GMcommand02 Posted March 19, 2016 ID:1026826 Share Posted March 19, 2016 Hello Malwarebyte, Yesterday I ran a scan of my computer with Malwarebyte and FRST. My FRST log indicated several whitelisted files with "srv.exe" attached at the end of the file names. I've read that this might be an indication of a Virut viral infection. My Malwarebyte scan turned out to be clean. Is my computer infected? Here is my Malwarebyte scan log. Scan Date: 3/18/2016 Scan Time: 4:10 PM Logfile: mbam scan mar18 2016.txt Administrator: Yes Version: 2.2.0.1024 Malware Database: v2016.03.18.05 Rootkit Database: v2016.03.12.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS Scan Type: Threat Scan Result: Completed Objects Scanned: 465065 Time Elapsed: 49 min, 29 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Here is my FRST log Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 Running from C:\Users\Daniel\Desktop\anti-malware programs Loaded Profiles: Daniel (Available Profiles: Daniel & Guest) Platform: Windows 8.1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\MDM.EXE (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Akamai Technologies, Inc.) C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\WinStore\WSHost.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [21888 2012-07-30] () HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5292664 2012-09-23] (VIA) HKLM\...\Run: [VIAAUD] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe [2538616 2012-09-23] (VIA) HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Qualcomm Atheros Commnucations) HKLM\...\Run: [SBRegRebootCleaner] => "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" HKLM\...\Run: [] => [X] HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe [9581280 2016-01-28] () HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-05] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\...\Run: [Akamai NetSession Interface] => C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.) HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation) HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\...\MountPoints2: {198aaad0-d460-11e2-bec7-50465d37df9e} - "E:\Autorun.exe" HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\...\MountPoints2: {f56852ca-b82b-11e2-bec0-9cebe801ec10} - "E:\LaunchU3.exe" HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [133632 2014-10-28] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-11-04] ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-05-21] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{3047D1C8-5ADB-4C45-9DFA-9EC83B807FE6}: [DhcpNameServer] 172.22.148.169 Tcpip\..\Interfaces\{387708EF-D60A-42B4-9332-E3A6FC64114D}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2655553466-1105578518-2785777168-1008 -> {0D7A941A-D92C-B92A-06EB-0BA1C900E3A1} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-09] (Microsoft Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06] (McAfee, Inc.) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-12] (Oracle Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-09] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-12] (Oracle Corporation) FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-12] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-12] (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [2013-09-06] (McAfee, Inc.) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-10] (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-05-01] (Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-14] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation) FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found Chrome: ======= CHR HomePage: Default -> hxxp://www.google.ca/ CHR StartupUrls: Default -> "hxxp://www.google.ca/","hxxp://www.theweathernetwork.com/weather/canada/ontario/waterloo" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\pdf.dll => No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF) CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll => No File CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Google Search) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Google Docs Offline) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-02] CHR Extension: (Gmail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [File not signed] R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed] R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-03-18] (SurfRight B.V.) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe [712432 2016-01-28] () S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-05-01] (Nitro PDF Software) R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.) S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed] R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-09-14] (VIA Technologies, Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed] S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros) R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation) R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation) R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation) R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation) R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-10-07] (GFI Software) R1 inpoutx64; C:\Windows\System32\drivers\inpoutx64.sys [15008 2013-05-28] (Highresolution Enterprises [www.highrez.co.uk]) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( ) R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation) S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-12-09] (BitDefender S.R.L.) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X] S1 kruyssde; \??\C:\WINDOWS\system32\drivers\kruyssde.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-18 14:58 - 2016-03-18 16:08 - 00000735 _____ C:\Users\Daniel\Desktop\Mar.18.txt 2016-03-18 13:04 - 2016-03-18 13:04 - 00000000 ____D C:\Users\Daniel\Doctor Web 2016-03-18 03:09 - 2016-03-18 03:09 - 00001911 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2016-03-18 03:09 - 2016-03-18 03:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2016-03-18 03:00 - 2016-03-18 03:00 - 00000623 _____ C:\Users\Daniel\Desktop\JRT.txt 2016-03-18 02:44 - 2016-03-18 19:56 - 00000000 ____D C:\Program Files (x86)\AdwCleaner 2016-03-09 00:20 - 2016-03-18 14:55 - 00000809 _____ C:\Users\Daniel\Desktop\TO DO LIST Mar.8.txt 2016-03-08 22:16 - 2016-03-08 22:16 - 00029926 _____ C:\Users\Daniel\Downloads\Course Outline.pdf 2016-03-08 18:54 - 2016-02-20 11:45 - 01373184 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-03-08 18:54 - 2016-02-20 11:45 - 01168896 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-03-08 18:54 - 2016-02-20 11:45 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-03-08 18:54 - 2016-02-20 11:45 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-03-08 18:54 - 2016-02-20 11:45 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-03-08 18:54 - 2016-02-20 11:45 