Jump to content

Computer redirects to a random site once a week

MadDemon64
 Share

Recommended Posts

MadDemon64

MadDemon64

Posted
Posted

 have this strange problem going on with my computer: once a week my browser, google chrome, redirects to a random page.  Sometimes it's a "your computer has a virus on it" page, and sometimes it's a "install the latest updates to flash that we are downloading for you right now without your permission" page.  It only seems to happen on certain pages (deviantart, tumblr, etc.) and only if I leave that page up on my tab and leave it idle for an amount of time.  I keep using various scans and they all come up empty (except for RogueKiller, but that's apparently a false positive) and I even tried running Malwarebytes in safe mode and nothing came up.  Is there something going on with my computer or do I just have some bad luck when it comes to browsing the web?

Link to post
Share on other sites
  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

kevinf80

kevinf80

Posted
Posted
Hello and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system, continue as follows please:

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.
 
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.


Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…



If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.


Let me see those logs in your reply...

Thank you,

Kevin...
Link to post
Share on other sites
MadDemon64

MadDemon64

Posted
  • Author
Posted

I did everything you asked.  Here are the RKIll, Malwarebytes, and FRST logs:

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/20/2016 08:57:34 AM in x64 mode.
Windows Version: Windows 10 Home 

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity: 

 * No issues found.

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * No issues found.

Program finished at: 05/20/2016 08:59:53 AM
Execution time: 0 hours(s), 2 minute(s), and 18 seconds(s)
_________________________________________________________

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/20/2016
Scan Time: 9:03 AM
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.20.05
Rootkit Database: v2016.05.06.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Aaron

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323541
Time Elapsed: 19 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

_____________________________________

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:19-05-2016
Ran by Aaron (administrator) on AARON (20-05-2016 09:27:52)
Running from C:\Users\Aaron\Desktop
Loaded Profiles: Aaron (Available Profiles: Aaron)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
() C:\Windows\System32\3DPrintService.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\nis.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Repetier-Server\bin\RepetierServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\nacl64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\nacl64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\conathst.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774552 2015-03-16] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322712 2014-10-09] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [406528 2015-01-19] (MSI)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1440768 2014-02-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)
HKU\S-1-5-21-2750566662-3117591305-1405036124-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS)
HKU\S-1-5-21-2750566662-3117591305-1405036124-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-29] (Valve Corporation)
HKU\S-1-5-21-2750566662-3117591305-1405036124-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-2750566662-3117591305-1405036124-1001\...\RunOnce: [Uninstall C:\Users\Aaron\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aaron\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64"
HKU\S-1-5-21-2750566662-3117591305-1405036124-1001\...\MountPoints2: {f0c093ae-4c4c-11e5-8265-c038962f7bd8} - "F:\unlock.exe" autoplay=true
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-05-05]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b74ce27b-bff9-40d5-9332-df81b5118067}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{df1410ec-9fe3-4d4b-ab68-01b60df0377b}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2750566662-3117591305-1405036124-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msi13.msn.com/
HKU\S-1-5-21-2750566662-3117591305-1405036124-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi13.msn.com
SearchScopes: HKU\S-1-5-21-2750566662-3117591305-1405036124-1001 -> DefaultScope {E6B8A308-D570-4BB4-934D-27E12CD09292} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-08-27] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-08-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon [2016-03-17]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Security Toolbar) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-02-25]
CHR Extension: (Norton Identity Safe) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-04-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-01]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-01]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 3DPrintService; C:\Windows\system32\3DPrintService.exe [198736 2015-06-30] ()
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [309376 2014-09-19] (Qualcomm Atheros) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2015-08-27] (BioWare)
S3 GalaxyClientService; D:\GalaxyClient\GalaxyClientService.exe [246328 2016-05-17] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6167096 2016-05-17] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-09] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-26] (Intel Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [451072 2015-10-06] (Rivet Networks) [File not signed]
R2 LMS; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [411936 2015-06-24] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2015-01-19] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\NIS.exe [289080 2016-02-26] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4369680 2016-01-22] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2120712 2016-05-17] (Electronic Arts)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-08-14] ()
R2 RepetierServer; C:\Program Files (x86)\Repetier-Server\bin\RepetierServer.exe [3663456 2015-09-24] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-08-31] (Razer Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [247992 2015-09-08] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [141896 2015-09-30] (Rivet Networks, LLC.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20160513.004\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1606000.08E\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20160519.001\IDSvia64.sys [876248 2016-05-12] (Symantec Corporation)
R3 KillerEth; C:\Windows\System32\drivers\e22w10x64.sys [156744 2015-09-24] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-20] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [183584 2015-06-12] (Intel Corporation)
S3 MS3DPrintUSB; C:\Windows\system32\DRIVERS\MS3DPrintUSB.sys [41040 2015-06-30] ()
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20160519.038\ENG64.SYS [138456 2016-05-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20160519.038\EX64.SYS [2148056 2016-05-16] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2356184 2015-09-22] (Qualcomm Atheros, Inc.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [506584 2015-03-16] (Realsil Semiconductor Corporation)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
S3 SAlphamBth; C:\Windows\System32\drivers\SAlphabt64.sys [31232 2014-05-16] (SteelSeries Corporation) [File not signed]
S3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation)
R3 SAlphaPS2; C:\Windows\System32\drivers\SAlphaPS264.sys [27520 2014-05-16] (SteelSeries Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2015-03-16] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44216 2015-09-08] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1606000.08E\SRTSP64.SYS [928504 2016-02-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1606000.08E\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1606000.08E\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1606000.08E\Ironx64.SYS [295664 2016-02-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1606000.08E\SYMNETS.SYS [577768 2016-02-23] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-05-16] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-20 09:27 - 2016-05-20 09:27 - 00023881 _____ C:\Users\Aaron\Desktop\FRST.txt
2016-05-20 09:26 - 2016-05-20 09:26 - 02382336 _____ (Farbar) C:\Users\Aaron\Desktop\FRST64.exe
2016-05-20 08:53 - 2016-05-20 08:53 - 00000000 ___HD C:\OneDriveTemp
2016-05-20 00:13 - 2016-05-20 00:24 - 00000000 ____D C:\Users\Aaron\Documents\Overlord
2016-05-19 18:48 - 2016-05-19 18:48 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-05-19 17:27 - 2016-05-19 18:48 - 00401530 _____ C:\WINDOWS\ntbtlog.txt
2016-05-19 16:02 - 2016-05-19 16:03 - 00000808 _____ C:\Users\Aaron\Downloads\Stinger_19052016_160206.html
2016-05-19 13:15 - 2016-05-19 15:46 - 00000824 _____ C:\Users\Aaron\Downloads\Stinger_19052016_131501.html
2016-05-19 13:02 - 2016-05-19 13:04 - 00104926 _____ C:\TDSSKiller.3.1.0.9_19.05.2016_13.02.19_log.txt
2016-05-17 12:28 - 2016-05-17 12:28 - 00000221 _____ C:\Users\Aaron\Desktop\The Last Remnant.url
2016-05-17 00:37 - 2016-05-17 00:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Giants - Citizen Kabuto [GOG.com]
2016-05-17 00:23 - 2016-05-17 00:23 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2016-05-16 13:35 - 2016-05-16 12:33 - 00275708 _____ C:\WINDOWS\Minidump\WinsockAFD-20160516-1232.dmp
2016-05-16 12:50 - 2016-05-16 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-05-16 10:39 - 2016-05-19 13:05 - 00000000 ____D C:\AdwCleaner
2016-05-16 10:39 - 2016-05-16 10:39 - 03651136 _____ C:\Users\Aaron\Downloads\adwcleaner_5.117.exe
2016-05-16 10:04 - 2016-05-16 10:14 - 00103166 _____ C:\TDSSKiller.3.1.0.9_16.05.2016_10.04.13_log.txt
2016-05-15 01:27 - 2016-05-15 01:27 - 00536906 _____ C:\Users\Aaron\Downloads\apps.diagcab
2016-05-15 01:27 - 2016-05-15 01:27 - 00000499 _____ C:\Users\Aaron\Downloads\Appsdiagnostic10.diagcab
2016-05-12 16:46 - 2016-05-12 16:47 - 00000808 _____ C:\Users\Aaron\Downloads\Stinger_12052016_164603.html
2016-05-10 20:46 - 2016-05-10 20:47 - 00216506 _____ C:\Users\Aaron\Downloads\AccessChk.zip
2016-05-10 14:28 - 2016-05-19 16:08 - 00000114 ___RH C:\Users\Aaron\Downloads\Stinger.opt
2016-05-10 14:25 - 2016-05-10 14:27 - 00000806 _____ C:\Users\Aaron\Downloads\Stinger_10052016_142518.html
2016-05-10 13:37 - 2016-04-23 01:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-10 13:37 - 2016-04-23 01:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-10 13:37 - 2016-04-23 01:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-10 13:37 - 2016-04-23 01:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-10 13:37 - 2016-04-23 01:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-10 13:37 - 2016-04-23 01:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-10 13:37 - 2016-04-23 00:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-10 13:37 - 2016-04-23 00:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-10 13:37 - 2016-04-23 00:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-10 13:37 - 2016-04-23 00:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-10 13:37 - 2016-04-23 00:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-10 13:37 - 2016-04-23 00:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-10 13:37 - 2016-04-23 00:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-10 13:37 - 2016-04-23 00:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-10 13:37 - 2016-04-23 00:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-10 13:37 - 2016-04-23 00:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-10 13:37 - 2016-04-23 00:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-10 13:37 - 2016-04-23 00:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-10 13:37 - 2016-04-23 00:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-10 13:37 - 2016-04-23 00:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-10 13:37 - 2016-04-23 00:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-10 13:37 - 2016-04-23 00:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-10 13:37 - 2016-04-23 00:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-10 13:37 - 2016-04-23 00:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-10 13:37 - 2016-04-23 00:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-10 13:37 - 2016-04-23 00:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-10 13:37 - 2016-04-23 00:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-10 13:37 - 2016-04-23 00:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-10 13:37 - 2016-04-23 00:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-10 13:37 - 2016-04-23 00:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-10 13:36 - 2016-05-06 00:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-10 13:36 - 2016-05-06 00:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-10 13:36 - 2016-05-06 00:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-10 13:36 - 2016-05-05 23:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-10 13:36 - 2016-05-05 23:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-10 13:36 - 2016-05-05 23:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-10 13:36 - 2016-05-05 23:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-10 13:36 - 2016-05-05 23:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-10 13:36 - 2016-04-30 02:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-10 13:36 - 2016-04-30 02:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-10 13:36 - 2016-04-23 02:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-10 13:36 - 2016-04-23 02:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-10 13:36 - 2016-04-23 02:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-10 13:36 - 2016-04-23 02:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-10 13:36 - 2016-04-23 02:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-10 13:36 - 2016-04-23 02:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-10 13:36 - 2016-04-23 02:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-10 13:36 - 2016-04-23 02:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-10 13:36 - 2016-04-23 01:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-10 13:36 - 2016-04-23 01:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-10 13:36 - 2016-04-23 01:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-10 13:36 - 2016-04-23 01:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-10 13:36 - 2016-04-23 01:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-10 13:36 - 2016-04-23 01:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-10 13:36 - 2016-04-23 01:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-10 13:36 - 2016-04-23 01:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-10 13:36 - 2016-04-23 01:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-10 13:36 - 2016-04-23 01:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-10 13:36 - 2016-04-23 01:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-10 13:36 - 2016-04-23 01:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-10 13:36 - 2016-04-23 01:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-10 13:36 - 2016-04-23 01:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-10 13:36 - 2016-04-23 01:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-10 13:36 - 2016-04-23 01:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-10 13:36 - 2016-04-23 01:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-10 13:36 - 2016-04-23 01:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-10 13:36 - 2016-04-23 01:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-10 13:36 - 2016-04-23 01:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-10 13:36 - 2016-04-23 01:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-10 13:36 - 2016-04-23 01:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-10 13:36 - 2016-04-23 01:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-10 13:36 - 2016-04-23 01:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-10 13:36 - 2016-04-23 01:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-10 13:36 - 2016-04-23 01:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-10 13:36 - 2016-04-23 01:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-10 13:36 - 2016-04-23 01:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-10 13:36 - 2016-04-23 01:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-10 13:36 - 2016-04-23 01:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-10 13:36 - 2016-04-23 01:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-10 13:36 - 2016-04-23 01:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-10 13:36 - 2016-04-23 01:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-10 13:36 - 2016-04-23 01:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-10 13:36 - 2016-04-23 01:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-10 13:36 - 2016-04-23 01:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-10 13:36 - 2016-04-23 01:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-10 13:36 - 2016-04-23 01:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-10 13:36 - 2016-04-23 01:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-10 13:36 - 2016-04-23 01:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-10 13:36 - 2016-04-23 01:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-10 13:36 - 2016-04-23 01:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-10 13:36 - 2016-04-23 01:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-10 13:36 - 2016-04-23 01:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-10 13:36 - 2016-04-23 01:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-10 13:36 - 2016-04-23 01:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-10 13:36 - 2016-04-23 01:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-10 13:36 - 2016-04-23 01:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-10 13:36 - 2016-04-23 01:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-10 13:36 - 2016-04-23 01:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-10 13:36 - 2016-04-23 01:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-10 13:36 - 2016-04-23 01:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-10 13:36 - 2016-04-23 01:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-10 13:36 - 2016-04-23 01:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-10 13:36 - 2016-04-23 01:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-10 13:36 - 2016-04-23 01:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-10 13:36 - 2016-04-23 00:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-10 13:36 - 2016-04-23 00:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-10 13:36 - 2016-04-23 00:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-10 13:36 - 2016-04-23 00:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-10 13:36 - 2016-04-23 00:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-10 13:36 - 2016-04-23 00:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-10 13:36 - 2016-04-23 00:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-10 13:36 - 2016-04-23 00:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-10 13:36 - 2016-04-23 00:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-10 13:36 - 2016-04-23 00:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-10 13:36 - 2016-04-23 00:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-10 13:36 - 2016-04-23 00:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-10 13:36 - 2016-04-23 00:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-10 13:36 - 2016-04-23 00:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-10 13:36 - 2016-04-23 00:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-10 13:36 - 2016-04-23 00:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-10 13:36 - 2016-04-23 00:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-10 13:36 - 2016-04-23 00:30 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-05-10 13:36 - 2016-04-23 00:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-10 13:36 - 2016-04-23 00:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-10 13:36 - 2016-04-23 00:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-10 13:36 - 2016-04-23 00:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-10 13:36 - 2016-04-23 00:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-10 13:36 - 2016-04-23 00:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-10 13:36 - 2016-04-23 00:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-10 13:36 - 2016-04-23 00:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-10 13:36 - 2016-04-23 00:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-10 13:36 - 2016-04-23 00:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-10 13:36 - 2016-04-23 00:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-10 13:36 - 2016-04-23 00:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-10 13:36 - 2016-04-23 00:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-10 13:36 - 2016-04-23 00:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-10 13:36 - 2016-04-23 00:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-10 13:36 - 2016-04-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-10 13:36 - 2016-04-23 00:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-10 13:36 - 2016-04-23 00:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-10 13:36 - 2016-04-23 00:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-10 13:36 - 2016-04-23 00:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-10 13:36 - 2016-04-23 00:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-10 13:36 - 2016-04-23 00:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-10 13:36 - 2016-04-23 00:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-10 13:36 - 2016-04-23 00:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-10 13:36 - 2016-04-23 00:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-10 13:36 - 2016-04-23 00:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-10 13:36 - 2016-04-23 00:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-10 13:36 - 2016-04-23 00:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-10 13:36 - 2016-04-23 00:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-10 13:36 - 2016-04-23 00:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-10 13:36 - 2016-04-23 00:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-10 13:36 - 2016-04-23 00:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-10 13:36 - 2016-04-23 00:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-10 13:36 - 2016-04-23 00:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-10 13:36 - 2016-04-23 00:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-10 13:36 - 2016-04-23 00:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-10 13:36 - 2016-04-23 00:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-10 13:36 - 2016-04-23 00:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-10 13:36 - 2016-04-23 00:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-10 13:36 - 2016-04-23 00:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-10 13:36 - 2016-04-23 00:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-10 13:36 - 2016-04-23 00:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-10 13:36 - 2016-04-23 00:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-10 13:36 - 2016-04-23 00:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-10 13:36 - 2016-04-23 00:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-10 13:36 - 2016-04-23 00:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-10 13:36 - 2016-04-23 00:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-10 13:36 - 2016-04-23 00:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-10 13:36 - 2016-04-23 00:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-10 13:36 - 2016-04-23 00:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-10 13:36 - 2016-04-23 00:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-10 13:36 - 2016-04-23 00:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-10 13:36 - 2016-04-23 00:18 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-05-10 13:36 - 2016-04-23 00:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-10 13:36 - 2016-04-23 00:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-10 13:36 - 2016-04-23 00:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-10 13:36 - 2016-04-23 00:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-10 13:36 - 2016-04-23 00:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-10 13:36 - 2016-04-23 00:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-10 13:36 - 2016-04-23 00:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-10 13:36 - 2016-04-23 00:18 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-05-10 13:36 - 2016-04-23 00:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-10 13:36 - 2016-04-23 00:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-10 13:36 - 2016-04-23 00:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-10 13:36 - 2016-04-23 00:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-10 13:36 - 2016-04-23 00:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-10 13:36 - 2016-04-23 00:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-10 13:36 - 2016-04-23 00:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-10 13:36 - 2016-04-23 00:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-10 13:36 - 2016-04-23 00:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-10 13:36 - 2016-04-23 00:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-10 13:36 - 2016-04-23 00:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-10 13:36 - 2016-04-23 00:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-10 13:36 - 2016-04-23 00:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-10 13:36 - 2016-04-23 00:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-10 13:36 - 2016-04-23 00:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-10 13:36 - 2016-04-23 00:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-10 13:36 - 2016-04-23 00:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-10 13:36 - 2016-04-23 00:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-10 13:36 - 2016-04-23 00:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-10 13:36 - 2016-04-23 00:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-10 13:36 - 2016-04-23 00:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-10 13:36 - 2016-04-23 00:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-10 13:36 - 2016-04-23 00:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-10 13:36 - 2016-04-23 00:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-10 13:36 - 2016-04-23 00:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-10 13:36 - 2016-04-23 00:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-10 13:36 - 2016-04-23 00:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-10 13:36 - 2016-04-23 00:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-10 13:36 - 2016-04-23 00:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-10 13:36 - 2016-04-23 00:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-10 13:36 - 2016-04-23 00:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-10 13:36 - 2016-04-23 00:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-10 13:36 - 2016-04-23 00:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-10 13:36 - 2016-04-23 00:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-10 13:36 - 2016-04-23 00:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-10 13:36 - 2016-04-23 00:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-10 13:36 - 2016-04-23 00:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-10 13:36 - 2016-04-23 00:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-10 13:36 - 2016-04-23 00:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-10 13:36 - 2016-04-23 00:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-10 13:36 - 2016-04-23 00:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-10 13:36 - 2016-04-23 00:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-10 13:36 - 2016-04-23 00:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-10 13:36 - 2016-04-23 00:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-10 13:36 - 2016-04-23 00:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-10 13:36 - 2016-04-23 00:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-10 13:36 - 2016-04-23 00:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-10 13:36 - 2016-04-23 00:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-10 13:36 - 2016-04-22 23:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-10 13:36 - 2016-04-22 22:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-10 13:36 - 2016-04-22 22:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-10 13:36 - 2016-04-18 18:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-07 20:25 - 2016-05-07 20:25 - 01274552 _____ (Microsoft Corporation) C:\Users\Aaron\Downloads\NetFxRepairTool.exe
2016-05-07 13:21 - 2016-05-06 16:48 - 00262144 _____ C:\WINDOWS\Minidump\USBXHCI-20160506-1648.dmp
2016-05-07 13:21 - 2016-05-02 18:05 - 00262144 _____ C:\WINDOWS\Minidump\USBXHCI-20160502-1805.dmp
2016-05-07 13:20 - 2016-04-14 18:24 - 00262144 _____ C:\WINDOWS\Minidump\USBHUB3-20160414-1824.dmp
2016-05-05 23:02 - 2016-05-05 23:02 - 00000000 ____D C:\Quarantine
2016-05-05 22:50 - 2016-05-05 22:59 - 15893872 _____ (McAfee Inc) C:\Users\Aaron\Downloads\stinger32.exe
2016-05-05 18:48 - 2016-05-05 18:50 - 215305229 _____ C:\Users\Aaron\Downloads\Killer_network_w10.zip
2016-05-05 18:33 - 2016-05-06 11:36 - 00000000 ____D C:\ProgramData\Killer
2016-05-05 18:33 - 2016-05-05 18:33 - 00002801 _____ C:\Users\Public\Desktop\Killer Network Manager.lnk
2016-05-05 18:33 - 2016-05-05 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killer Networking
2016-05-05 18:33 - 2016-05-05 18:33 - 00000000 ____D C:\Program Files\Killer Networking
2016-05-05 18:32 - 2016-05-05 18:32 - 00000000 _____ C:\Users\Aaron\AppData\Local\Driver_LOM_8161Present.flag
2016-05-05 18:32 - 2016-05-05 18:32 - 00000000 _____ C:\Users\Aaron\AppData\Local\Driver_11ACPresent.flag
2016-05-05 18:06 - 2016-05-05 18:06 - 00000000 ____D C:\Users\Aaron\AppData\LocalLow\Intel
2016-05-05 18:05 - 2016-05-05 18:05 - 00000000 ____D C:\Users\Aaron\Intel
2016-05-05 17:43 - 2016-04-14 01:38 - 00113216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-05-05 17:43 - 2016-04-14 01:38 - 00102976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-05-05 16:30 - 2016-05-05 16:33 - 276701190 _____ C:\Users\Aaron\Downloads\LAN_KillerSuite_1.1.56.1122_Win7_Win81_Win10-MSI_9.0.0.31(1.1.56.1122 Package)_0x0559069e.zip
2016-05-05 16:30 - 2016-05-05 16:30 - 02813074 _____ C:\Users\Aaron\Downloads\Chipset_10.1.1.8_Public_10.1.1.8.zip
2016-05-05 16:29 - 2016-05-05 16:30 - 63649645 _____ C:\Users\Aaron\Downloads\ME_SW_MSI_11.0.0.1146.zip
2016-04-24 16:52 - 2016-04-24 16:52 - 10729448 _____ C:\Users\Aaron\Downloads\CHOP Data Exercise.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-20 09:27 - 2015-12-02 10:00 - 00000000 ____D C:\FRST
2016-05-20 09:16 - 2015-08-26 22:15 - 00000001 _____ C:\Users\Public\Documents\dgc.txt
2016-05-20 09:03 - 2015-08-26 21:51 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-20 09:01 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-20 09:01 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-20 08:56 - 2015-08-26 20:02 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{80D671B9-3A0B-46C3-96F6-649FD38B6EFE}
2016-05-20 08:55 - 2015-11-13 10:23 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-20 08:53 - 2016-03-11 18:50 - 00000000 ____D C:\Users\Aaron
2016-05-20 08:53 - 2015-08-26 20:37 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-20 08:53 - 2015-08-26 19:55 - 00000000 __RDO C:\Users\Aaron\OneDrive
2016-05-19 23:58 - 2015-08-31 12:53 - 00000000 ____D C:\Users\Aaron\AppData\Local\NPE
2016-05-19 23:47 - 2015-08-26 21:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-19 23:46 - 2015-11-13 10:23 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-19 20:37 - 2016-03-17 11:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2016-05-19 19:03 - 2014-11-04 20:49 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-05-19 19:01 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-05-19 19:00 - 2016-03-11 19:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-19 19:00 - 2016-03-11 18:47 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-19 18:58 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-19 17:28 - 2015-08-31 12:55 - 00000000 ____D C:\NPE
2016-05-19 16:33 - 2016-02-29 12:52 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-05-19 16:33 - 2016-02-29 12:51 - 00000000 ____D C:\Users\Aaron\Desktop\mbar
2016-05-19 16:08 - 2015-08-26 21:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-05-18 22:34 - 2015-08-26 19:49 - 00000000 ____D C:\Users\Aaron\AppData\Local\Packages
2016-05-18 22:19 - 2016-03-11 19:01 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-18 22:19 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-18 16:18 - 2016-02-03 19:03 - 00000000 ____D C:\Users\Aaron\AppData\Local\ElevatedDiagnostics
2016-05-17 12:08 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-17 10:36 - 2015-08-29 12:46 - 00000000 ____D C:\Users\Aaron\AppData\Local\CrashDumps
2016-05-17 00:34 - 2015-08-26 21:44 - 00000000 ____D C:\ProgramData\Origin
2016-05-17 00:33 - 2015-08-26 21:43 - 00000000 ____D C:\Program Files (x86)\Origin
2016-05-17 00:23 - 2015-08-27 14:41 - 00000000 ____D C:\Users\Aaron\Documents\my games
2016-05-16 16:58 - 2015-08-27 01:34 - 00000000 ____D C:\Users\Aaron\Documents\Cover Letters, Transcripts, and Writing Samples
2016-05-16 13:35 - 2016-04-10 11:26 - 00000000 ____D C:\WINDOWS\Minidump
2016-05-16 13:34 - 2016-04-11 10:04 - 00000000 ____D C:\Program Files\WhoCrashed
2016-05-16 12:33 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-05-16 10:26 - 2016-03-05 17:57 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-05-14 14:15 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-12 19:46 - 2015-11-13 10:24 - 00002282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-12 19:46 - 2015-11-13 10:24 - 00002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-12 17:00 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-12 16:36 - 2016-04-01 14:15 - 11438608 _____ (SurfRight B.V.) C:\Users\Aaron\Downloads\HitmanPro_x64.exe
2016-05-11 15:57 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 15:57 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-10 16:41 - 2015-11-13 10:23 - 00003976 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 16:41 - 2015-11-13 10:23 - 00003744 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 15:17 - 2015-08-26 19:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-10 15:12 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-10 15:12 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-10 15:12 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-10 15:12 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-10 15:12 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-10 15:11 - 2015-10-30 03:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-10 13:45 - 2015-08-28 10:18 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-10 13:37 - 2015-08-28 10:18 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-05 18:33 - 2015-03-17 15:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-05-05 18:06 - 2015-03-17 15:05 - 00000000 ____D C:\ProgramData\Intel
2016-05-05 18:06 - 2015-03-17 15:05 - 00000000 ____D C:\Program Files (x86)\Intel
2016-05-05 17:44 - 2015-08-26 19:49 - 00000000 ____D C:\Users\Aaron\AppData\Local\NVIDIA
2016-05-05 17:32 - 2015-03-17 15:09 - 00000000 ____D C:\ProgramData\Downloaded Installations
2016-05-05 17:27 - 2015-03-17 15:04 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-05 17:26 - 2015-03-17 15:05 - 00000000 ____D C:\Program Files\Intel
2016-05-04 18:10 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\registration
2016-05-04 09:38 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-04 09:37 - 2015-08-26 21:47 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-02 01:39 - 2015-03-17 15:08 - 01377800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-05-02 01:39 - 2015-03-17 15:08 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-05-02 01:38 - 2015-11-24 23:17 - 00112032 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-05-02 01:38 - 2015-03-17 15:08 - 01767944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-05-02 01:38 - 2015-03-17 15:08 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-04-27 23:51 - 2015-03-17 15:17 - 00000000 ____D C:\Program Files (x86)\SCM
2016-04-25 22:34 - 2016-03-11 19:19 - 00002414 _____ C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== Files in the root of some directories =======

2016-05-05 18:32 - 2016-05-05 18:32 - 0000000 _____ () C:\Users\Aaron\AppData\Local\Driver_11ACPresent.flag
2016-05-05 18:32 - 2016-05-05 18:32 - 0000000 _____ () C:\Users\Aaron\AppData\Local\Driver_LOM_8161Present.flag
2015-12-30 02:28 - 2016-03-10 14:31 - 0007611 _____ () C:\Users\Aaron\AppData\Local\Resmon.ResmonCfg
2016-04-15 13:45 - 2016-04-15 13:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-19 17:46

==================== End of FRST.txt ============================

_________________________________________________________________

Additional scan result of Farbar Recovery Scan Tool (x64) Version:19-05-2016
Ran by Aaron (2016-05-20 09:28:35)
Running from C:\Users\Aaron\Desktop
Windows 10 Home Version 1511 (X64) (2016-03-11 23:12:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Aaron (S-1-5-21-2750566662-3117591305-1405036124-1001 - Administrator - Enabled) => C:\Users\Aaron
Administrator (S-1-5-21-2750566662-3117591305-1405036124-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2750566662-3117591305-1405036124-503 - Limited - Disabled)
Guest (S-1-5-21-2750566662-3117591305-1405036124-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2750566662-3117591305-1405036124-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.10 beta (x64) (HKLM\...\7-Zip) (Version: 15.10 - Igor Pavlov)
Angry Video Game Nerd Adventures (HKLM\...\Steam App 237740) (Version:  - FreakZone Games)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.23.0 - Asmedia Technology)
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1405.0701 - Micro-Star International Co., Ltd.)
Binary Domain (HKLM-x32\...\Steam App 203750) (Version:  - Devil's Details)
Bionic Commando Rearmed (HKLM-x32\...\Steam App 21680) (Version:  - Capcom)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.237 - NC Interactive, LLC) Hidden
Blade & Soul Closed Beta Test (HKLM-x32\...\{F7DBB870-787A-4B0E-A314-C931522A5859}) (Version: 4.0.0.6 - NC Interactive, LLC)
Blood Omen 2: Legacy of Kain (HKLM-x32\...\Steam App 242960) (Version:  - )
Boot Configure (HKLM-x32\...\{5563D674-6B02-43F4-B9D0-C2A944E84F3C}) (Version: 20.014.12127 - Micro-Star International Co., Ltd.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1412.2301 - )
Clive Barker's Undying (HKLM-x32\...\{631A0B87-B0B7-4B47-00A2-119A4B942EB6}) (Version:  - )
Clive Barker's Undying (HKLM-x32\...\1207659191_is1) (Version: 2.1.0.9 - GOG.com)
Contrast (HKLM\...\Steam App 224460) (Version:  - Compulsion Games)
Cura 15.04 (HKLM-x32\...\Cura_15.04) (Version:  - )
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5509.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DOOM 3 (HKLM-x32\...\Steam App 9050) (Version:  - id Software)
DOOM 3: Resurrection of Evil (HKLM-x32\...\Steam App 9070) (Version:  - id Software)
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
Dragon Age™ II (HKLM-x32\...\{E1EB9F56-AFE2-4204-B28F-AD8DA793B9F4}) (Version: 1.04.8524.0 - Electronic Arts)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.12 - Electronic Arts)
Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1501.1201 - Micro-Star International Co., Ltd.)
Dragon Gaming Center (x32 Version: 1.0.1501.1201 - Micro-Star International Co., Ltd.) Hidden
Epic Games Launcher (HKLM-x32\...\{4620A9CA-A0D7-4F15-BA89-4545B5372345}) (Version: 1.1.60.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
F.E.A.R. (HKLM-x32\...\Steam App 21090) (Version:  - Monolith Productions, Inc.)
F.E.A.R.: Extraction Point (HKLM-x32\...\Steam App 21110) (Version:  - Monolith )
F.E.A.R.: Perseus Mandate (HKLM-x32\...\Steam App 21120) (Version:  - Monolith )
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Giants - Citizen Kabuto (HKLM-x32\...\1207658650_is1) (Version: 2.1.0.4 - GOG.com)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Gun Metal (HKLM-x32\...\Steam App 267920) (Version:  - Rage Software)
Hell Yeah! (HKLM\...\Steam App 205230) (Version:  - Arkedo)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4029 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Jade Empire (HKLM-x32\...\1207659237_is1) (Version: 2.1.0.8 - GOG.com)
KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: 1.1.0.0 - ENE TECHNOLOGY INC.)
Killer Bandwidth Control Filter Driver (Version: 1.1.56.1122 - Rivet Networks) Hidden
Killer E220x Drivers (Version: 1.1.56.1122 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.56.1122 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.56.1122 - Rivet Networks)
Killer Wireless-AC Drivers (Version: 1.1.56.1122 - Rivet Networks) Hidden
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Legacy of Kain: Defiance (HKLM-x32\...\Steam App 224300) (Version:  - Crystal Dynamics)
Legacy of Kain: Soul Reaver (HKLM-x32\...\Steam App 224920) (Version:  - Crystal Dynamics)
Legacy of Kain: Soul Reaver 2 (HKLM-x32\...\Steam App 224940) (Version:  - Crystal Dynamics)
Lost Planet 3 (HKLM-x32\...\Steam App 226720) (Version:  - Spark Unlimited)
MAGIX MX Suite (HKLM-x32\...\MAGIX_{43136332-880B-458A-966C-900C18752B66}) (Version: 1.13.0.121 - MAGIX AG)
MAGIX MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
METAL GEAR RISING: REVENGEANCE (HKLM-x32\...\Steam App 235460) (Version:  - PlatinumGames)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4815.1002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD)
MSI Remind Manager (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1412.1801 - Micro-Star International Co., Ltd.)
MSI Remind Manager (x32 Version: 1.0.1412.1801 - Micro-Star International Co., Ltd.) Hidden
MSI Social Media Collection (HKLM-x32\...\{7ADEC426-BE95-48EF-84D4-086BD0F4D331}) (Version: 1.14.2251 - Micro-Star International Co., Ltd.)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.6.0.142 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{652C1CDF-C61D-4525-9348-8C272CC2DB24}) (Version: 2.10.3.20 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
NVIDIA 3D Vision Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 359.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 359.00 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Oddworld - Stranger's Wrath HD (HKLM-x32\...\1207658950_is1) (Version: 2.1.0.12 - GOG.com)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Omikron - The Nomad Soul (HKLM-x32\...\Steam App 243000) (Version:  - Quantic Dream)
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Overlord (HKLM-x32\...\Steam App 11450) (Version:  - Triumph Studios)
Overlord II (HKLM-x32\...\Steam App 12810) (Version:  - Triumph Studios)
Overlord: Raising Hell (HKLM-x32\...\Steam App 12710) (Version:  - Triumph Studios)
Qualcomm Atheros 61x4 Bluetooth Suite (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 3.0.0.400 - Qualcomm Atheros)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 6.2.12.0 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21258 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7399 - Realtek Semiconductor Corp.)
Remember Me (HKLM-x32\...\Steam App 228300) (Version:  - DONTNOD Entertainment)
Repetier-Host version 1.6.0 (HKLM\...\{1143F758-929B-4EEB-8784-46CCB622F037}_is1) (Version: 1.6.0 - repetier)
Repetier-Server (HKLM-x32\...\Repetier-Server) (Version: 0.65.0 - Hot-World GmbH & Co. KG)
Resident Evil Revelations / Biohazard Revelations (HKLM-x32\...\Steam App 222480) (Version:  - Capcom)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
SCM (HKLM\...\{2EE59362-016C-46A1-9760-1D4C9535D8F1}) (Version: 13.015.01199 - Application)
Shantae: Risky's Revenge - Director's Cut (HKLM-x32\...\Steam App 277890) (Version:  - WayForward)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Sizing Options (HKLM-x32\...\InstallShield_{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}) (Version: 2.0.1412.1501 - Application)
Sizing Options (x32 Version: 2.0.1412.1501 - Application) Hidden
Sound Blaster Cinema 2 (HKLM-x32\...\{B4F6F8CC-2C61-42CC-A4CC-76621F25BDC7}) (Version: 1.00.06 - Creative Technology Limited)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)
Star Wars Republic Commando (HKLM-x32\...\Steam App 6000) (Version:  - LucasArts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.450.22786 - SteelSeries)
SUPER CHARGER (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.024 - MSI)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.22.0 - Synaptics Incorporated)
System Requirements Lab Detection (HKLM-x32\...\{92DFED1B-0A57-41A4-8D75-60FE7957153C}) (Version: 6.1.6.0 - Husdawg, LLC)
The Chronicles of Riddick - Assault on Dark Athena (HKLM-x32\...\1207659070_is1) (Version: 2.1.0.14 - GOG.com)
The Last Remnant (HKLM\...\Steam App 23310) (Version:  - SQUARE ENIX)
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\1207658930_is1) (Version: 3.5.0.26 - GOG.com)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.12.1.0 - GOG.com)
The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.12.1.0 - GOG.com)
The Witcher 3: Wild Hunt - Hearts of Stone (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.12.1.0 - GOG.com)
The Witcher Adventure Game (HKLM-x32\...\1207666883_is1) (Version: 2.4.0.23 - GOG.com)
The Witcher Enhanced Edition Director's Cut (HKLM-x32\...\1207658924_is1) (Version: 2.1.0.15 - GOG.com)
Tomb Raider: Underworld (HKLM-x32\...\Steam App 8140) (Version:  - Crystal Dynamics)
TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
WhoCrashed 5.51 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
Windows Driver Package - Arduino LLC (www.arduino.cc) Arduino USB Driver (01/04/2013 1.0.0.0) (HKLM\...\1E3EA5624DD04BEFECF3FFF6D3A21CCE9CD70A91) (Version: 01/04/2013 1.0.0.0 - Arduino LLC (www.arduino.cc))
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
Wolfenstein: The New Order (HKLM-x32\...\Steam App 201810) (Version:  - Machine Games)
X-Blades (HKLM-x32\...\Steam App 7510) (Version:  - Topware Interactive)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
XSplit Gamecaster (HKLM-x32\...\{9F9A13D5-D72F-4531-AEE9-F5EAFFD9B902}) (Version: 1.9.1409.0112 - SplitmediaLabs)
フォト ギャラリー (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
معرض الصور (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
사진 갤러리 (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
影像中心 (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2750566662-3117591305-1405036124-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Aaron\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0047A4BC-F938-4234-AB07-61232D86788F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {011B8EC0-9842-477E-85F1-97BD5591A0CE} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {036A8B18-98AE-4A95-A744-4581F1DC2EF6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-13] (Google Inc.)
Task: {23C050CC-47A9-4BDF-92EA-17B5F1ED5E4D} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe [2014-01-23] (TODO: <公司名稱>)
Task: {33FE32A2-132F-4F36-9607-F843F86AD42E} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2750566662-3117591305-1405036124-1001
Task: {3664A96F-5D2E-429B-BFF3-76FF4DAF9284} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {5641D586-BDC0-4E9D-A587-88D66EA558EF} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation)
Task: {56FF9324-C12D-4910-9035-9A345D9FE075} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-09-08] (Synaptics Incorporated)
Task: {59A447B8-1407-40A7-8B79-CC6AE7DC0F3A} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {60467E55-FA05-4BE3-B844-FEC7523528A9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7D80A6E5-151E-44BD-A2B7-5FAC220F517B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-05-10] (Microsoft Corporation)
Task: {84BCAF8B-7123-4505-BA21-B5F38C504F7F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {87DA60BE-D319-4DD6-A697-B7EA04DDA6E9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A3860223-D005-4187-9FA7-9C205526B022} - System32\Tasks\Norton Internet Security\Norton Autofix => C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {A7EE1646-FADD-4BCA-BE77-69B0D5052591} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B1FFC939-212F-4FBD-9C60-435AA4A7B925} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {B7A8226A-1D5A-4BD1-ABF0-AA3C8BB43F10} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BB9DB22C-9A1D-4FE7-898F-15B9D3E4AC93} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {C0176070-0BAE-4C5B-87FA-3FF580C20FA3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-26] (Intel Corporation)
Task: {C273F73A-50CF-4CE6-9B17-A569FDE1F822} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C8C58AEC-A369-4FBC-8722-12CADC863E39} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-26] (Intel Corporation)
Task: {C8EE38A1-1EA3-448A-B78C-F66212ED3888} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D1FFDE57-4985-42BA-888C-6E6268BF03E6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D2720C72-D0CA-4661-975C-3BFBA48993E8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {D417CE42-8345-445C-BAB1-A4E87D19BD99} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DA0192D1-6731-406E-9CBD-155737167E68} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F0FFDF9D-D7E4-420A-8215-03D6C998F4B6} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2016-02-26] (Symantec Corporation)
Task: {F306AE0C-0178-4658-B7DE-E7743079EA16} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-13] (Google Inc.)
Task: {FA55F5B6-2A14-4F53-B782-4DDEB53BC571} - System32\Tasks\MSI_Reminder => C:\Program Files (x86)\MSI\MSI Remind Manager\MSI Reminder.exe [2014-12-17] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-06-30 19:05 - 2015-06-30 19:05 - 00289864 _____ () C:\WINDOWS\System32\3dmon.dll
2015-06-30 19:05 - 2015-06-30 19:05 - 00198736 _____ () C:\Windows\system32\3DPrintService.exe
2015-08-14 18:33 - 2015-08-14 18:33 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-08-26 21:47 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-12-22 13:15 - 2016-05-02 01:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-02-21 12:34 - 2016-05-02 01:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-04-03 19:51 - 2016-05-02 01:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-02-21 12:34 - 2016-05-02 01:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-09-24 13:48 - 2015-09-24 13:48 - 03663456 _____ () C:\Program Files (x86)\Repetier-Server\bin\RepetierServer.exe
2016-04-03 19:51 - 2016-05-02 01:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-03 19:51 - 2016-05-02 01:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-04-03 19:51 - 2016-05-02 01:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-16 16:24 - 2016-05-02 01:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-11 18:47 - 2016-03-21 22:37 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-15 16:21 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-15 16:21 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-25 22:34 - 2016-04-25 22:34 - 00959176 _____ () C:\Users\Aaron\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-10-27 10:02 - 2015-09-01 12:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-03-11 21:38 - 2016-03-11 21:38 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 13:36 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-10 13:36 - 2016-04-23 00:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-10 13:36 - 2016-04-22 23:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-10 13:36 - 2016-04-22 23:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-10 13:36 - 2016-04-23 00:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-03-17 15:23 - 2014-02-21 14:21 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2015-03-17 15:23 - 2014-02-21 14:19 - 00366080 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-06-26 14:39 - 2014-06-26 14:39 - 00504832 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 09315328 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00015872 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00115200 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll
2014-05-16 11:57 - 2014-05-16 11:57 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00034304 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll
2014-05-16 11:57 - 2014-05-16 11:57 - 01102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00189440 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00031744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00159744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00020992 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00029696 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00023040 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll
2016-04-03 19:51 - 2016-05-02 01:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-03 19:51 - 2016-05-02 01:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2014-01-22 13:44 - 2014-01-22 13:44 - 00075912 _____ () C:\Program Files (x86)\MSI\Dragon Gaming Center\WinIo64.dll
2016-04-19 09:07 - 2016-04-19 09:07 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-06-24 01:07 - 2015-06-24 01:07 - 01243936 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-08-26 20:23 - 2016-05-02 02:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-08-26 20:39 - 2016-04-29 16:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-08-26 20:39 - 2015-07-03 12:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-08-26 20:39 - 2016-04-29 20:10 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll
2015-08-26 20:39 - 2015-07-03 12:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-08-26 20:39 - 2015-07-03 12:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-08-26 20:39 - 2016-02-08 19:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-08-26 20:39 - 2016-02-08 19:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-08-26 20:39 - 2016-02-08 19:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-08-26 20:39 - 2016-02-08 19:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-08-26 20:39 - 2016-02-08 19:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-08-26 20:39 - 2016-04-29 20:10 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 01:33 - 2016-02-17 18:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-04-25 22:34 - 2016-04-25 22:34 - 00679624 _____ () C:\Users\Aaron\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2016-02-23 10:37 - 2016-02-23 10:37 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2016-05-12 19:46 - 2016-05-11 07:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-12 19:46 - 2016-05-11 07:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
2015-08-26 20:39 - 2016-04-27 21:00 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-05-12 19:46 - 2016-05-11 07:48 - 17565848 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll
2016-04-19 09:07 - 2016-04-19 09:07 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 09:07 - 2016-04-19 09:08 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2750566662-3117591305-1405036124-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Aaron\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\backgrounddefault.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7FAF8BFA-5DB6-44A6-A538-FE56A957ACB9}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age II\bin_ship\DragonAge2.exe
FirewallRules: [{9F58D7FA-B18D-4B88-87E3-0D08CBC2E4E8}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age II\bin_ship\DragonAge2.exe
FirewallRules: [{5582744C-7577-42E4-B09B-D36C5DC0E435}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gun Metal\Gunmetal.exe
FirewallRules: [{A96949C8-ABD9-49C0-B8D0-2A481DA81E1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gun Metal\Gunmetal.exe
FirewallRules: [{658442F2-4BB9-48CC-95C3-7EFD75891013}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Omikron\Runtime.exe
FirewallRules: [{C17C4255-D165-459F-AE16-5ECB02E863ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Omikron\Runtime.exe
FirewallRules: [{284D1BA3-AF57-4CC5-833A-589C866D464B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider Underworld\tru.exe
FirewallRules: [{3D09BC64-3B47-4A0D-B962-676F8092BB0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider Underworld\tru.exe
FirewallRules: [{CD87DA90-E1A6-41DC-AB12-7F77E24ED0A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Binary Domain\BinaryDomainConfiguration.exe
FirewallRules: [{46DD787E-7B28-4BC3-B6AF-D1F1570D02AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Binary Domain\BinaryDomainConfiguration.exe
FirewallRules: [{2E691F77-A442-4789-8356-D0D8B37372D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Binary Domain\BinaryDomain.exe
FirewallRules: [{95448118-E2A9-49E9-BD75-7B2EDB80C156}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Binary Domain\BinaryDomain.exe
FirewallRules: [{0508E97B-9151-42B9-9D16-D10CE3070BEE}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{55A48E62-E28A-45CD-AFF2-36F1CC00F397}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{E2D9FC33-4E6A-4EAD-A8B2-E0137E6447B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\X-Blades\launcher.exe
FirewallRules: [{9982CA63-3DED-43AE-9D8F-965320636649}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\X-Blades\launcher.exe
FirewallRules: [{DA484491-7105-4068-8DF9-B11A50C8990C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL REVELATIONS\rerev.exe
FirewallRules: [{CE8725DB-A631-4B31-909E-8C57DCDC5A2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL REVELATIONS\rerev.exe
FirewallRules: [{09100713-6B63-4712-AAD1-9DAFEE528C72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe
FirewallRules: [{DF74F968-DE74-4234-9C7B-CC24EEDF6C5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe
FirewallRules: [{CB17D377-B85E-4C61-8903-AF221E175448}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
FirewallRules: [{8320AA5A-44A1-4162-B4DE-E79D1E569402}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
FirewallRules: [{AE54707E-5B04-43CB-A594-C209139C1B91}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\METAL GEAR RISING REVENGEANCE\METAL GEAR RISING REVENGEANCE.exe
FirewallRules: [{53BF4BCC-0845-4418-9F61-075E9F521B99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\METAL GEAR RISING REVENGEANCE\METAL GEAR RISING REVENGEANCE.exe
FirewallRules: [{CCFD3016-24AC-4BFC-8469-E449B4CBC6C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lost Planet 3\Binaries\Win32\LP3Launcher.exe
FirewallRules: [{D4038960-9154-4AE0-8C55-F2BF0833D27F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lost Planet 3\Binaries\Win32\LP3Launcher.exe
FirewallRules: [{1040EB66-B4D8-4C0B-9BEB-31A0FCF12CA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bionic Commando Rearmed\bcr.exe
FirewallRules: [{953898C0-AD05-4E4C-AAEC-014D4E7FD66C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bionic Commando Rearmed\bcr.exe
FirewallRules: [{2DD4A1A7-8ED4-4A0E-8BE4-11F545F25A52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{A932AFF5-35AF-4F16-B5FD-2D2A1EBADA30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{F6099E65-17AF-4D22-8FB8-516361348161}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{EF37FCCD-CD8B-42F8-BCEF-9A3F62B1742B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [UDP Query User{0873561E-1307-4FE3-B524-544A86262F05}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{F4F14078-5A0A-42F4-8FF4-6E4D53CEB669}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{07B1A744-F0A6-4916-9095-1AAD7B95AEFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [{A47CF8DC-C4FD-4A3E-B645-7829906EEAE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [UDP Query User{D9784C09-F787-4902-AE81-5972F8099893}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{ACB7EA2A-413B-4238-8486-3D4CB7F9685C}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{FBEF9DD6-FD9B-489B-8AC7-08F680966D57}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blood Omen 2 Legacy of Kain\bo2.exe
FirewallRules: [{5D17F15B-6B4A-4A31-905A-3B61BAF3B965}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blood Omen 2 Legacy of Kain\bo2.exe
FirewallRules: [{4702C908-A35D-4F64-8E69-FEFD5A780A23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Legacy of Kain Soul Reaver 2\sr2.exe
FirewallRules: [{9AFA4F30-1630-474C-BDA5-35A9397AA0BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Legacy of Kain Soul Reaver 2\sr2.exe
FirewallRules: [{F6F77A76-AAFA-4634-9495-4E42EB40453A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Legacy of Kain Soul Reaver\kain2.exe
FirewallRules: [{471F7CF8-CCA5-4987-91A8-CF9A776724FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Legacy of Kain Soul Reaver\kain2.exe
FirewallRules: [{E744BFEE-28F0-4219-A00F-BD7D02A7635F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\legacy_kain_defiance\defiance.exe
FirewallRules: [{B2F5F0C1-7B49-4D78-A566-044117663F20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\legacy_kain_defiance\defiance.exe
FirewallRules: [{E981C1D2-1A9E-455B-BCC8-625CDC05DA9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord II\Config.exe
FirewallRules: [{17362256-502E-4B2F-B5D4-13527080558A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord II\Config.exe
FirewallRules: [{15E5DBEC-6F89-4E72-9B5C-52D71EE2CE44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord II\Overlord2.exe
FirewallRules: [{11BDF396-C4CC-448F-9C14-B5E449E0C3A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord II\Overlord2.exe
FirewallRules: [{4A2914AE-F822-4CB5-A169-A00A779808E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord\Config.exe
FirewallRules: [{28CEDCF1-0895-48F9-AC5D-B6EA9B74DF40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord\Config.exe
FirewallRules: [{8CE2602C-8E0B-48AD-B9CE-143A6317581D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord\Overlord.exe
FirewallRules: [{05C2A6A9-8629-4681-9529-5C7ECB0FB57B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord\Overlord.exe
FirewallRules: [{D76BBF9C-6816-4C00-AEF4-F101607C5A8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe
FirewallRules: [{F5E444C6-DEE9-4B8E-8A16-42A36183A4A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe
FirewallRules: [{EAEEECAB-076C-46C1-9B49-7AD81A558EB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{A5F253CE-8CA5-47CE-B197-0D2A24D923E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{D5EF869A-2A6E-4A0F-8D9C-070BC0BC6864}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RiskysRevenge\executable\RiskysRevenge.exe
FirewallRules: [{A1708CC7-427A-4C33-A491-9538E9DB03DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RiskysRevenge\executable\RiskysRevenge.exe
FirewallRules: [{735499A7-1F9E-4F4B-B0DB-F6C16332AC6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro 2033\metro2033.exe
FirewallRules: [{6332A7E3-3C71-46C3-AB9D-98F7BA86E74A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro 2033\metro2033.exe
FirewallRules: [{FE55FA65-B82A-4B65-988D-E1E6B5ED35D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{B3B93C41-E194-421D-A970-CBE95060EE0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{C0A3C888-4802-49F6-819E-902B73C9296E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{964AAA20-BC60-452D-9742-0BEB2A5F9A02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{38799F21-EC84-436D-9D08-379C3EF0CEE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FEAR Ultimate Shooter Edition\FEAR.exe
FirewallRules: [{0843E822-EED1-4582-B635-8EB5BBE13969}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FEAR Ultimate Shooter Edition\FEAR.exe
FirewallRules: [{C3761D65-4768-49C1-98B2-E9C6CF4B2BE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doom 3\Doom3.exe
FirewallRules: [{3FFF8FA5-6B28-4F7E-BF63-33EA54D576C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doom 3\Doom3.exe
FirewallRules: [{C8C423F8-4296-442E-9DEE-392374A72427}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe
FirewallRules: [{8455E819-7C14-4F50-A289-6CF71DD1C4F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe
FirewallRules: [{66F40A3F-0772-451A-8740-E9A4BC5EFA35}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{235C4B73-1F2C-4CD3-BFDE-A72ADF6E186D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6EF6DDE9-9078-473F-9FDA-959B3408EFF8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{98A3D12B-FC52-46BB-9743-E1954079AFD6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FEC9AA9F-56E3-4AAF-B11A-195EF9C04A58}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CC43CB77-1142-4E40-AEC5-A57BDC314470}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{34C6C6D2-9DE0-4B37-AC51-94C5C980C254}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2E595AB9-AC82-4B5F-A1D5-994726A9E1F0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2BD57AF1-1E0B-4E29-A48E-190CD724D293}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9430B268-39CB-4975-A873-95893911495B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{CD1E5966-2843-4072-B240-32E290617F8E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{984CF714-F1A3-4CDD-90D6-71140CD07064}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0A84067F-7F11-492C-895F-1A7E4768FD53}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7102CD25-47B4-47DE-A598-AEF69D10ECF0}] => (Allow) LPort=1900
FirewallRules: [{9E47E124-3F88-45BC-AE0C-B3FD0241A99D}] => (Allow) LPort=2869
FirewallRules: [{5EC53328-DC21-462D-AACD-EA110DE468A3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{ACC2E255-E28E-4AC9-8C4B-A237E36FE76B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Angry Video Game Nerd Adventures\avgn.exe
FirewallRules: [{4405092A-362A-4512-8876-A6CCBA70ABEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Angry Video Game Nerd Adventures\avgn.exe
FirewallRules: [{F1741127-AA1A-486B-A6FC-E9A1A5C734F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Contrast\Binaries\Win32\ContrastGame.exe
FirewallRules: [{2C4FD4D3-F42F-4315-97CE-91E633E5D924}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Contrast\Binaries\Win32\ContrastGame.exe
FirewallRules: [{57A92822-02BD-437E-942A-AEF8D25A9EE9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{B998AB5F-DAFD-4F41-9742-10FBFE4097AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{3F06E309-79BA-49C4-BDE8-036D1B734FAC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DCBF227D-6DAD-468D-8598-2608137878B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Last Remnant\Binaries\TLR.exe
FirewallRules: [{201AABE2-377A-484B-8F19-AC7B98AA3EF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Last Remnant\Binaries\TLR.exe

==================== Restore Points =========================

18-05-2016 12:15:21 Manual
18-05-2016 13:06:59 Test
19-05-2016 09:18:56 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/19/2016 10:57:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NIS.exe, version: 13.1.0.74, time stamp: 0x56ba9bae
Faulting module name: SYMHTML.DLL, version: 10.1.0.91, time stamp: 0x56ce7f77
Exception code: 0xc000041d
Fault offset: 0x001a5ff3
Faulting process id: 0x18c4
Faulting application start time: 0xNIS.exe0
Faulting application path: NIS.exe1
Faulting module path: NIS.exe2
Report Id: NIS.exe3
Faulting package full name: NIS.exe4
Faulting package-relative application ID: NIS.exe5

Error: (05/19/2016 10:57:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NIS.exe, version: 13.1.0.74, time stamp: 0x56ba9bae
Faulting module name: SYMHTML.DLL, version: 10.1.0.91, time stamp: 0x56ce7f77
Exception code: 0xc0000005
Fault offset: 0x001a5ff3
Faulting process id: 0x18c4
Faulting application start time: 0xNIS.exe0
Faulting application path: NIS.exe1
Faulting module path: NIS.exe2
Report Id: NIS.exe3
Faulting package full name: NIS.exe4
Faulting package-relative application ID: NIS.exe5

Error: (05/19/2016 06:48:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AARON)
Description: Activation of app Microsoft.Getstarted_3.5.11.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/19/2016 06:46:11 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (05/19/2016 09:19:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/18/2016 01:07:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/18/2016 12:15:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/18/2016 10:31:51 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (05/17/2016 10:36:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AARON)
Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/17/2016 10:36:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LockApp.exe, version: 0.0.0.0, time stamp: 0x5632d5a5
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.306, time stamp: 0x571af9f6
Exception code: 0xc000027b
Fault offset: 0x0000000000517ad4
Faulting process id: 0x47e8
Faulting application start time: 0xLockApp.exe0
Faulting application path: LockApp.exe1
Faulting module path: LockApp.exe2
Report Id: LockApp.exe3
Faulting package full name: LockApp.exe4
Faulting package-relative application ID: LockApp.exe5


System errors:
=============
Error: (05/20/2016 12:33:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_6eafaed service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/20/2016 12:33:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_6eafaed service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/20/2016 12:33:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_6eafaed service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/20/2016 12:33:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_6eafaed service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/20/2016 12:33:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/19/2016 11:02:12 PM) (Source: DCOM) (EventID: 10016) (User: AARON)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}AaronAaronS-1-5-21-2750566662-3117591305-1405036124-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (05/19/2016 11:02:11 PM) (Source: DCOM) (EventID: 10016) (User: AARON)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}AaronAaronS-1-5-21-2750566662-3117591305-1405036124-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (05/19/2016 11:00:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_727ea service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/19/2016 11:00:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_727ea service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/19/2016 11:00:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_727ea service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-05-16 12:51:12.487
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-14 20:51:49.000
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-14 14:10:23.032
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-11 21:56:23.226
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-10 15:17:04.849
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-10 13:49:03.696
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-16 21:25:22.994
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-15 19:24:00.366
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-15 18:55:30.128
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-15 15:08:36.988
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 35%
Total physical RAM: 12238.08 MB
Available physical RAM: 7873.59 MB
Total Virtual: 14094.08 MB
Available Virtual: 9391.07 MB

==================== Drives ================================

Drive c: (OS_Install) (Fixed) (Total:583.69 GB) (Free:205.86 GB) NTFS
Drive d: (Data) (Fixed) (Total:328.26 GB) (Free:237.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C3D9842E)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites
MadDemon64

MadDemon64

Posted
  • Author
Posted (edited)

So I did a bit of searching and asking around and came across this possible solution.  Do you think it would work?

 

After nearly 6,500 malware removals over the last few years I have seen something similar to this in a few cases. In one case it was a fraudulent MITM firmware on the NIC. In that case I dumped the NIC rather than re-flash it and the guy was likely a fairly high SIGINT target or corporate espionage. In another case I found a secondary browser directory with LNK redirects and some malicious DLL's. No scanner in the world found it and it required manual removal.  In the third case it was a combination of DNS Hijack, Proxy Redirects. In the final case if I recall it was a plugin in Chrome redirecting to another chrome window loaded via a fraudulently compiled version of Chromium. All of these required manual removal.

 

Here's what I would do;

First Step;

Open CMD escalated to administrator. (CTRL-SHIFT-ENTER as you click CMD, or right click and select Administrative).

Run these commands.
C:
cd "\WINDOWS\system32\drivers\etc"
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
netsh winsock reset all
netsh int ip reset all
Restart system.
 
Step 2:
Load up chrome, go to settings, advanced, reset chrome.
type about://plugins in the browser, make sure nothing malicious is there.
Go to Control Panel, Internet Settings, Advanced Tab, Check the "Reset" button.
Restart computer.
 
Step 3:
Right click the network icon and select "Open Network"
Click 'Change Adapter Settings"
Select your adapter, right click it, select properties.
Uncheck everything BUT 'internet protocol version 4'
Select Internet protocol version 4 then properties
Make sure each one is on 'Obtain' option, no numbers are entered.
Restart computer.
 
Step 4: (this removes any potential malware using IPv6 tunnel backdoors)
Open Administrative CMD again and type:
netsh int ipv6 isatap set state disabled
netsh int ipv6 6to4 set state disabled
netsh interface teredo set state disabled
Restart computer
 
Step 5: 
Browse ROOT drive for any mirrored/forged browser directories.
Include C:\, C:\programdata directories, etc. Ensure folder options to see hidden folders/directories/extensions is turned on)
Delete any browser related directories you find, assuming they are forged.
 
Step 6:
Type Manage Computer Certificates
Go into the Trusted Root Certificates
Look for any fishy certificates.
Download Root Certificate Scanner.
Scan for any bad certificates. Manually delete the flagged ones in Trusted Root Certificate category.
Restart machine.
 
Is this a legit solution or not?
Edited by MadDemon64
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thanks for the logs, continue as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Please download Junkware Removal Tool to your desktop.
 
  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Next,

Go here: http://cdn10.zemana.com/AntiMalware/2.20.1.539/Zemana.AntiMalware.Setup.exe download and install Zemana Anti-malware. Allow a shortcut to be saved to your Desktop.. The tool will be active with a 15 day trial....

Right click on user posted image Zemana Antimalware and select "Run as Administrator"

From the GUI select "Settings"

user posted image

In the new window Select 1. Updates, when complete Select 2. Real Time Protection.

user posted image

In the next window make sure 1. all boxes are checkmarked and the action is "Quarantine" and then " 2. Select the home icon.

user posted image

In the new window select "Scan"

user posted image

When the scan completes check each found entry (if any). For "Suspicious Browser Settings" choose REPAIR for all other entries choose QUARANTINE then select the "Next" tab


The action complete window will open, from there select the "Back" tab. That will take you back to the home screen...

On that screen select the "Reports" tab. (Looks like 3 chimneys)

user posted image

On that screen select and highlite the scan details line, then select "Open Report"

user posted image

Copy and paste that log to your reply...

Let me see those logs, also give an update on any remaining issues or concerns...

Thank you,

Kevin...

Fixlist.txt

Link to post
Share on other sites
MadDemon64

MadDemon64

Posted
  • Author
Posted

I ran all the scans and here are the fixlog, jrt, and zemana logs.  There was no ADWcleaner log since it found nothing:

Fix result of Farbar Recovery Scan Tool (x64) Version:19-05-2016
Ran by Aaron (2016-05-20 12:23:35) Run:1
Running from C:\Users\Aaron\Desktop
Loaded Profiles: Aaron (Available Profiles: Aaron)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2750566662-3117591305-1405036124-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-2750566662-3117591305-1405036124-1001\...\MountPoints2: {f0c093ae-4c4c-11e5-8265-c038962f7bd8} - "F:\unlock.exe" autoplay=true
Task: {011B8EC0-9842-477E-85F1-97BD5591A0CE} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {60467E55-FA05-4BE3-B844-FEC7523528A9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {84BCAF8B-7123-4505-BA21-B5F38C504F7F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {87DA60BE-D319-4DD6-A697-B7EA04DDA6E9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A7EE1646-FADD-4BCA-BE77-69B0D5052591} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B1FFC939-212F-4FBD-9C60-435AA4A7B925} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {B7A8226A-1D5A-4BD1-ABF0-AA3C8BB43F10} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C273F73A-50CF-4CE6-9B17-A569FDE1F822} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C8EE38A1-1EA3-448A-B78C-F66212ED3888} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D1FFDE57-4985-42BA-888C-6E6268BF03E6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D2720C72-D0CA-4661-975C-3BFBA48993E8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {D417CE42-8345-445C-BAB1-A4E87D19BD99} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DA0192D1-6731-406E-9CBD-155737167E68} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
CMD: ipconfig /flushdns
EmptyTemp:
end

*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2750566662-3117591305-1405036124-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient => value removed successfully
"HKU\S-1-5-21-2750566662-3117591305-1405036124-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0c093ae-4c4c-11e5-8265-c038962f7bd8}" => key removed successfully
HKCR\CLSID\{f0c093ae-4c4c-11e5-8265-c038962f7bd8} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{011B8EC0-9842-477E-85F1-97BD5591A0CE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{011B8EC0-9842-477E-85F1-97BD5591A0CE}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60467E55-FA05-4BE3-B844-FEC7523528A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60467E55-FA05-4BE3-B844-FEC7523528A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84BCAF8B-7123-4505-BA21-B5F38C504F7F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84BCAF8B-7123-4505-BA21-B5F38C504F7F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87DA60BE-D319-4DD6-A697-B7EA04DDA6E9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87DA60BE-D319-4DD6-A697-B7EA04DDA6E9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7EE1646-FADD-4BCA-BE77-69B0D5052591}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7EE1646-FADD-4BCA-BE77-69B0D5052591}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1FFC939-212F-4FBD-9C60-435AA4A7B925}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1FFC939-212F-4FBD-9C60-435AA4A7B925}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7A8226A-1D5A-4BD1-ABF0-AA3C8BB43F10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7A8226A-1D5A-4BD1-ABF0-AA3C8BB43F10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C273F73A-50CF-4CE6-9B17-A569FDE1F822}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C273F73A-50CF-4CE6-9B17-A569FDE1F822}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8EE38A1-1EA3-448A-B78C-F66212ED3888}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8EE38A1-1EA3-448A-B78C-F66212ED3888}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1FFDE57-4985-42BA-888C-6E6268BF03E6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1FFDE57-4985-42BA-888C-6E6268BF03E6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2720C72-D0CA-4661-975C-3BFBA48993E8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2720C72-D0CA-4661-975C-3BFBA48993E8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D417CE42-8345-445C-BAB1-A4E87D19BD99}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D417CE42-8345-445C-BAB1-A4E87D19BD99}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DA0192D1-6731-406E-9CBD-155737167E68}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA0192D1-6731-406E-9CBD-155737167E68}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 1.7 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 12:25:06 ====

____________________________

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64 
Ran by Aaron (Administrator) on Fri 05/20/2016 at 12:32:49.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 0 


Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/20/2016 at 12:35:43.49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
__________________________

Zemana AntiMalware 2.20.179.613 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/5/20
Operating System       : Windows 10 64-bit
Processor              : 8X Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz
BIOS Mode              : UEFI
CUID                   : 00A92F32062C0B4C6CE8DE
Scan Type              : Deep Scan
Duration               : 14m 36s
Scanned Objects        : 354587
Detected Objects       : 0
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : ON
Detect All Extensions  : OFF
Scan Documents         : OFF
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

There are no detected objects
 

Link to post
Share on other sites
MadDemon64

MadDemon64

Posted
  • Author
Posted
1 minute ago, kevinf80 said:

Which browser gives the redirect...?

I also see you`ve been receiving help at Bleeping Computers, that is really counterproductive. Make your mind up where you want help from, If you prefer BC we can close out here...

/

Google Chrome.

Also how is receiving help from bleeping computer counterproductive?  

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

If you have two people trying to fix your system with out knowing what each other are doing it cannot be anything else but counterproductive. We are both working blind using scans, logs and results to try and find the root cause of your redirect issue.

If I look at a log result from a scan i`ve requested I will compile a fix from those results, In the mean time if the other helper has run a different tool your system may have changed, I give you my fix and we could end up with damaged system or system registry... its late for me 30 mins after midnight, stick with your friend at BC and i`ll close out here....

Thank you,

Kevin...

Link to post
Share on other sites
MadDemon64

MadDemon64

Posted
  • Author
Posted (edited)
4 minutes ago, kevinf80 said:

If you have two people trying to fix your system with out knowing what each other are doing it cannot be anything else but counterproductive. We are both working blind using scans, logs and results to try and find the root cause of your redirect issue.

If I look at a log result from a scan i`ve requested I will compile a fix from those results, In the mean time if the other helper has run a different tool your system may have changed, I give you my fix and we could end up with damaged system or system registry... its late for me 30 mins after midnight, stick with your friend at BC and i`ll close out here....

Thank you,

Kevin...

But I posted his suggestion early on.  He has not suggested any tools or anything.  Please do not close out.

Edited by MadDemon64
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

There in lies the problem, you never told me anything about being advised at another forum. Its really late for me, i`ve got an early start in the morning and do not have the time to continue...

Ok run the following scan, this will make changes and reset chrome setting to default, let me know if this helps:

user posted imageScan with ZOEK

Please download ZOEK by Smeenk from here: http://hijackthis.nl/smeenk/ and save it to your desktop (preferred version is the *.exe one)

*.exe Mirror http://smeenk.247fixes.com/Tools/zoek.exe

Temporary disable your AntiVirus and AntiSpyware protection - instructions here or here
 
  • Right-click on user posted image icon and select user posted image Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script underneath code:


CODE

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns >>"%temp%\log.txt";b
CHRdefaults;


 
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)


Please include its content in your next reply. Don't forget to re-enable security software!
Link to post
Share on other sites
MadDemon64

MadDemon64

Posted
  • Author
Posted
1 hour ago, kevinf80 said:

There in lies the problem, you never told me anything about being advised at another forum. Its really late for me, i`ve got an early start in the morning and do not have the time to continue...

Ok run the following scan, this will make changes and reset chrome setting to default, let me know if this helps:

user posted imageScan with ZOEK

Please download ZOEK by Smeenk from here: http://hijackthis.nl/smeenk/ and save it to your desktop (preferred version is the *.exe one)

*.exe Mirror http://smeenk.247fixes.com/Tools/zoek.exe

Temporary disable your AntiVirus and AntiSpyware protection - instructions here or here
 
  • Right-click on user posted image icon and select user posted image Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script underneath code:

 
CODE

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns >>"%temp%\log.txt";b
CHRdefaults;


 
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)


Please include its content in your next reply. Don't forget to re-enable security software!

Here is the logfile from zoek:


Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Aaron on Sun 05/22/2016 at 21:03:16.47.
Microsoft Windows 10 Home 10.0.10586  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Aaron\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

5/22/2016 9:04:35 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\PlayfireClientGames deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Aaron\AppData\Local\ActiveSync deleted successfully
C:\Users\Aaron\AppData\Local\Atari deleted successfully
C:\Users\Aaron\AppData\Local\Axialis deleted successfully
C:\Users\Aaron\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Aaron\AppData\Local\EmieSiteList deleted successfully
C:\Users\Aaron\AppData\Local\EmieUserList deleted successfully
C:\Users\Aaron\AppData\Local\NetworkTiles deleted successfully
C:\Users\Aaron\AppData\Local\Rebellion deleted successfully
C:\Users\Aaron\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

==== Deleting Files \ Folders ======================

C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\PlayfireClientGames not found
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\SysWow64\AI_RecycleBin deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon" [03/17/2016 11:38 AM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon" [03/17/2016 11:38 AM]

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cjabmdjcfcfdmffimndhafhblfmpjdpe - C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\Exts\Chrome.crx[02/21/2016 02:41 AM]
iikflkcanblccfahdhdonehdalibjnif - No path found[]

Norton Security Toolbar - Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe
Norton Identity Safe - Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif

==== Chromium Fix ======================

C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage deleted successfully
C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://msi13.msn.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{E6B8A308-D570-4BB4-934D-27E12CD09292}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E6B8A308-D570-4BB4-934D-27E12CD09292}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://msi13.msn.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{E6B8A308-D570-4BB4-934D-27E12CD09292}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{E6B8A308-D570-4BB4-934D-27E12CD09292} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS;
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{E6B8A308-D570-4BB4-934D-27E12CD09292}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{E6B8A308-D570-4BB4-934D-27E12CD09292} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS;
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Reset Google Chrome ======================

C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Aaron\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Aaron\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Aaron\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Aaron\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=44 folders=49 50758415 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Aaron\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Sun 05/22/2016 at 21:18:42.22 ======================
_________________________________

Also I would like to apologize if I offended you by asking you and bleeping computer.  However, regarding how I was advised on bleeping computer, they believe that it could be " fraudulent MITM firmware on the NIC", "" secondary browser directory with LNK redirects and some malicious DLL", or " ombination of DNS Hijack, Proxy Redirects".  I am sorry to ask you this but what do you think of these explanations?

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

There is no need to apologize, I understand your predicament. You post to a forum, get no reply so you post to another. Malware forums do get extremely busy, help can be a long time coming... Most of the guys who work these forums are volunteers so have another life, family, kids, work etc etc... hence we are not here all of the time.

Regarding the explanations you quote, well all things are possible, but such issues would not really be affecting just one browser, they would probably affect any browser that you use...

Looking back at the logs posted from FRST I do not see any obvious issues with Hosts, DNS settings or NIC, Redirects are a way that malware writers get paid by making you connect to specific websites etc, 

Your issue is only affecting Chrome and only at a specific time, that could even be down to a simple scheduled task..... 

Let me know if Zoek resets have made any difference...

Thank you,

Kevin

Link to post
Share on other sites
MadDemon64

MadDemon64

Posted
  • Author
Posted
3 hours ago, kevinf80 said:

There is no need to apologize, I understand your predicament. You post to a forum, get no reply so you post to another. Malware forums do get extremely busy, help can be a long time coming... Most of the guys who work these forums are volunteers so have another life, family, kids, work etc etc... hence we are not here all of the time.

Regarding the explanations you quote, well all things are possible, but such issues would not really be affecting just one browser, they would probably affect any browser that you use...

Looking back at the logs posted from FRST I do not see any obvious issues with Hosts, DNS settings or NIC, Redirects are a way that malware writers get paid by making you connect to specific websites etc, 

Your issue is only affecting Chrome and only at a specific time, that could even be down to a simple scheduled task..... 

Let me know if Zoek resets have made any difference...

Thank you,

Kevin

Well I really only use the one browser so really I have no idea if it affects other browsers.  However, the list of affected sites is exceedingly low, only including deviantart and tumblr and only if the page is idle (i.e., I right clicked on a link to those pages and selected "open in a new tab") so I don't know to think if this is some malware that is extremely good at hiding or something less malicious.

Link to post
Share on other sites
MadDemon64

MadDemon64

Posted
  • Author
Posted
10 minutes ago, MadDemon64 said:

Well it didn't work.  It happened again.

So since it didn't work, what about this potential solution I found:

First Step;

Open CMD escalated to administrator. (CTRL-SHIFT-ENTER as you click CMD, or right click and select Administrative).

Run these commands.
C:
cd "\WINDOWS\system32\drivers\etc"
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
netsh winsock reset all
netsh int ip reset all
Restart system.
 
Step 2:
Load up chrome, go to settings, advanced, reset chrome.
type about://plugins in the browser, make sure nothing malicious is there.
Go to Control Panel, Internet Settings, Advanced Tab, Check the "Reset" button.
Restart computer.
 
Step 3:
Right click the network icon and select "Open Network"
Click 'Change Adapter Settings"
Select your adapter, right click it, select properties.
Uncheck everything BUT 'internet protocol version 4'
Select Internet protocol version 4 then properties
Make sure each one is on 'Obtain' option, no numbers are entered.
Restart computer.
 
Step 4: (this removes any potential malware using IPv6 tunnel backdoors)
Open Administrative CMD again and type:
netsh int ipv6 isatap set state disabled
netsh int ipv6 6to4 set state disabled
netsh interface teredo set state disabled
Restart computer
 
Step 5: 
Browse ROOT drive for any mirrored/forged browser directories.
Include C:\, C:\programdata directories, etc. Ensure folder options to see hidden folders/directories/extensions is turned on)
Delete any browser related directories you find, assuming they are forged.
 
Step 6:
Type Manage Computer Certificates
Go into the Trusted Root Certificates
Look for any fishy certificates.
Download Root Certificate Scanner.
Scan for any bad certificates. Manually delete the flagged ones in Trusted Root Certificate category.
Restart machine.
Link to post
Share on other sites
MadDemon64

MadDemon64

Posted
  • Author
Posted (edited)
4 minutes ago, kevinf80 said:

ok let me know the out come,

So, I am thinking.  It only happens when I am on deviantart.com (and once on tumblr) and only once a week.  This is not a normal redirect.  What do you think could be the cause?  Could the solution that I posted and said I found (reset winsock, change adapter settings, etc.) work?  Is this actually some nasty well hidden virus or am I just getting some bad ads?

Edited by MadDemon64
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

I`m not sure any of those fixes you quoted would help, your issue is more specific... I had a similar thread awhile back, again specific and no real reason could be found. That turned out to be down to Steam, a rogue setting was found in one of the caches. It only happened like yours at a set time.. Its frustrating for sure. If you can try another browser and the re-direct does not occur then a clean install of Chrome is probably the way to go...

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept