Drives ================================
 
Drive b: (SSD2) (Fixed) (Total:465.76 GB) (Free:209.45 GB) NTFS
Drive c: (SSD1) (Fixed) (Total:232.35 GB) (Free:137.42 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HDD) (Fixed) (Total:931.41 GB) (Free:696.18 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A7F1EF94)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 8B7987BF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 67C3F1EF)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 

 

==================== End of Addition.txt ============================
Link to post
Share on other sites

To attach a log or file select "More Reply Options" under the reply box, from the new box select "Browse" to find the log or file, double click direct on the unopened log or file to upload, then select "Attach This File" to do just that....

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.
 

Next,

 

dr_web_cureit_zpse80d87bf.jpg
Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)
 

  • The file will be randomly named
  • Reboot to safe mode <<<<<------------ http://www.computerhope.com/issues/chsafe.htm
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning


    drwebselect.JPG
     
  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats


    drwebfolders.JPG
     
  • Press start scan
  • The scan will now commence


    drwebscan.JPG
     
  • Once the scan has finished click open report <<<--- Do not miss this step


    drwebscancomplete.JPG
     
  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop


This log will be excessive,  Please attach it to your next reply…
 

 

Next,

 

Please open Malwarebytes Anti-Malware.
 

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

 

 

Let me see those logs in your reply, also give an update on any remaining issues or concerns...

 

Thank you,

 

Kevin...

 

 

Fixlist.txt

Link to post
Share on other sites






Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 3/10/2016

Scan Time: 1:36 PM

Logfile: 

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2015.09.22.05

Rootkit Database: v2015.09.18.01

License: Trial

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8

CPU: x64

File System: NTFS

User: Joshua Jacquot

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 424173

Time Elapsed: 5 min, 11 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 1

Trojan.Agent, C:\Windows\chromebrowser.exe, Quarantined, [29c4a989bfcc8babc2dbb82bb84948b8], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)





cureit.log

Fixlog.txt

Link to post
Share on other sites

Can you post the most recent Protection log, To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the Protection log which shows the most recent Date and time
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


 

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

 

Update, 3/10/2016 1:35 PM, SYSTEM, JOSHUAJACQUOT, Manual, Failed, No Internet connection detected, 

Update, 3/10/2016 1:36 PM, SYSTEM, JOSHUAJACQUOT, Manual, Failed, No Internet connection detected, 

Scan, 3/10/2016 1:41 PM, SYSTEM, JOSHUAJACQUOT, Manual, Start:3/10/2016 1:36 PM, Duration:5 min 11 sec, Threat Scan, Completed, 1 Malware Detection, 0 Non-Malware Detections, 

Protection, 3/10/2016 1:42 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malware Protection, Starting, 

Protection, 3/10/2016 1:42 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malware Protection, Started, 

Protection, 3/10/2016 1:42 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Starting, 

Protection, 3/10/2016 1:42 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Started, 

Update, 3/10/2016 1:43 PM, SYSTEM, JOSHUAJACQUOT, Scheduler, Rootkit Database, 2015.9.18.1, 2016.2.27.1, 

Update, 3/10/2016 1:43 PM, SYSTEM, JOSHUAJACQUOT, Scheduler, Remediation Database, 2015.9.16.1, 2016.3.5.1, 

Update, 3/10/2016 1:43 PM, SYSTEM, JOSHUAJACQUOT, Scheduler, IP Database, 2015.9.21.2, 2016.3.3.1, 

Update, 3/10/2016 1:43 PM, SYSTEM, JOSHUAJACQUOT, Scheduler, Domain Database, 2015.9.22.3, 2016.3.10.3, 

Update, 3/10/2016 1:43 PM, SYSTEM, JOSHUAJACQUOT, Scheduler, Malware Database, 2015.9.22.5, 2016.3.10.6, 

Protection, 3/10/2016 1:43 PM, SYSTEM, JOSHUAJACQUOT, Protection, Refresh, Starting, 

Protection, 3/10/2016 1:43 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Stopping, 

Protection, 3/10/2016 1:43 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Stopped, 

Protection, 3/10/2016 1:43 PM, SYSTEM, JOSHUAJACQUOT, Protection, Refresh, Success, 

Protection, 3/10/2016 1:43 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Starting, 

Protection, 3/10/2016 1:43 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Started, 

Detection, 3/10/2016 1:52 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51552, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 1:52 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51552, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 1:52 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51553, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 1:52 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51554, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 1:52 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51555, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:02 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51810, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:02 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51812, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:02 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51811, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:02 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51813, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:02 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51814, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:12 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51949, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:12 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51950, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:12 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51952, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:12 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51951, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:12 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51953, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:22 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51996, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:22 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51997, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:22 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51998, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

Detection, 3/10/2016 2:22 PM, SYSTEM, JOSHUAJACQUOT, Protection, Malicious Website Protection, Domain, 162.222.192.36, dotap.dotdo.net, 51999, Outbound, C:\Program Files (x86)\dizzy\acoustics.exe, 

 

(end)

Link to post
Share on other sites

Thanks for the log, can you navigate to this file: C:\Program Files (x86)\dizzy\acoustics.exe

 

Do not open the executable, right click direct onto it then select > send to > compressed (zipped) folder... Attach that folder to your reply..

 

Next,

 

Upload a File to Virustotal

Go to http://www.virustotal.com/

  • Click the Choose file button
  • Navigate to the file C:\Program Files (x86)\dizzy\acoustics.exe
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.

 

Thanks,

 

Kevin
 

Link to post
Share on other sites

Antivirus Result Update Qihoo-360 HEUR/QVM03.0.0000.Malware.Gen 20160310 ALYac   20160310 AVG   20160310 AVware   20160310 Ad-Aware   20160310 AegisLab   20160310 Agnitum   20160310 AhnLab-V3   20160310 Alibaba   20160310 Antiy-AVL   20160310 Arcabit   20160310 Avast   20160310 Avira (no cloud)   20160310 Baidu   20160310 Baidu-International   20160310 BitDefender   20160310 Bkav   20160310 ByteHero   20160310 CAT-QuickHeal   20160310 CMC   20160307 ClamAV   20160310 Comodo   20160310 Cyren   20160310 DrWeb   20160310 ESET-NOD32   20160310 Emsisoft   20160310 F-Prot   20160310 F-Secure   20160310 Fortinet   20160310 GData   20160310 Ikarus   20160310 Jiangmin   20160310 K7AntiVirus   20160310 K7GW   20160310 Kaspersky   20160310 Malwarebytes   20160310 McAfee   20160310 McAfee-GW-Edition   20160310 eScan   20160310 Microsoft   20160310 NANO-Antivirus   20160310 Panda   20160310 Rising   20160310 SUPERAntiSpyware   20160310 Sophos   20160310 Symantec   20160310 Tencent   20160310 TheHacker   20160310 TrendMicro   20160310 TrendMicro-HouseCall   20160310 VBA32   20160310 VIPRE   20160310 ViRobot   20160310 Zillya   20160310 Zoner   20160310 nProtect   20160310

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
 FileVersionInfo properties
Copyright
2015
Product network service
Original name acoustics.exe
Internal name acoustics.exe
File version 1.0.2.0
Description network service
Comments network service
 PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-08 04:02:10
Entry Point 0x0000AF9E
Number of sections 3
 .NET details
Module Version ID 04a7b67a-9c24-4490-be39-18f2ad4cfc2a
 PE sections
Name Virtual address Virtual size Raw size Entropy MD5
.text 8192 36772 36864 5.44 1779b4764e63ec333598de08f5baebc7
.rsrc 49152 1512 1536 4.17 bc24c08ddca69ed1ca05fc4c13ac6482
.reloc 57344 12 512 0.08 56add030f8e08e0b0319969a5ad7a879
 PE imports  Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
 Number of PE resources by language
NEUTRAL 2
 Debug information
Type Timestamp Offset Size
IMAGE_DEBUG_TYPE_CODEVIEW (2) Tue Mar 08 04:02:10 2016 36912 284 Bytes
 ExifTool file metadata
LegalTrademarks
trade
SubsystemVersion
4.0
Comments
network service
LinkerVersion
11.0
ImageVersion
0.0
FileSubtype
0
FileVersionNumber
1.0.2.0
LanguageCode
Neutral
FileFlagsMask
0x003f
FileDescription
network service
CharacterSet
Unicode
InitializedDataSize
2048
EntryPoint
0xaf9e
OriginalFileName
acoustics.exe
MIMEType
application/octet-stream
LegalCopyright
2015
FileVersion
1.0.2.0
TimeStamp
2016:03:08 05:02:10+01:00
FileType
Win32 EXE
PEType
PE32
InternalName
acoustics.exe
ProductVersion
1.0.2.0
UninitializedDataSize
0
OSVersion
4.0
FileOS
Win32
Subsystem
Windows GUI
MachineType
Intel 386 or later, and compatibles
CompanyName
windows 99
CodeSize
36864
ProductName
network service
ProductVersionNumber
1.0.2.0
FileTypeExtension
exe
ObjectFileType
Executable application
AssemblyVersion
1.0.2.0
 
 
 
 File identification
MD5 00c496bc6a24710dc4824d1da914bafc
SHA1 d5eb8925ffdad94c3fba4ad544ddec7c77563981
SHA256 d1751a8c4b94211d4916d82580ea1781583efcdb16ef4dade338da99e7467bf5
ssdeep
768:yJaaKpZcbrgsc0swYHe8bSstSedczh1RdR:Rg3/c0RYHbbSWSeidPv
authentihash  cf44f4b88118ce1203f5c9474dc1557c9da55079d4fd42dac4dc76e74617a2a1
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
File size 38.5 KB ( 39424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly
TrID Generic CIL Executable (.NET, Mono, etc.) (72.2%)

Windows screen saver (12.9%)

Win32 Dynamic Link Library (generic) (6.4%)

Win32 Executable (generic) (4.4%)

Generic Win/DOS Executable (1.9%)

Tags
peexe assembly
 VirusTotal metadata
First submission 2016-03-10 22:56:45 UTC ( 14 minutes ago )
Last submission 2016-03-10 22:56:45 UTC ( 14 minutes ago )
File names acoustics.exe

 

acoustics.zip

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.
 

Next,

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


 

Post those logs, let me know if there is any improvement..

 

Thank you,

 

Kevin

 

 

Fixlist.txt

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 3/10/2016

Scan Time: 4:10 PM

Logfile: 

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2016.03.10.07

Rootkit Database: v2016.02.27.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 10

CPU: x64

File System: NTFS

User: Joshua Jacquot

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 414082

Time Elapsed: 5 min, 20 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Fixlog.txt

Link to post
Share on other sites

It's loading malware removal websites again (wasnt before), according to mbam isnt trying to make malicious connections anymore and I no longer have that program file in my (x86) files. My processes arent overloading themselves anymore either.

Things look great!

Thank you so very much. You were super prompt and helpful. This is why mbam and its support are the best.

Link to post
Share on other sites

I think we cross post there, yes a lot going on with your system. I`d like you to run FRST again, make sure we leave no remnants....

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....

 

Thanks,

 

Kevin
 

Link to post
Share on other sites

Yes those logs look ok, only one entry I miss... C:\WINDOWS\run.vbs unless you are aware of that file do the following...

 

Open Notepad, select "Format" from the menu bar, make sure "Word Wrap" is not checked. Copy the text from the code box below to Notepad.

@echo offdel /f /s /q "C:\WINDOWS\run.vbs"del %0

Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
It should look like this: batfileicon.gif<--XP vista_bat_icon.png <--vista or windows 7/8
Double click on delfile.bat to execute it.
A black CMD window will flash, then disappear...this is normal.
The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

 

Next,

 

Clean up as follows...

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:



  •    
  • Remove disinfection tools
       
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
       
  • Reset system settings



Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

 

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin...  busy.gif


 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.