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-03-08 18:54 - 2016-02-08 17:05 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-03-08 18:54 - 2016-02-08 16:39 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-03-08 18:54 - 2016-02-08 16:34 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-03-08 18:54 - 2016-02-08 16:29 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll 2016-03-08 18:54 - 2016-02-08 16:28 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2016-03-08 18:54 - 2016-02-08 16:10 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-03-08 18:54 - 2016-02-08 16:07 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2016-03-08 18:54 - 2016-02-08 16:05 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-03-08 18:54 - 2016-02-08 16:03 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2016-03-08 18:54 - 2016-02-08 16:02 - 13012480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-03-08 18:54 - 2016-02-08 16:02 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-03-08 18:54 - 2016-02-08 16:01 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-03-08 18:54 - 2016-02-08 15:43 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-03-08 18:54 - 2016-02-08 15:39 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-03-08 18:54 - 2016-02-08 15:38 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-03-08 18:54 - 2016-02-08 14:27 - 02887680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-03-08 18:54 - 2016-02-08 14:26 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-03-08 18:54 - 2016-02-08 14:16 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-03-08 18:54 - 2016-02-08 14:14 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll 2016-03-08 18:54 - 2016-02-08 14:13 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-03-08 18:54 - 2016-02-08 13:51 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2016-03-08 18:54 - 2016-02-08 13:42 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2016-03-08 18:54 - 2016-02-08 13:37 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2016-03-08 18:54 - 2016-02-08 13:34 - 00798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-03-08 18:54 - 2016-02-08 13:33 - 14613504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-03-08 18:54 - 2016-02-08 13:33 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-03-08 18:54 - 2016-02-08 13:19 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-03-08 18:54 - 2016-02-08 13:15 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2016-03-08 18:54 - 2016-02-08 13:07 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-03-08 18:54 - 2016-02-08 12:55 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-03-08 18:54 - 2016-02-05 15:06 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-03-08 18:54 - 2016-01-06 14:25 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2016-03-08 18:54 - 2015-12-30 17:53 - 02017624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2016-03-08 18:53 - 2016-02-05 10:59 - 07784960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-03-08 18:53 - 2016-02-05 10:55 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-03-08 18:53 - 2016-02-05 10:48 - 07075840 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll 2016-03-08 18:53 - 2016-02-05 10:47 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll 2016-03-08 18:53 - 2016-01-24 14:19 - 00419160 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2016-03-08 18:53 - 2016-01-24 14:19 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2016-03-08 18:53 - 2016-01-24 14:19 - 00331608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2016-03-08 18:53 - 2016-01-24 07:57 - 01335296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2016-03-08 18:53 - 2016-01-24 07:45 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2016-03-08 18:53 - 2016-01-08 21:49 - 00218448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2016-03-08 18:53 - 2016-01-08 21:49 - 00192120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2016-03-08 18:53 - 2016-01-08 21:38 - 00091992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys 2016-03-08 18:52 - 2016-02-12 15:14 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-03-08 18:52 - 2016-02-12 11:14 - 03708416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-03-08 18:52 - 2016-02-12 10:55 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2016-03-08 18:52 - 2016-02-12 10:54 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2016-03-08 18:52 - 2016-02-12 10:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2016-03-08 18:52 - 2016-02-12 10:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2016-03-08 18:52 - 2016-02-12 10:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2016-03-08 18:52 - 2016-02-12 10:51 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2016-03-08 18:52 - 2016-02-12 10:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2016-03-08 18:52 - 2016-02-12 10:48 - 02244096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2016-03-08 18:52 - 2016-02-12 10:47 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2016-03-08 18:52 - 2016-02-12 10:46 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2016-03-08 18:52 - 2016-02-11 10:21 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll 2016-03-08 18:52 - 2016-02-11 10:21 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll 2016-03-08 18:52 - 2016-02-11 10:20 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll 2016-03-08 18:52 - 2016-02-11 10:20 - 00536776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll 2016-03-08 18:52 - 2016-02-06 14:08 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll 2016-03-08 18:52 - 2016-02-06 12:58 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-03-08 18:52 - 2016-02-06 12:32 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-03-08 18:52 - 2016-02-05 15:07 - 00292696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL 2016-03-08 18:52 - 2016-02-05 15:07 - 00243032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL 2016-03-08 18:52 - 2016-02-05 11:03 - 15432704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-03-08 18:52 - 2016-02-05 11:00 - 13318144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-03-08 18:52 - 2016-02-04 14:18 - 04174336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-03-08 18:52 - 2016-02-04 14:18 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2016-03-08 18:52 - 2016-02-04 14:12 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2016-03-08 18:52 - 2016-02-04 13:44 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2016-03-08 18:52 - 2016-02-04 13:39 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2016-03-08 18:52 - 2016-02-04 13:24 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2016-03-08 18:52 - 2016-02-04 13:02 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll 2016-03-08 18:52 - 2016-02-03 16:37 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-03-08 18:52 - 2016-02-03 16:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-03-08 18:52 - 2016-02-03 11:09 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2016-03-08 18:52 - 2016-02-03 11:00 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll 2016-03-08 18:52 - 2016-02-03 11:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll 2016-03-08 18:52 - 2016-01-31 15:16 - 00148832 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS 2016-03-08 18:52 - 2016-01-15 12:56 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2016-03-08 18:52 - 2016-01-15 12:45 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll 2016-03-08 18:52 - 2016-01-10 12:41 - 01707008 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2016-03-08 18:52 - 2016-01-10 12:31 - 01344512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2016-03-08 18:52 - 2016-01-06 19:46 - 00148752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll 2016-03-08 18:52 - 2016-01-06 19:45 - 00177712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll 2016-03-08 18:52 - 2016-01-06 12:47 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2016-03-08 18:52 - 2016-01-05 11:00 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2016-03-08 18:52 - 2015-12-30 16:49 - 00470360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2016-03-08 18:52 - 2015-12-20 10:57 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2016-03-08 18:52 - 2015-12-20 10:56 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe 2016-03-08 18:52 - 2015-12-20 10:43 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2016-03-08 18:52 - 2015-11-19 10:33 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2016-03-08 18:52 - 2015-11-19 10:26 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2016-03-04 13:07 - 2016-03-04 13:07 - 00057215 _____ C:\Users\Daniel\Downloads\Assignment 2 ANSWERS (W16).pdf 2016-03-04 04:11 - 2016-03-04 04:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-03-02 23:05 - 2016-03-06 16:54 - 00000548 _____ C:\Users\Daniel\Desktop\Mar.02 to do list.txt 2016-03-02 23:05 - 2016-03-02 23:05 - 00000447 _____ C:\Users\Daniel\Downloads\Mar.02 to do list (1).txt 2016-03-02 21:29 - 2016-03-18 14:26 - 00000000 ____D C:\WINDOWS\AutoKMS ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-18 20:01 - 2014-07-26 19:22 - 00000000 ____D C:\Users\Daniel\Desktop\anti-malware programs 2016-03-18 20:01 - 2014-06-24 23:36 - 00000000 ____D C:\FRST 2016-03-18 19:59 - 2014-10-19 21:38 - 00000000 ____D C:\Users\Daniel 2016-03-18 19:59 - 2013-02-08 21:55 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-03-18 19:57 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-03-18 19:56 - 2013-08-22 09:25 - 09175040 ___SH C:\WINDOWS\system32\config\BBI 2016-03-18 19:41 - 2014-06-24 05:54 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-03-18 19:25 - 2013-02-08 21:55 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-18 18:51 - 2014-10-19 23:01 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4739AD00-3BC1-4737-90D4-5D00EC161AC1} 2016-03-18 13:48 - 2013-06-23 16:46 - 00000000 ____D C:\Users\Daniel\AppData\Local\Packages 2016-03-18 05:18 - 2015-05-06 14:05 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2655553466-1105578518-2785777168-1008 2016-03-18 05:06 - 2015-08-26 18:53 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Nitro PDF 2016-03-18 04:25 - 2014-09-24 03:15 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-03-18 04:25 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf 2016-03-18 04:23 - 2013-12-30 13:45 - 00003474 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1 2016-03-18 04:23 - 2013-12-30 13:45 - 00003464 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2 2016-03-18 03:09 - 2015-01-27 14:13 - 00000000 ____D C:\Program Files\HitmanPro 2016-03-17 22:13 - 2014-04-20 01:19 - 00000000 ____D C:\Users\Daniel\Documents\tax 2016-03-15 01:26 - 2013-03-08 17:26 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-03-15 01:26 - 2013-03-08 17:26 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-03-14 16:53 - 2013-05-15 20:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2016-03-14 15:40 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-03-14 15:38 - 2013-05-15 20:17 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-03-13 19:28 - 2015-10-03 12:20 - 00023471 _____ C:\WINDOWS\BRRBCOM.INI 2016-03-12 13:10 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-03-11 17:56 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache 2016-03-10 23:42 - 2013-08-22 10:44 - 00486088 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-03-10 23:37 - 2014-12-13 18:49 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-03-09 01:09 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-03-09 01:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-03-09 01:09 - 2013-07-19 18:01 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-03-09 01:03 - 2012-12-12 22:43 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-03-09 01:02 - 2012-08-04 21:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2016-03-09 00:59 - 2012-07-26 01:26 - 00000220 _____ C:\WINDOWS\win.ini 2016-03-08 18:52 - 2015-12-09 12:28 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-03-08 18:52 - 2015-12-09 12:27 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-03-08 18:52 - 2015-12-09 12:27 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-03-08 03:00 - 2014-11-14 19:48 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-03-08 03:00 - 2014-11-14 19:48 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-03-06 14:12 - 2014-07-12 23:18 - 00000000 ____D C:\Users\Daniel\Documents\house rental 2016-03-06 12:45 - 2015-05-13 22:17 - 00000000 ____D C:\Users\Daniel\Documents\other pwd 2016-03-05 15:11 - 2013-10-07 15:44 - 00000000 ____D C:\Users\Daniel\Documents\food 2016-03-04 12:06 - 2013-01-02 16:32 - 00000419 _____ C:\WINDOWS\BRWMARK.INI 2016-03-04 12:06 - 2013-01-02 16:32 - 00000027 _____ C:\WINDOWS\BRPP2KA.INI 2016-03-03 22:47 - 2014-10-20 01:23 - 00000000 ___DC C:\WINDOWS\Panther 2016-03-03 22:44 - 2015-10-30 05:42 - 00000000 ___HD C:\$WINDOWS.~BT 2016-03-02 19:46 - 2014-09-24 02:53 - 00000000 ____D C:\WINDOWS\ShellNew 2016-03-02 18:57 - 2014-09-24 02:53 - 00000000 ____D C:\Program Files\Windows Journal 2016-03-02 18:57 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData 2016-03-02 18:54 - 2015-04-04 11:06 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX 2016-03-02 18:54 - 2015-04-04 11:06 - 00000000 ___SD C:\WINDOWS\system32\GWX 2016-03-02 18:45 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\Help 2016-03-02 18:26 - 2014-10-30 14:52 - 00000000 ____D C:\Users\Daniel\Documents\CONESTOGA COLLEGE 2016-03-02 18:13 - 2013-10-07 15:45 - 00000000 ____D C:\Users\Daniel\Documents\dan's ==================== Files in the root of some directories ======= 2015-12-25 16:28 - 2015-12-25 16:28 - 0003584 _____ () C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-28 16:22 - 2015-12-04 17:52 - 0004096 ____H () C:\Users\Daniel\AppData\Local\keyfile3.drm 2013-07-23 01:53 - 2015-01-16 22:48 - 0007597 _____ () C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg 2012-08-04 21:42 - 2012-07-30 02:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd 2012-08-04 21:42 - 2009-07-22 06:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe Files to move or delete: ==================== C:\Users\Daniel\comcat5.dll Some files in TEMP: ==================== C:\Users\Daniel\AppData\Local\Temp\AudioProjection.dll C:\Users\Daniel\AppData\Local\Temp\AWFirewallController.dll C:\Users\Daniel\AppData\Local\Temp\awiscale.dll C:\Users\Daniel\AppData\Local\Temp\AWZC.dll C:\Users\Daniel\AppData\Local\Temp\ConnectAP.dll C:\Users\Daniel\AppData\Local\Temp\CoreAudio.exe C:\Users\Daniel\AppData\Local\Temp\CoreAudioCap.dll C:\Users\Daniel\AppData\Local\Temp\CoreAudioMixer.exe C:\Users\Daniel\AppData\Local\Temp\DisplayLib.dll C:\Users\Daniel\AppData\Local\Temp\DLCapPP.dll C:\Users\Daniel\AppData\Local\Temp\DXCap.dll C:\Users\Daniel\AppData\Local\Temp\DXCap64.dll C:\Users\Daniel\AppData\Local\Temp\EDesktopAPI.dll C:\Users\Daniel\AppData\Local\Temp\HitmanPro_x64.exe C:\Users\Daniel\AppData\Local\Temp\JpegCD.dll C:\Users\Daniel\AppData\Local\Temp\libcurl.dll C:\Users\Daniel\AppData\Local\Temp\libiconv.dll C:\Users\Daniel\AppData\Local\Temp\libintl.dll C:\Users\Daniel\AppData\Local\Temp\Magnify.exe C:\Users\Daniel\AppData\Local\Temp\MagnifyCursor.exe C:\Users\Daniel\AppData\Local\Temp\MixerDevconTester.exe C:\Users\Daniel\AppData\Local\Temp\PidGenX.dll C:\Users\Daniel\AppData\Local\Temp\RmFirewallExe.exe C:\Users\Daniel\AppData\Local\Temp\ShareLink200.exe C:\Users\Daniel\AppData\Local\Temp\sqlite3.dll C:\Users\Daniel\AppData\Local\Temp\xH264E.dll C:\Users\Daniel\AppData\Local\Temp\zlib1.dll C:\Users\Daniel\AppData\Local\Temp\_is1318.exe C:\Users\Daniel\AppData\Local\Temp\_is1DCA.exe C:\Users\Daniel\AppData\Local\Temp\_is5FB3.exe C:\Users\Daniel\AppData\Local\Temp\_is8D9D.exe C:\Users\Daniel\AppData\Local\Temp\_isAB76.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-03-18 17:00 ==================== End of FRST.txt ============================ Here is my FRST's Addition.txt log Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by Daniel (2016-03-18 20:03:46) Running from C:\Users\Daniel\Desktop\anti-malware programs Windows 8.1 (X64) (2014-10-20 02:23:28) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2655553466-1105578518-2785777168-500 - Administrator - Disabled) Daniel (S-1-5-21-2655553466-1105578518-2785777168-1008 - Administrator - Enabled) => C:\Users\Daniel Guest (S-1-5-21-2655553466-1105578518-2785777168-501 - Limited - Enabled) => C:\Users\Guest ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Ad-Aware Antivirus (Disabled - Out of date) {B0CC18C6-E527-6EE6-874C-9D19920E5619} AS: Ad-Aware Antivirus (Disabled - Out of date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ad-Aware Antivirus (HKLM\...\{50E2E8FE-1F8B-4F21-BE9F-F9152D3EA5B1}_AdAwareUpdater) (Version: 11.10.767.8917 - Lavasoft) AdAwareInstaller (Version: 11.10.767.8917 - Lavasoft) Hidden AdAwareUpdater (Version: 11.10.767.8917 - Lavasoft) Hidden Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated) Akamai NetSession Interface (HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\...\Akamai) (Version: - Akamai Technologies, Inc) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.3.143.61629 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 3.3.143.61629 - Alcor Micro Corp.) Hidden Amazon Kindle (HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\...\Amazon Kindle) (Version: - Amazon) AntimalwareEngine (Version: 3.0.99.0 - Lavasoft) Hidden ArmA 2 Free Uninstall (HKLM-x32\...\ArmA 2) (Version: - ) ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS) ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.5 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS) ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS) ASUS VivoBook (HKLM\...\{04FDBE69-F9FD-42A2-9008-E5CE7F60C6BE}) (Version: 1.0.8 - ASUS) ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation) AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS) Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Brother MFL-Pro Suite MFC-J450DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Connect (HKLM-x32\...\Connect) (Version: 1.4.13206.0 - Cisco Consumer Products LLC) Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden GroupLab.Networking 1.2.8 (HKLM-x32\...\{88A2E386-7423-4902-9BA0-03C281559422}) (Version: 1.2.8 - GroupLab, Dept. of Computer Science, U. of Calgary) HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.) Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle) JavaScript Tooling (Version: 11.0.60315 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.) Mendeley Desktop 1.8.4 (HKLM-x32\...\Mendeley Desktop) (Version: 1.8.4 - Mendeley Ltd.) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation) Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SOAP Toolkit 3.0 (HKLM-x32\...\{BCB4C18A-ACA6-4383-8688-E19933A705DD}) (Version: 3.0.1325.4 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{79A2C6E8-C727-4D12-B4B3-19790C181DEA}) (Version: 10.52.4000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Express 2012 for Windows 8 - ENU (HKLM-x32\...\{2a7b31dd-dc98-464c-bd05-cf42432fb809}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (HKLM-x32\...\{55a51ce7-3c9d-4d4e-9464-c725923be253}) (Version: 11.0.50727.42 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML4SP2 (HKLM-x32\...\{451BB54C-8B23-4455-8BDC-14FC7D43E056}) (Version: 1.00.0000 - Logiciel Dr Tax Software Inc.) Nitro Reader 3 (HKLM\...\{E5660852-CBDA-4C17-9475-C0C0E5A4CFB4}) (Version: 3.5.3.14 - Nitro) Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC) PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.) Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation) PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Scansoft PDF Professional (x32 Version: - ) Hidden Secure Download Manager (HKLM-x32\...\{4A5667B2-5D13-46C2-85B5-9D46A6096F61}) (Version: 3.1.0 - Kivuto Solutions Inc.) Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version: - Microsoft) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) SnapGene Viewer (HKLM-x32\...\SnapGene Viewer) (Version: 2.2.2 - GSL Biotech LLC) Soap 3.0 Toolkit (HKLM-x32\...\{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}) (Version: 1.00.0000 - Your Company Name) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Sublime Text 2.0.1 (HKLM\...\Sublime Text 2_is1) (Version: - ) UFile 2013 (HKLM-x32\...\{D3D79DA4-68EA-450F-A916-0E854CA30984}) (Version: 17.20.0000 - Thomson Reuters DT Tax and Accounting Inc.) UFile 2014 (HKLM-x32\...\{BAF69D89-5F75-4872-8389-74157F5E3087}) (Version: 18.20.0000 - Thomson Reuters DT Tax and Accounting Inc.) UFile Updater 2013 (HKLM-x32\...\{B37F0361-9323-44F6-83DD-FCA9390F5712}) (Version: 9.01.0000 - Thomson Reuters DT Tax and Accounting Inc.) UFile Updater 2014 (HKLM-x32\...\{85DEECC9-38D1-4BA9-A8DD-09282CFB97C8}) (Version: 10.12.0010 - Thomson Reuters DT Tax and Accounting Inc.) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{BAEE7A38-3C9E-44DC-9E43-19FC94DD77E2}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BAEE7A38-3C9E-44DC-9E43-19FC94DD77E2}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.VISPROR_{BAEE7A38-3C9E-44DC-9E43-19FC94DD77E2}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BAEE7A38-3C9E-44DC-9E43-19FC94DD77E2}) (Version: - Microsoft) VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) Visual Studio 2012 Update 2 (KB2707250) (HKLM-x32\...\{2fba7dd0-b8eb-4185-aea3-e6910d3f8102}) (Version: 11.0.60315 - Microsoft Corporation) War Thunder Launcher 1.0.1.391 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0035077B-8D23-4323-9870-3743EC67F8B2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation) Task: {1D18682C-E93D-491E-985D-FCE88B8E0377} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-15] (ASUSTeK Computer Inc.) Task: {1F803C90-7CAF-4464-99A8-856B868D2770} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation) Task: {218389DF-FF60-4C54-B981-23B92C6A253F} - \Optimize Start Menu Cache Files-S-1-5-21-2655553466-1105578518-2785777168-1001 -> No File <==== ATTENTION Task: {4EACE5F0-0605-454E-A02D-6CD316D68DE1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation) Task: {53B7752D-104D-44A7-8408-2F444FCD03B8} - System32\Tasks\{23407A36-C08C-4F7D-A451-2980996DFCAD} => pcalua.exe -a "C:\Program Files (x86)\Wondershare\Data Recovery\unins000.exe" Task: {541F4BFA-5FC3-427D-BE5F-CDBECCC1BE6E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation) Task: {5FF59291-34F6-4587-99FB-EB0C3BE51EBF} - \AutoKMS -> No File <==== ATTENTION Task: {611974B2-B9E3-4EA1-8B5D-1BD6A66ADAF8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated) Task: {9C7DD37B-EC3C-4B67-84AD-3A60C93FDD11} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-15] (ASUSTeK Computer Inc.) Task: {A1E665BA-BB29-4B29-BC37-9C0C03FF8BCF} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS) Task: {A277D92B-B542-4C09-8258-8D045780ABD8} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-15] (ASUSTeK Computer Inc.) Task: {B57B38CA-5250-48E8-9E30-20B511F16EAD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-14] (Microsoft Corporation) Task: {BD71BD39-B5C6-49D9-AFE7-1FEEBFED3EB2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {BFF88D35-85A1-462E-B914-89FBCA47AD13} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation) Task: {C5DB4ED3-0562-4A69-B4C9-88165E851ED7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {C81B1F49-2D87-46AD-ADBC-B096EAC6703F} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.) Task: {E6D1450B-63F1-46BD-8D8E-3CAA47227FDC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2013-05-15 21:31 - 2011-02-28 18:37 - 00095008 _____ () C:\WINDOWS\System32\Primomonnt.dll 2014-03-18 23:20 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2016-01-28 17:44 - 2016-01-28 17:44 - 00712432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe 2016-01-28 17:48 - 2016-01-28 17:48 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_system-vc120-mt-1_57.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00057096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_date_time-vc120-mt-1_57.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_filesystem-vc120-mt-1_57.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 11674360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareServiceKernel.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\RCF.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00911616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_regex-vc120-mt-1_57.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00107776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_thread-vc120-mt-1_57.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00035072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_chrono-vc120-mt-1_57.dll 2016-01-28 17:47 - 2016-01-28 17:47 - 00973040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareActivation.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00561920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareApplicationUpdater.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00847600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareGamingMode.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00101096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareReset.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00123104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTime.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01030912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareDefinitionsUpdater.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00905488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareDefinitionsUpdaterScheduler.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01146608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareIgnoreList.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00243440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareQuarantine.dll 2016-01-28 17:47 - 2016-01-28 17:47 - 01594624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiMalwareEngine.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00206080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiRootkitEngine.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01210616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScannerHistory.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01373928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScanner.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00036096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_timer-vc120-mt-1_57.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01019640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScannerScheduler.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01190656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareRealTimeProtection.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 02547448 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareIncompatibles.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01489640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiSpam.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01437424 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiPhishing.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 03263736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareParentalControl.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 03107576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareWebProtection.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01325816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareEmailProtection.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00059656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_iostreams-vc120-mt-1_57.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01878784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareNetworkProtection.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01024744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwarePromo.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00457448 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareFeedback.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 02958592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareThreatWorkAlliance.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01310952 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwarePinCode.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01027304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareNotice.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01563888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAvcEngine.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01222416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareRealTimeProtectionHistory.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00519920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareStatistics.dll 2015-12-21 04:07 - 2005-04-22 00:36 - 00143360 ____R () C:\WINDOWS\system32\BrSNMP64.dll 2016-01-12 19:56 - 2016-01-12 19:56 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2012-11-04 04:10 - 2012-09-23 21:58 - 00078456 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll 2012-11-04 04:10 - 2012-09-23 21:58 - 00386168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll 2013-10-01 13:02 - 2013-10-01 13:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 09581280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe 2016-01-28 17:48 - 2016-01-28 17:48 - 00492288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_locale-vc120-mt-1_57.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 02266344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\HtmlFramework.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00868600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTrayDefaultSkin.dll 2015-12-21 04:06 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2014-05-28 14:08 - 2014-10-31 17:37 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll 2014-05-28 14:08 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll 2012-11-04 04:06 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2013-04-27 11:24 - 2013-04-27 11:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\...\aeriagames.com -> hxxps://aeriagames.com IE trusted site: HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\...\aeriagames.com -> hxxp://aeriagames.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel\Pictures\wallpapers\Kukenan_Tepuy_at_Sunset.jpg DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "AsusVibeLauncher.lnk" HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" HKLM\...\StartupApproved\Run: => "BtTray" HKLM\...\StartupApproved\Run: => "DptfPolicyLpmServiceHelper" HKLM\...\StartupApproved\Run: => "BtvStack" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run32: => "Aeria Ignite" HKLM\...\StartupApproved\Run32: => "ApnTBMon" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\...\StartupApproved\Run: => "swg" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [UDP Query User{62CCF64B-1409-49B8-8F79-24114DE1400A}C:\program files (x86)\steam\warthunder\aces.exe] => (Allow) C:\program files (x86)\steam\warthunder\aces.exe FirewallRules: [TCP Query User{3501B0D7-BF6E-439B-BA8B-835CD329B0A1}C:\program files (x86)\steam\warthunder\aces.exe] => (Allow) C:\program files (x86)\steam\warthunder\aces.exe FirewallRules: [{5BED489F-5FBE-4BBF-9FD2-491DF0148454}] => (Allow) C:\Program Files (x86)\Steam\WarThunder\launcher.exe FirewallRules: [{EC3171F7-1780-4B2C-A728-F1E946D8A20E}] => (Allow) C:\Program Files (x86)\Steam\WarThunder\launcher.exe FirewallRules: [UDP Query User{F9E4D049-E942-41B7-AEA4-8E1982254B24}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe FirewallRules: [TCP Query User{5545AFBF-08E1-4E3C-93EB-CC99224A5FF4}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe FirewallRules: [{865B3444-DB31-4A38-A6E8-B900980B75E0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{E08C24A0-B25B-4FA1-B998-C3E3C94D1AB6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [UDP Query User{8A015FA4-2DF6-469A-BE36-9C2E6827E32D}C:\users\daniel\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\daniel\appdata\roaming\bittorrent\bittorrent.exe FirewallRules: [TCP Query User{6FBA896D-B80B-443C-9CF7-A5D271DBB9B4}C:\users\daniel\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\daniel\appdata\roaming\bittorrent\bittorrent.exe FirewallRules: [{C2D7DAC7-F3F6-4574-B186-1B0FCFBB808A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{AE2CEEF1-110E-4FD6-91CB-11081CE8F905}] => (Allow) C:\Program Files (x86)\Bohemia Interactive\ArmA 2 Free\arma2free.exe FirewallRules: [{54C01D74-D6B2-47CD-87E3-813EDCA3E730}] => (Allow) C:\Program Files (x86)\Bohemia Interactive\ArmA 2 Free\arma2free.exe FirewallRules: [UDP Query User{AC08C2EC-8219-4BA8-B5C8-B715667BA38B}C:\users\daniel\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\daniel\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{4BB1AB72-7919-4BD8-B08D-8F460CA5BC56}C:\users\daniel\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\daniel\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{D1523FB3-8CFB-4254-A0B2-E520DC0C2C07}C:\users\jiajia\documents\sam\masc\atc wait code\atc sim plus wait\atc simulator\bin\debug\atc simulator.exe] => (Allow) C:\users\jiajia\documents\sam\masc\atc wait code\atc sim plus wait\atc simulator\bin\debug\atc simulator.exe FirewallRules: [TCP Query User{3E24F87C-626D-4B48-9478-031257A492B0}C:\users\jiajia\documents\sam\masc\atc wait code\atc sim plus wait\atc simulator\bin\debug\atc simulator.exe] => (Allow) C:\users\jiajia\documents\sam\masc\atc wait code\atc sim plus wait\atc simulator\bin\debug\atc simulator.exe FirewallRules: [UDP Query User{5C8E91E2-7609-4C57-9DFA-7DC78877D476}C:\users\jiajia\documents\sam\masc\atc wait code\atc sim plus wait\wait\clnt\bin\debug\clnt.exe] => (Allow) C:\users\jiajia\documents\sam\masc\atc wait code\atc sim plus wait\wait\clnt\bin\debug\clnt.exe FirewallRules: [TCP Query User{20858CBD-AFEB-4EA8-A8AA-8C3B8F232ED8}C:\users\jiajia\documents\sam\masc\atc wait code\atc sim plus wait\wait\clnt\bin\debug\clnt.exe] => (Allow) C:\users\jiajia\documents\sam\masc\atc wait code\atc sim plus wait\wait\clnt\bin\debug\clnt.exe FirewallRules: [UDP Query User{A38E8FE9-82EC-4C19-BA8B-38F0B939BE72}C:\users\jiajia\documents\sam\masc\atc wait code\atc sim plus wait\wait\srv\bin\debug\srv.exe] => (Allow) C:\users\jiajia\documents\sam\masc\atc wait code\atc sim plus wait\wait\srv\bin\debug\srv.exe FirewallRules: [TCP Query User{58B745B1-673E-4DC6-B1EB-FDD04C7AB586}C:\users\jiajia\documents\sam\masc\atc wait code\atc sim plus wait\wait\srv\bin\debug\srv.exe] => (Allow) C:\users\jiajia\documents\sam\masc\atc wait code\atc sim plus wait\wait\srv\bin\debug\srv.exe FirewallRules: [{9175D493-C3DA-4A1A-80DB-DC5DE90E82F8}] => (Block) C:\users\jiajia\documents\sam\masc\atc codes\atc sim plus wait\wait\clnt\bin\debug\clnt.exe FirewallRules: [{6692A635-A26D-4866-A095-8384777C1A2F}] => (Block) C:\users\jiajia\documents\sam\masc\atc codes\atc sim plus wait\wait\clnt\bin\debug\clnt.exe FirewallRules: [UDP Query User{FD58A2C3-DE94-4D03-8588-277110D8980E}C:\users\jiajia\documents\sam\masc\atc codes\atc sim plus wait\wait\clnt\bin\debug\clnt.exe] => (Allow) C:\users\jiajia\documents\sam\masc\atc codes\atc sim plus wait\wait\clnt\bin\debug\clnt.exe FirewallRules: [TCP Query User{E51D1381-620A-4421-BA59-77C36D74ABD4}C:\users\jiajia\documents\sam\masc\atc codes\atc sim plus wait\wait\clnt\bin\debug\clnt.exe] => (Allow) C:\users\jiajia\documents\sam\masc\atc codes\atc sim plus wait\wait\clnt\bin\debug\clnt.exe FirewallRules: [UDP Query User{4728729F-EA1A-472B-A2D6-A9DC4ACFFEA3}C:\users\jiajia\documents\sam\masc\atc codes\atc sim plus wait\wait\srv\bin\debug\srv.exe] => (Allow) C:\users\jiajia\documents\sam\masc\atc codes\atc sim plus wait\wait\srv\bin\debug\srv.exe FirewallRules: [TCP Query User{EC536A6D-E7A7-40BD-B0AF-6791DD0C9E5E}C:\users\jiajia\documents\sam\masc\atc codes\atc sim plus wait\wait\srv\bin\debug\srv.exe] => (Allow) C:\users\jiajia\documents\sam\masc\atc codes\atc sim plus wait\wait\srv\bin\debug\srv.exe FirewallRules: [{2743587B-1BD4-4A60-AC21-F206F0FA4605}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe FirewallRules: [{EE640268-36BA-476C-9825-3F4DE8F1DC62}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\VSWinExpress.exe FirewallRules: [{BF93B4A8-D0FE-4E86-9F63-A6A569567065}] => (Allow) C:\Users\Jiajia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{6DE0AA44-442A-4983-87D9-61ACF3C8B014}] => (Allow) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe FirewallRules: [{81005458-3009-4CD9-AFFC-DEBFF3A97CD8}] => (Allow) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe FirewallRules: [{EF577291-E8D1-4C0A-9239-E82DAC8A4F8B}] => (Allow) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe FirewallRules: [{154D4D56-68B6-4025-A916-E6EDDD6488CF}] => (Allow) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe FirewallRules: [UDP Query User{7534B6B7-EE08-4101-8D1E-0E62E6641DF6}C:\users\jiajia\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\jiajia\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{CBDDF886-DC1D-4B7B-9053-D3FEB5EB1070}C:\users\jiajia\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\jiajia\appdata\local\akamai\netsession_win.exe FirewallRules: [{5A2A3151-F351-434C-BE1F-869E86353E6F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{BF2B36F8-F31B-4695-B377-31C2B4F082DC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{5CAD93B0-C234-4B29-938D-653D075D6CF5}C:\users\daniel\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\daniel\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{F725F27F-6D47-4C63-9168-0AC719891E49}C:\users\daniel\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\daniel\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{251A1E70-585F-4933-B6AD-09C4A30829E3}C:\program files (x86)\steam\warthunder\aces.exe] => (Allow) C:\program files (x86)\steam\warthunder\aces.exe FirewallRules: [UDP Query User{60E058FB-AC2E-46B5-9325-E75A9ED7B0F2}C:\program files (x86)\steam\warthunder\aces.exe] => (Allow) C:\program files (x86)\steam\warthunder\aces.exe FirewallRules: [TCP Query User{3658DA24-AEA4-41FD-9A99-3D6DDC325BE9}C:\program files (x86)\steam\warthunder\launcher.exe] => (Allow) C:\program files (x86)\steam\warthunder\launcher.exe FirewallRules: [UDP Query User{E8646C83-5FE3-4B7D-A2ED-E7B2A0DF6F7E}C:\program files (x86)\steam\warthunder\launcher.exe] => (Allow) C:\program files (x86)\steam\warthunder\launcher.exe FirewallRules: [TCP Query User{90254CAD-A5ED-46DC-8CA4-6C546FEFA948}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe FirewallRules: [UDP Query User{D52E3417-5BE4-4408-9F74-88A6C046544C}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe FirewallRules: [TCP Query User{EFDE8669-63A6-45D8-AF41-E1B6DBEEC518}C:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe] => (Block) C:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe FirewallRules: [UDP Query User{9DC638C5-1149-451B-BCA3-103B95A7E24C}C:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe] => (Block) C:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe FirewallRules: [{560E28EC-1F00-4E19-9098-F271AE1D8327}] => (Allow) D:\SteamLibrary\SteamApps\common\CSNZ\Bin\cstrike-online.exe FirewallRules: [{C7084AA1-6707-4DB1-945B-26949E9B346B}] => (Allow) D:\SteamLibrary\SteamApps\common\CSNZ\Bin\cstrike-online.exe FirewallRules: [TCP Query User{24D49984-7FE3-4C31-B17A-B1D46F4F6815}C:\program files (x86)\bohemia interactive\arma 2 free\arma2server.exe] => (Block) C:\program files (x86)\bohemia interactive\arma 2 free\arma2server.exe FirewallRules: [UDP Query User{6E5A3741-3CA7-4424-828E-AD5E8D2B31B4}C:\program files (x86)\bohemia interactive\arma 2 free\arma2server.exe] => (Block) C:\program files (x86)\bohemia interactive\arma 2 free\arma2server.exe FirewallRules: [{F168DBE9-8E1B-4AA2-8FE0-3E4F99468649}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{0B905CFA-2540-4FC4-9A03-D5AC949EC1BA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{493ABDC9-35A9-440D-AE43-F0A52ECFA78F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{C50B67DC-BE06-4B45-A311-1C1C4A4F2B49}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [TCP Query User{E40F9602-5899-4EF2-A231-248E2DBEDEF2}C:\program files (x86)\steam\warthunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\warthunder\win64\aces.exe FirewallRules: [UDP Query User{83D338D3-CFF4-4825-ADE5-1DE0893459C9}C:\program files (x86)\steam\warthunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\warthunder\win64\aces.exe FirewallRules: [{E8DD5B14-C37F-4CA0-9142-531812AAB111}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\ShareLink 200.exe FirewallRules: [{FA1EA07A-5184-4ABF-9D9B-84EEC6952923}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\ShareLink 200.exe FirewallRules: [{DD780055-446A-4A65-8D8D-F4093E7A72D1}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\ShareLink 200.exe FirewallRules: [{67868F9B-439C-418C-9FE3-3AEB2CBC0A7B}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\ShareLink 200.exe FirewallRules: [TCP Query User{BA740E16-88C1-4D39-B209-A49A33B04EC1}C:\users\daniel\appdata\local\temp\sharelink200.exe] => (Allow) C:\users\daniel\appdata\local\temp\sharelink200.exe FirewallRules: [UDP Query User{919EF391-A058-4814-B63D-AD288ACEE6D1}C:\users\daniel\appdata\local\temp\sharelink200.exe] => (Allow) C:\users\daniel\appdata\local\temp\sharelink200.exe FirewallRules: [{82FA675F-8E35-46D0-9F20-CE0306B3DBD9}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE FirewallRules: [{574A4F2B-75FF-4B7C-B154-499A0A131CC5}] => (Allow) LPort=54925 FirewallRules: [TCP Query User{0E0DA1BF-54CB-4B1B-BD6D-C126DA5BFB79}C:\program files (x86)\steam\warthunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\warthunder\win64\aces.exe FirewallRules: [UDP Query User{F973104D-19CD-4ABC-8253-2FFA55B4DFE5}C:\program files (x86)\steam\warthunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\warthunder\win64\aces.exe FirewallRules: [{D1D7C887-CDEB-4E02-BE3B-887548202019}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{8DCDD596-82AD-49B1-937B-8E2599D47FDF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{2EDEC860-ADD4-4C77-9930-7DD67A0DBA87}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{C85E26F6-F4BD-4E8D-AC2E-8216EF95ABDF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{FCA70A19-AEF4-4464-94A1-3A7842B96849}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{483F88DA-DFA8-45B9-87AB-81A88E9F0EB0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{F52C3AD3-6A88-45AB-852B-049E4CE097E8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{20581184-5D34-4F78-B845-3E0F235FB623}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{D86B5ED9-8C38-412C-B8AB-5C2940A54CDA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 09-03-2016 00:54:31 Windows Update 12-03-2016 13:07:34 Windows Update 18-03-2016 03:28:21 Checkpoint by HitmanPro ==================== Faulty Device Manager Devices ============= Name: Bluetooth Audio Device Description: Bluetooth Audio Device Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Qualcomm Atheros Communications Service: BTATH_A2DP Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Virtual Bluetooth Support (Include Audio) Description: Virtual Bluetooth Support (Include Audio) Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5} Manufacturer: Qualcomm Atheros Communications Service: AthBTPort Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: HID-compliant touch screen Description: HID-compliant touch screen Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: (Standard system devices) Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Bluetooth LWFLT Device Description: Bluetooth LWFLT Device Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5} Manufacturer: Qualcomm Atheros Communications Service: BTATH_LWFLT Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (03/18/2016 01:16:00 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (03/18/2016 04:30:16 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 161c Start Time: 01d180ef9e70b2fc Termination Time: 11 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: a1c75f48-ece3-11e5-bf97-6c71d908ae1e Faulting package full name: Faulting package-relative application ID: Error: (03/18/2016 03:28:14 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {40ad5110-29a4-4600-95d1-33efa86ac740} System errors: ============= Error: (03/18/2016 07:56:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Search service failed to start due to the following error: %%1069 Error: (03/18/2016 07:56:39 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (03/18/2016 07:56:26 PM) (Source: DCOM) (EventID: 10010) (User: Daniel) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (03/18/2016 07:56:26 PM) (Source: DCOM) (EventID: 10010) (User: Daniel) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (03/18/2016 07:56:26 PM) (Source: DCOM) (EventID: 10010) (User: Daniel) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (03/18/2016 07:56:26 PM) (Source: DCOM) (EventID: 10010) (User: Daniel) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (03/18/2016 07:56:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s). Error: (03/18/2016 07:56:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) ME Service service terminated unexpectedly. It has done this 1 time(s). Error: (03/18/2016 07:56:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The BrYNSvc service terminated unexpectedly. It has done this 1 time(s). Error: (03/18/2016 07:56:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Integrated Clock Controller Service - Intel(R) ICCS service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2016-03-18 17:04:29.296 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-18 14:27:36.308 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-18 14:27:35.964 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-18 14:27:35.543 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-18 14:27:35.089 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-18 14:27:34.699 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-06 00:37:39.322 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-06 00:37:39.134 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-06 00:37:38.947 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-06 00:37:38.744 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz Percentage of memory in use: 23% Total physical RAM: 8077.71 MB Available physical RAM: 6202.48 MB Total Virtual: 9357.71 MB Available Virtual: 7587.88 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:185.87 GB) (Free:56.97 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (Data) (Fixed) (Total:258.44 GB) (Free:217.63 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: CDFAD22C) Partition: GPT. ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
Valinorum Posted March 19, 2016 ID:1026850 Share Posted March 19, 2016 srv is short for service. Step #1 ESET Online Scanner Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information. Download esetsmartinstaller_enu.exe by clicking here. Right-click on the program and choose Run as administrator. Accept their terms and condition and proceed. Install Add-On/Active X if prompted. From the Computer Scan Setting check the following box -- Enable detection for potentially unwanted programs Click on Advanced Setting -- Uncheck the box beside Remove Found Threats; Check the box beside Scan archives Check the box beside Scan for potentially unsafe applications Check the box beside Enable Anti-Stealth Technology Click on Start and wait for the virus signature database to update. The online scan will begin automatically and can take several hours. Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall. After the Scan finishes -- If no threats were found: Put a checkmark in Uninstall application on close. Close the program and report that nothing was found If threats were found: Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit). Copy and Paste contents of the log file in your next reply. Note: Enable your security programs afterwards. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 28, 2016 Root Admin ID:1029343 Share Posted March 28, 2016 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts