Jump to content

Potential BSOD Pop-Up Attack


Jhay
 Share

Recommended Posts

Hi Jhay :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Usually, you get these when you get hit by malvertising. The threat only exists in your web browser (the tab where the error message is), and closing it will solve the issue. These pages don't drop anything on your system. Installing a good adblocker (like uBlock Origin) can protect you from malvertising (since ads won't be displayed).

Link to post
Share on other sites

I have encountered these things before, posted on this forum and followed the instructions from other members and the scans always find something. I would imagine those would be PUPs, but I would just like to go through the removal process to be sure that my system has not been infected.

Link to post
Share on other sites

All right. Here's my first set of logs.

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2016
Ran by Jordan (administrator) on JORDAN-PC (25-09-2016 17:39:21)
Running from C:\Users\Jordan\Desktop
Loaded Profiles: Jordan (Available Profiles: Jordan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(M-Audio) C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Spotify Ltd) C:\Users\Jordan\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2328944 2011-01-07] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2016-07-28] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2858272 2016-09-20] (Valve Corporation)
HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\Run: [Spotify Web Helper] => C:\Users\Jordan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1555056 2016-08-08] (Spotify Ltd)
HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [884920 2016-06-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\Run: [KiesHelper] => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [911248 2011-03-21] (Samsung)
HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3373968 2011-03-21] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [19872 2011-03-21] ()
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3B3DB352-DB9E-47B4-BDA0-F812F6180C6E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-09-20] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-09-20] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-09-20] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-09-20] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-09-20] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-03] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-06-28]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-08-08]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi

Chrome: 
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default [2016-09-25]
CHR Extension: (Google Slides) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-03]
CHR Extension: (Google Docs) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-03]
CHR Extension: (Google Drive) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-03]
CHR Extension: (YouTube) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-03]
CHR Extension: (Adobe Acrobat) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-09-10]
CHR Extension: (Google Sheets) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-03]
CHR Extension: (Google Docs Offline) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-03]
CHR Extension: (AdBlock) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-25]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-09-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-03]
CHR Extension: (Gmail) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-03]
CHR Extension: (Chrome Media Router) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKU\S-1-5-21-1466031636-3715157435-865888265-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2980032 2016-09-05] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 MIDISPORTAudioDevMon; C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [1638704 2012-02-24] (M-Audio)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-02] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 HIDMiniport; C:\Windows\System32\DRIVERS\HIDMiniport.sys [7744 2016-09-03] ()
S3 HIDWiimote; C:\Windows\System32\DRIVERS\HIDWiimote.sys [25232 2016-09-03] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [189264 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [305496 2016-09-10] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1027984 2016-09-10] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50008 2016-09-10] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [126360 2016-09-10] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
S3 MAUSBMIDISPORT; C:\Windows\System32\DRIVERS\MAudioMIDISPORT.sys [201008 2012-02-24] (M-Audio)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2015-09-04] (Scarlet.Crush Productions)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 vjoy; C:\Windows\System32\DRIVERS\vjoy.sys [56440 2016-02-03] (Shaul Eizikovich)
R3 xcbdaNtscV; C:\Windows\System32\DRIVERS\xcbdaVx64.sys [214784 2009-06-10] (ViXS Systems Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-25 17:38 - 2016-09-25 17:39 - 00037111 _____ C:\Users\Jordan\Desktop\Addition.txt
2016-09-25 17:37 - 2016-09-25 17:39 - 00020857 _____ C:\Users\Jordan\Desktop\FRST.txt
2016-09-25 17:37 - 2016-09-25 17:39 - 00000000 ____D C:\FRST
2016-09-25 17:37 - 2016-09-25 17:37 - 02403328 _____ (Farbar) C:\Users\Jordan\Desktop\FRST64.exe
2016-09-20 20:37 - 2016-08-05 11:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-20 20:37 - 2016-08-05 11:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-09-20 01:07 - 2016-09-01 15:26 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-20 01:07 - 2016-09-01 14:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-09-20 01:07 - 2016-08-31 23:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-09-20 01:07 - 2016-08-31 23:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-20 01:07 - 2016-08-31 22:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-09-20 01:07 - 2016-08-31 22:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-20 01:07 - 2016-08-31 22:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-09-20 01:07 - 2016-08-31 22:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-09-20 01:07 - 2016-08-31 22:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-09-20 01:07 - 2016-08-31 22:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-20 01:07 - 2016-08-31 22:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-09-20 01:07 - 2016-08-31 22:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-09-20 01:07 - 2016-08-31 22:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-09-20 01:07 - 2016-08-31 22:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-20 01:07 - 2016-08-31 22:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-09-20 01:07 - 2016-08-31 22:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-09-20 01:07 - 2016-08-31 22:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-09-20 01:07 - 2016-08-31 21:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-09-20 01:07 - 2016-08-31 21:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-09-20 01:07 - 2016-08-31 21:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-09-20 01:07 - 2016-08-31 21:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-09-20 01:07 - 2016-08-31 21:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-09-20 01:07 - 2016-08-31 21:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-09-20 01:07 - 2016-08-31 21:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-09-20 01:07 - 2016-08-31 21:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-20 01:07 - 2016-08-31 21:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-09-20 01:07 - 2016-08-31 21:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-09-20 01:07 - 2016-08-31 21:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-20 01:07 - 2016-08-31 21:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-20 01:07 - 2016-08-31 20:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-20 01:07 - 2016-08-31 20:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-20 01:07 - 2016-08-31 20:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-20 01:07 - 2016-08-31 20:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-20 01:07 - 2016-08-31 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-09-20 01:07 - 2016-08-31 20:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-20 01:07 - 2016-08-31 20:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-09-20 01:07 - 2016-08-31 20:24 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-20 01:07 - 2016-08-31 20:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-20 01:07 - 2016-08-31 20:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-20 01:07 - 2016-08-31 20:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-09-20 01:07 - 2016-08-31 20:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-09-20 01:07 - 2016-08-31 20:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-20 01:07 - 2016-08-31 20:15 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-09-20 01:07 - 2016-08-31 20:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-20 01:07 - 2016-08-31 20:11 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-20 01:07 - 2016-08-31 20:11 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-09-20 01:07 - 2016-08-31 20:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-20 01:07 - 2016-08-31 20:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-09-20 01:07 - 2016-08-31 20:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-20 01:07 - 2016-08-31 20:03 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-09-20 01:07 - 2016-08-31 19:59 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-20 01:07 - 2016-08-31 19:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-09-20 01:07 - 2016-08-31 19:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-09-20 01:07 - 2016-08-31 19:47 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-09-20 01:07 - 2016-08-31 19:46 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-20 01:07 - 2016-08-31 19:44 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-20 01:07 - 2016-08-31 19:42 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-09-20 01:07 - 2016-08-31 19:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-09-20 01:07 - 2016-08-31 19:29 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-09-20 01:07 - 2016-08-31 19:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-20 01:07 - 2016-08-31 19:27 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-09-20 01:07 - 2016-08-31 19:26 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-20 01:07 - 2016-08-31 19:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-20 01:07 - 2016-08-31 19:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-20 01:07 - 2016-08-31 18:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-20 01:07 - 2016-08-31 18:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-20 01:07 - 2016-08-12 12:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-20 01:07 - 2016-08-12 12:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-20 01:07 - 2016-08-12 12:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-20 01:06 - 2016-09-02 11:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-20 01:06 - 2016-09-02 11:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-20 01:06 - 2016-09-02 11:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-20 01:06 - 2016-09-02 11:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-20 01:06 - 2016-09-02 11:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-20 01:06 - 2016-09-02 11:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-20 01:06 - 2016-09-02 11:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-20 01:06 - 2016-09-02 11:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-09-20 01:06 - 2016-09-02 11:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-09-20 01:06 - 2016-09-02 11:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-09-20 01:06 - 2016-09-02 11:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-20 01:06 - 2016-09-02 11:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-20 01:06 - 2016-09-02 11:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-20 01:06 - 2016-09-02 11:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-20 01:06 - 2016-09-02 11:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-20 01:06 - 2016-09-02 11:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-09-20 01:06 - 2016-09-02 11:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-09-20 01:06 - 2016-09-02 11:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 11:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-20 01:06 - 2016-09-02 11:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-20 01:06 - 2016-09-02 11:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-20 01:06 - 2016-09-02 11:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-20 01:06 - 2016-09-02 10:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-09-20 01:06 - 2016-09-02 10:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-20 01:06 - 2016-09-02 10:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-20 01:06 - 2016-09-02 10:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-20 01:06 - 2016-09-02 10:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-20 01:06 - 2016-09-02 10:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-20 01:06 - 2016-09-02 10:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-09-20 01:06 - 2016-09-02 10:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-20 01:06 - 2016-09-02 10:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-09-20 01:06 - 2016-09-02 10:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-09-20 01:06 - 2016-09-02 10:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-09-20 01:06 - 2016-09-02 10:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-09-20 01:06 - 2016-09-02 10:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-09-20 01:06 - 2016-09-02 10:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 10:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 10:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-20 01:06 - 2016-09-02 10:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-09-20 01:06 - 2016-08-16 13:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-20 01:06 - 2016-08-15 22:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-20 01:06 - 2016-08-15 22:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-20 01:06 - 2016-08-06 11:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-20 01:06 - 2016-08-06 11:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-20 01:06 - 2016-07-07 11:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-09-20 01:06 - 2016-07-07 11:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-09-20 01:06 - 2016-07-07 11:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-09-20 01:06 - 2016-07-07 11:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-09-20 01:06 - 2016-07-01 11:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-20 01:06 - 2016-07-01 11:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-09-20 01:06 - 2016-07-01 11:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-09-20 01:06 - 2016-07-01 11:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-09-20 01:06 - 2016-06-06 12:50 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-09-20 01:06 - 2016-06-06 12:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-09-20 01:06 - 2016-06-06 12:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-09-20 01:06 - 2016-06-06 12:50 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-09-20 01:06 - 2016-06-06 11:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-09-20 01:06 - 2016-06-06 11:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-09-20 01:06 - 2016-06-06 11:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-09-20 01:06 - 2016-06-06 11:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-09-20 01:06 - 2016-05-13 18:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-09-20 01:06 - 2016-05-13 18:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-09-20 01:06 - 2016-05-13 18:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-09-20 01:06 - 2016-05-13 18:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-09-20 01:06 - 2016-05-13 17:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-09-20 01:06 - 2016-05-13 17:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-09-20 01:06 - 2016-05-13 17:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-09-20 01:06 - 2016-05-13 17:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-09-20 01:06 - 2016-05-13 17:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-09-20 01:06 - 2016-05-13 17:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-09-20 01:06 - 2016-05-13 17:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-09-20 01:06 - 2016-05-13 17:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-09-20 01:06 - 2016-05-13 17:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-09-20 01:06 - 2016-05-13 17:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-09-20 01:06 - 2016-05-13 17:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-09-20 01:06 - 2016-05-13 17:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-09-20 01:06 - 2016-05-12 13:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-09-20 01:06 - 2016-05-12 11:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-09-20 01:06 - 2016-05-12 11:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-09-20 01:06 - 2016-05-04 13:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-09-20 01:06 - 2016-05-04 13:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-09-20 01:06 - 2016-05-04 13:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-09-20 01:06 - 2016-05-04 13:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-09-20 01:06 - 2016-05-04 13:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-09-20 01:06 - 2016-05-04 13:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-09-20 01:06 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-09-20 01:06 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-09-20 01:06 - 2016-05-04 13:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-09-20 01:06 - 2016-05-04 13:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-09-20 01:06 - 2016-05-04 11:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-09-20 01:06 - 2016-05-04 10:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-09-19 23:44 - 2016-09-19 23:44 - 00001029 _____ C:\Users\Public\Desktop\ImagePrinter Pro.lnk
2016-09-19 23:44 - 2016-09-19 23:44 - 00000000 ____D C:\Users\Jordan\AppData\Local\ImagePrinter Pro
2016-09-19 23:44 - 2016-09-19 23:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImagePrinter Pro
2016-09-19 23:44 - 2016-09-19 23:44 - 00000000 ____D C:\Program Files\Code Industry
2016-09-19 23:44 - 2016-03-05 15:06 - 00024576 _____ (Copyright (c) 2011 Code Industry LTD) C:\Windows\system32\img_localmon.dll
2016-09-19 23:44 - 2016-03-05 15:06 - 00015872 _____ (Copyright (c) 2011 Code Industry LTD) C:\Windows\system32\img_localui.dll
2016-09-19 23:38 - 2016-09-19 23:39 - 26370968 _____ (Code Industry Ltd. ) C:\Users\Jordan\Downloads\ImagePrinterPro-setup.exe
2016-09-19 12:55 - 2016-09-19 12:55 - 130294103 _____ C:\Users\Jordan\Downloads\fluid-soundfont.tar.gz
2016-09-19 12:55 - 2016-09-19 12:55 - 01378550 _____ (Igor Pavlov) C:\Users\Jordan\Downloads\7z1602-x64.exe
2016-09-19 12:55 - 2016-09-19 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-09-19 12:55 - 2016-09-19 12:55 - 00000000 ____D C:\Program Files\7-Zip
2016-09-19 12:24 - 2016-09-19 12:24 - 00000000 ____D C:\Users\Jordan\.oracle_jre_usage
2016-09-19 12:22 - 2016-09-19 12:22 - 00000000 ____D C:\3129df33e7798561b508
2016-09-19 12:00 - 2016-09-19 12:00 - 00001757 _____ C:\Users\Public\Desktop\Finale.lnk
2016-09-19 12:00 - 2016-09-19 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Finale
2016-09-19 12:00 - 2016-09-19 12:00 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2016-09-19 11:59 - 2016-09-19 12:00 - 00000000 ____D C:\Program Files\Finale
2016-09-19 11:59 - 2016-09-19 11:59 - 00000000 ____D C:\ProgramData\MakeMusic
2016-09-19 11:53 - 2016-09-19 11:54 - 330460368 _____ ( ) C:\Users\Jordan\Downloads\FinaleDemoSetup.exe
2016-09-19 02:07 - 2016-09-19 02:07 - 00000481 _____ C:\Windows\demdata.txt
2016-09-18 22:02 - 2016-09-18 22:02 - 00000000 ____D C:\a0b924c5655de52555
2016-09-16 09:22 - 2016-09-16 09:22 - 00164231 _____ C:\Users\Jordan\Documents\Colleen Deacon flyer.pdf
2016-09-16 09:22 - 2016-09-16 09:22 - 00000000 ____D C:\Users\Jordan\Documents\Custom Office Templates
2016-09-11 23:55 - 2016-09-11 23:55 - 00000000 ____D C:\Users\Jordan\Documents\Pinnacle
2016-09-10 14:17 - 2016-09-10 14:17 - 00002150 _____ C:\Users\Public\Desktop\Safe Money.lnk
2016-09-10 14:17 - 2016-09-10 14:17 - 00002132 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2016-09-10 14:17 - 2016-09-10 14:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2016-09-10 14:16 - 2016-09-10 14:36 - 01027984 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-09-10 14:16 - 2016-09-10 14:16 - 00000000 ____D C:\Windows\ELAMBKUP
2016-09-10 14:16 - 2016-06-26 15:10 - 00189264 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2016-09-10 14:16 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2016-09-10 14:11 - 2016-09-10 14:11 - 177912864 _____ (Kaspersky Lab) C:\Users\Jordan\Downloads\kis17.0.0.611en_10755.exe
2016-09-10 14:07 - 2016-09-10 14:07 - 06662856 _____ (Tim Kosse) C:\Users\Jordan\Downloads\FileZilla_3.21.0_win64-setup.exe
2016-09-08 23:55 - 2016-09-08 23:55 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Synthesia
2016-09-08 23:19 - 2016-09-08 23:19 - 00001913 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synthesia.lnk
2016-09-08 23:19 - 2016-09-08 23:19 - 00001901 _____ C:\Users\Public\Desktop\Synthesia.lnk
2016-09-08 23:19 - 2016-09-08 23:19 - 00000000 ____D C:\Program Files (x86)\Synthesia
2016-09-08 23:17 - 2016-09-08 23:17 - 03786784 _____ (Synthesia LLC) C:\Users\Jordan\Downloads\Synthesia-10.2-installer.exe
2016-09-08 23:16 - 2016-09-08 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
2016-09-08 23:16 - 2016-09-08 23:16 - 00000000 ____D C:\Program Files\M-Audio
2016-09-08 23:16 - 2016-09-08 23:16 - 00000000 ____D C:\Program Files (x86)\M-Audio
2016-09-08 23:15 - 2016-09-08 23:15 - 00000000 ____D C:\Users\Jordan\Downloads\MIDISport_Installer_6_1_3_Driver_5_10_0_5141
2016-09-08 23:15 - 2016-09-08 23:15 - 00000000 ____D C:\ProgramData\AVID
2016-09-08 23:13 - 2016-09-08 23:13 - 10454301 _____ C:\Users\Jordan\Downloads\MIDISport_Installer_6_1_3_Driver_5_10_0_5141.zip
2016-09-08 22:55 - 2016-09-08 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phase Shift
2016-09-08 22:52 - 2016-09-08 23:01 - 00000000 ____D C:\Program Files (x86)\Phase Shift
2016-09-08 22:52 - 2016-09-08 22:52 - 99789162 _____ C:\Users\Jordan\Downloads\ps_release_1.27_lite.exe
2016-09-03 17:04 - 2016-09-03 18:05 - 00000000 ____D C:\Users\Jordan\Documents\Madden NFL 08
2016-09-03 17:03 - 2016-09-03 17:03 - 00000000 __RHD C:\Users\Jordan\AppData\Roaming\SecuROM
2016-09-03 17:03 - 2016-09-03 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports
2016-09-03 16:58 - 2016-09-03 16:58 - 00000000 ____D C:\Program Files (x86)\EA Sports
2016-09-03 16:13 - 2016-09-03 16:13 - 06806328 _____ (Shaul Eizikovich ) C:\Users\Jordan\Downloads\vJoySetup.exe
2016-09-03 16:13 - 2016-02-03 12:24 - 00056440 _____ (Shaul Eizikovich) C:\Windows\system32\Drivers\vjoy.sys
2016-09-03 16:13 - 2016-02-03 12:24 - 00017336 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2016-09-03 16:12 - 2016-09-03 16:12 - 00003046 _____ C:\Windows\System32\Tasks\{38529C00-6B47-4D74-9062-D289D6496CF0}
2016-09-03 16:12 - 2016-09-03 16:12 - 00003046 _____ C:\Windows\System32\Tasks\{3620B627-84D3-4CBC-80C0-AF3BA95C485F}
2016-09-03 15:44 - 2016-09-03 15:44 - 00000431 _____ C:\Users\Jordan\AppData\Roaming\WiinUSoft_prefs.config
2016-09-03 15:42 - 2016-09-03 16:03 - 00000000 ____D C:\Program Files\WiinUSoft
2016-09-03 15:42 - 2015-09-04 16:55 - 00039168 _____ (Scarlet.Crush Productions) C:\Windows\system32\Drivers\ScpVBus.sys
2016-09-03 15:38 - 2016-09-03 15:38 - 48273181 _____ (Justin Keys ) C:\Users\Jordan\Downloads\wiinusoft_2.1.234_setup.exe
2016-09-03 15:35 - 2016-09-03 15:35 - 00947241 _____ C:\Users\Jordan\Downloads\WiinUPro Beta 7.1 64-Bit.zip
2016-09-03 15:35 - 2016-09-03 15:35 - 00000000 ____D C:\Users\Jordan\Downloads\WiinUPro Beta 7.1 64-Bit
2016-09-03 15:29 - 2016-09-03 15:29 - 00000000 ____D C:\Users\Jordan\Documents\Dolphin Emulator
2016-09-03 15:25 - 2016-09-03 15:26 - 19327064 _____ C:\Users\Jordan\Downloads\dolphin-x64-5.0.exe
2016-09-03 14:32 - 2016-09-03 14:32 - 00000000 ____D C:\Users\Jordan\AppData\Local\ElevatedDiagnostics
2016-09-03 14:30 - 2016-09-03 14:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_HIDWiimote_01009.Wdf
2016-09-03 14:29 - 2016-09-03 14:29 - 00000000 ____D C:\Program Files\DIFX
2016-09-03 14:28 - 2016-09-03 14:28 - 00000000 ____D C:\Users\Jordan\Downloads\HID-Wiimote_Win-7-8-8.1-10_64Bit
2016-09-03 14:19 - 2016-09-03 14:19 - 02022811 _____ C:\Users\Jordan\Downloads\HID-Wiimote_Win-7-8-8.1-10_64Bit.zip
2016-09-03 14:17 - 2016-09-03 14:17 - 03207238 _____ C:\Users\Jordan\Downloads\a32162543a53a6e2e42686f6f464ab7d
2016-09-03 14:17 - 2016-09-03 14:17 - 00134270 _____ C:\Users\Jordan\Downloads\0e8b216bff4b9d5e4f0c679375b5b66e

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-25 17:20 - 2016-08-03 22:09 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-25 17:19 - 2016-08-05 23:01 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2016-09-25 17:18 - 2016-08-05 22:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-09-25 17:11 - 2009-07-14 00:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-25 17:11 - 2009-07-14 00:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-25 17:04 - 2016-08-08 17:20 - 00000000 ___RD C:\Users\Jordan\Google Drive
2016-09-25 17:03 - 2016-08-08 13:33 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-25 17:03 - 2016-08-04 05:33 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-25 17:03 - 2016-08-03 22:09 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-25 17:03 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-24 18:23 - 2016-08-06 00:09 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-23 23:36 - 2016-08-14 18:58 - 00000000 ____D C:\Users\Jordan\Documents\Finale Files
2016-09-20 20:49 - 2016-08-03 23:21 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-20 20:48 - 2016-08-03 23:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-09-20 20:35 - 2009-07-14 01:13 - 00781782 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-20 20:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-09-20 11:05 - 2009-07-14 00:45 - 00520024 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-20 00:59 - 2016-08-08 19:16 - 00000000 ____D C:\Users\Jordan\temp
2016-09-20 00:48 - 2016-08-08 17:50 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2016-09-20 00:46 - 2016-08-08 18:02 - 00000000 ____D C:\Users\Jordan\AppData\Local\Avid
2016-09-20 00:11 - 2016-08-08 18:02 - 00001008 _____ C:\Users\Jordan\AppData\Roaming\JORDAN-PC.MTBF.txt
2016-09-20 00:03 - 2016-08-08 20:46 - 00000000 ____D C:\Users\Jordan\AppData\Local\CrashDumps
2016-09-19 23:50 - 2016-08-08 19:17 - 00006144 _____ C:\Users\Jordan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-09-19 22:14 - 2016-08-22 00:19 - 00000600 _____ C:\Users\Jordan\AppData\Local\PUTTY.RND
2016-09-19 22:14 - 2016-08-22 00:14 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\FileZilla
2016-09-19 14:08 - 2016-08-08 21:12 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Spotify
2016-09-19 14:08 - 2016-08-08 21:12 - 00000000 ____D C:\Users\Jordan\AppData\Local\Spotify
2016-09-19 12:24 - 2016-08-01 08:53 - 00000000 ____D C:\Users\Jordan
2016-09-19 12:09 - 2016-08-20 21:23 - 00000000 ____D C:\Program Files (x86)\Finale 2010
2016-09-19 12:07 - 2016-08-03 22:09 - 00153376 _____ C:\Users\Jordan\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-19 11:58 - 2016-08-04 05:30 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-19 11:58 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-09-18 22:21 - 2016-08-03 22:10 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-18 22:21 - 2016-08-03 22:10 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-18 22:07 - 2016-08-08 19:48 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-12 23:09 - 2016-08-14 18:57 - 00000000 ____D C:\Program Files (x86)\Finale 2014.5
2016-09-12 22:13 - 2016-08-01 08:53 - 00000000 ____D C:\Users\Jordan\AppData\Local\VirtualStore
2016-09-12 18:34 - 2016-08-21 09:28 - 00000000 ____D C:\ProgramData\TEMP
2016-09-10 14:36 - 2016-06-20 17:29 - 00050008 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys
2016-09-10 14:36 - 2016-06-02 22:39 - 00126360 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2016-09-10 14:33 - 2016-06-20 17:51 - 00305496 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-09-10 14:19 - 2016-08-05 23:01 - 00000000 ____D C:\Program Files\Common Files\AV
2016-09-10 14:18 - 2016-08-05 22:56 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-09-10 14:16 - 2016-08-05 22:58 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-09-08 10:44 - 2016-08-22 00:24 - 00000000 ____D C:\Users\Jordan\Documents\SU NILDRR Research Project
2016-09-03 16:56 - 2016-08-14 23:05 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-03 15:25 - 2016-08-08 20:51 - 00000000 ____D C:\Users\Public\Documents\FsPassengers
2016-09-03 14:28 - 2016-03-03 14:41 - 00025232 _____ C:\Windows\system32\Drivers\HIDWiimote.sys
2016-09-03 14:28 - 2016-03-03 14:41 - 00007744 _____ C:\Windows\system32\Drivers\HIDMiniport.sys

==================== Files in the root of some directories =======

2016-08-08 18:02 - 2016-09-20 00:11 - 0001008 _____ () C:\Users\Jordan\AppData\Roaming\JORDAN-PC.MTBF.txt
2016-09-03 15:44 - 2016-09-03 15:44 - 0000431 _____ () C:\Users\Jordan\AppData\Roaming\WiinUSoft_prefs.config
2016-08-08 18:02 - 2016-09-20 00:59 - 0000676 _____ () C:\Users\Jordan\AppData\Roaming\__AvidCloudManager.log
2016-08-08 18:02 - 2016-09-20 00:45 - 0000676 _____ () C:\Users\Jordan\AppData\Roaming\__AvidCloudManagerPrevious.log
2016-08-08 19:17 - 2016-09-19 23:50 - 0006144 _____ () C:\Users\Jordan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-22 00:19 - 2016-09-19 22:14 - 0000600 _____ () C:\Users\Jordan\AppData\Local\PUTTY.RND

Some files in TEMP:
====================
C:\Users\Jordan\AppData\Local\Temp\AutoRun.exe
C:\Users\Jordan\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Jordan\AppData\Local\Temp\drm_dyndata_7330011.dll
C:\Users\Jordan\AppData\Local\Temp\EAInstall.dll
C:\Users\Jordan\AppData\Local\Temp\madden_inst.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION


LastRegBack: 2016-09-12 19:19

==================== End of FRST.txt ============================

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2016
Ran by Jordan (25-09-2016 17:39:33)
Running from C:\Users\Jordan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-08-01 12:53:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1466031636-3715157435-865888265-500 - Administrator - Disabled)
Guest (S-1-5-21-1466031636-3715157435-865888265-501 - Limited - Disabled)
Jordan (S-1-5-21-1466031636-3715157435-865888265-1000 - Administrator - Enabled) => C:\Users\Jordan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

777 Captain (777-200) Base Pack [FSX/SE] 1.70 FSX-SE (HKLM-x32\...\x772_stm) (Version: 1.70 - © 1999-2016 Captain Sim)
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Active@ File Recovery 15 (HKLM\...\{177608F6-F029-4301-B176-15BA7C605B73}_is1) (Version: 15 - LSoft Technologies Inc)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.45.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\Adobe Shockwave Player) (Version: 10.2.0.22 - Adobe Systems, Inc.)
Ansel (Version: 368.81 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
EaseUS MobiSaver for Android version 5.0 (HKLM-x32\...\{82D2239C-0F46-4446-B3CA-810A07BF7A6E}_is1) (Version: 5.0 - CHENGDU YIWO Tech Development Co., Ltd.)
Eassos PartitionGuru 4.8.0 (HKLM\...\{FC4FF5F4-2265-4E18-8BBC-12CBA9794388}_is1) (Version:  - Eassos Co., Ltd.)
File Repair (HKLM-x32\...\File Repair_is1) (Version:  - File Repair)
FileZilla Client 3.20.1 (HKLM-x32\...\FileZilla Client) (Version: 3.20.1 - Tim Kosse)
Finale (HKLM\...\{48133FCD-8D55-4D52-A668-D1A988FC00C4}) (Version: 25.0.0.6858 - MakeMusic)
FsPassengersX for Microsoft Flight Simulator X (HKLM-x32\...\FsPassengersX) (Version: 20160123 - SecondReality Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
ImagePrinter Pro 6.1 (HKLM\...\ImagePrinter Pro 6.1_is1) (Version:  - Code Industry Ltd.)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Madden NFL 08 (HKLM-x32\...\{A3BC1DBD-64D6-4EBC-0091-24C811662D40}) (Version:  - Electronic Arts)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
M-Audio MIDISPORT 6.1.3 (x64) (HKLM\...\{AED2A1D4-19B4-4692-8004-E1A3E8A9E85B}) (Version: 6.1.3 - M-Audio)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.62615.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62615.0 - Microsoft Corporation)
Microsoft Flight Simulator X: Steam Edition (HKLM\...\Steam App 314160) (Version:  - Microsoft Game Studios)
Microsoft IntelliPoint 8.0 (HKLM\...\{2BF35D84-6377-4F70-9F39-97CF67E67FFF}) (Version: 8.01.249.0 - Microsoft)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7167.2060 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MMFonts (HKLM-x32\...\{1DD5D3E6-8DF5-4657-8825-713C499CDCC0}) (Version: 1.1.1.1 - MakeMusic, Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.5.2.880 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7167.2060 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7167.2060 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7167.2060 - Microsoft Corporation) Hidden
Phase Shift (HKLM-x32\...\Phase Shift) (Version: 1.27 - DWSK)
Pinnacle Studio 16 - Install Manager (HKLM-x32\...\{F1886CD7-9F73-417A-92E9-7E0AB0F0E099}) (Version: 16.10.115 - Corel Corporation)
Pinnacle Studio 16 (HKLM-x32\...\{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}) (Version: 16.1.0.115 - Corel Corporation)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
RescuePRO Deluxe 5.2.6.1 (HKLM-x32\...\{38D9AAB8-116B-40BB-A801-50B71DF82D24}_is1) (Version: 5.2.6.1 - LC Technology International, Inc.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.0.11034_5 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.0.0.11034_5 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2250.0 - SAMSUNG Electronics Co., Ltd.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\Spotify) (Version: 1.0.34.146.g28f9eda2 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synthesia (HKLM-x32\...\Synthesia) (Version: 10.2 - Synthesia LLC)
Tapspace Virtual Drumline 2.5 (HKLM-x32\...\Tapspace Virtual Drumline 2.5) (Version:  - )
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Yodot Recovery Software (HKLM\...\{3D0B1313-049A-4C70-B8CC-9AFB84109F89}_is1) (Version: 1.0.0.3 - Yodot Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1466031636-3715157435-865888265-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Jordan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-1466031636-3715157435-865888265-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jordan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06C6B8E4-B7F0-4BD7-825C-D5CFC73B6600} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {0B808A52-7A20-4549-84D9-E8207C5C6D37} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-09-05] (Microsoft Corporation)
Task: {28718E29-EDE7-4EC4-895C-3C7BBE42C2B5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-09-05] (Microsoft Corporation)
Task: {49B5C5C7-7D83-41C5-8818-F50FDE66AC22} - System32\Tasks\{3620B627-84D3-4CBC-80C0-AF3BA95C485F} => C:\Users\Jordan\Downloads\WiinUPro Beta 7.1 64-Bit\WiinUPro Beta 7.1 64-Bit\WiinUPro.exe [2016-09-03] ()
Task: {793D5B8B-86F6-47BB-A961-5EE9754AE934} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-09-20] (Microsoft Corporation)
Task: {85A82A2C-8A86-4952-A8C3-5413EC0A8014} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.)
Task: {962AF98D-44FB-46FD-B4D2-F7F80DE31CD5} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-01-07] (Microsoft Corporation)
Task: {BBF864F3-8507-4FA6-A5B2-95D94CEDCAFF} - System32\Tasks\{38529C00-6B47-4D74-9062-D289D6496CF0} => C:\Users\Jordan\Downloads\WiinUPro Beta 7.1 64-Bit\WiinUPro Beta 7.1 64-Bit\WiinUPro.exe [2016-09-03] ()
Task: {C36A89F9-793F-4433-9D0B-7021DFE09A55} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {D68100E6-C929-4806-BFD9-06166D606B75} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.)
Task: {D961528C-1B46-4F1C-8578-C5043DB405DB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {DB7100B3-7719-4057-B5DF-1F911639133C} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {EFDBB2BC-AEB7-45E2-9768-86E73EE83341} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-08-04 05:31 - 2016-07-10 19:17 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-08-04 05:33 - 2016-06-14 16:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-08-04 05:33 - 2016-06-14 16:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-08-04 05:33 - 2016-06-14 16:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-08-04 05:33 - 2016-06-14 16:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-08-04 05:33 - 2016-06-14 16:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-08-04 05:33 - 2016-06-14 16:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-08-04 05:33 - 2016-06-14 16:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-08-04 05:33 - 2016-06-14 16:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-08-03 23:23 - 2016-09-20 20:45 - 08921800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-08-03 11:45 - 2016-08-03 11:45 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-08-04 05:33 - 2016-06-14 16:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-08-04 05:33 - 2016-06-14 16:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2011-03-21 11:57 - 2011-03-21 11:57 - 00019872 _____ () C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
2016-09-18 22:21 - 2016-09-13 22:52 - 02280264 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll
2016-09-18 22:21 - 2016-09-13 22:52 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll
2016-08-04 05:33 - 2016-06-14 16:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-08-08 13:33 - 2016-09-07 23:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-08-08 13:33 - 2016-08-31 21:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-08-08 13:33 - 2016-08-31 21:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-08-08 13:33 - 2016-08-31 21:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-08-08 13:33 - 2016-09-20 15:28 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2016-08-08 13:33 - 2016-01-27 03:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-08-08 13:33 - 2016-01-27 03:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-08-08 13:33 - 2016-01-27 03:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-08-08 13:33 - 2016-01-27 03:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-08-08 13:33 - 2016-01-27 03:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-08-08 13:33 - 2016-09-20 15:28 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-08-08 13:33 - 2016-07-04 18:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-09-25 17:03 - 2016-09-25 17:03 - 00098816 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32api.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00110080 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\pywintypes27.dll
2016-09-25 17:03 - 2016-09-25 17:03 - 00364544 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\pythoncom27.dll
2016-09-25 17:03 - 2016-09-25 17:03 - 00320512 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32com.shell.shell.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00776704 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\_hashlib.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 01176576 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\wx._core_.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00806400 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\wx._gdi_.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00816128 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\wx._windows_.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 01067008 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\wx._controls_.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00733184 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\wx._misc_.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00682496 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\pysqlite2._sqlite.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00088064 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\_ctypes.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00119808 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32file.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00108544 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32security.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00007168 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\hashobjs_ext.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00017920 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\thumbnails_ext.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00088064 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\usb_ext.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00012800 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\common.time34.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00018432 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32event.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00167936 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32gui.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00046080 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\_socket.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 01208320 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\_ssl.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00128512 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\_elementtree.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00127488 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\pyexpat.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00038912 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32inet.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00036864 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\_psutil_windows.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00525208 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\windows._lib_cacheinvalidation.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00011264 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32crypt.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00077312 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\wx._html2.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00027136 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\_multiprocessing.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00020480 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\_yappi.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00035840 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32process.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00686080 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\unicodedata.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00078848 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\wx._animate.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00123392 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\wx._wizard.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00024064 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32pipe.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00010240 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\select.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00025600 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32pdh.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00017408 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32profile.pyd
2016-09-25 17:03 - 2016-09-25 17:03 - 00022528 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32ts.pyd
2016-08-22 20:08 - 2016-08-22 20:08 - 00055816 _____ () C:\Users\Jordan\AppData\Local\Temp\e3c74ee6-7482-4280-b9c3-f233b390296e\CliSecureRT.dll
2016-08-08 13:33 - 2016-08-04 16:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:4ABA35EE [212]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1466031636-3715157435-865888265-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BF59ACA1-3D3A-4AFF-9F11-4EA1F5D26493}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{69BFF4B4-C284-4F08-92AA-C59B144782BD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{89AB3BB3-B9B6-4319-9246-0D22CD7A6B93}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{39AD32C3-0F5C-4790-86B7-66F621380E8E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{142BD102-7E4E-43F4-A809-E6E9FE8D7D63}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1E67B3CC-A0B9-436E-8883-3FC1A7496860}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2257C3ED-8F7E-4B3D-911A-A040B7BF0BAB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5E7982C6-04A1-4E23-BA6D-E44E7F3A7B15}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{33066F06-A818-4487-870C-6E058DD2DFD7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3C535198-2E60-4696-8366-C59E9CC33470}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{293E7EBF-BF06-45F2-BE5B-15A75129C6CC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6EF2B778-3670-4CB5-A93C-77A256080C51}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9071145F-39AF-4B15-9D48-5CC7F2FDDA23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe
FirewallRules: [{025DD1CF-84DF-4DF0-B708-AA664B19A20B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe
FirewallRules: [{56519AEA-C6DA-4ED5-AB86-62E93FDE8A05}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exe
FirewallRules: [{5446968C-D235-4C26-B7DD-9DD3EFB41672}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exe
FirewallRules: [{9384BB78-4C10-4E53-A72F-F4081E4C123B}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exe
FirewallRules: [{461AE6E2-5C7A-42A2-85CA-49C5E58AA4DF}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exe
FirewallRules: [{7A48ED72-57E6-468F-9CDB-B5DC318E54F4}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exe
FirewallRules: [{D65D0E1F-63B8-4503-87E0-F299F849FE26}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exe
FirewallRules: [{F2A0A098-75C8-428B-8181-BE4B1B78DAF1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C8E8454C-DBDB-419F-BA7D-ACCEB307B56F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5CD73A16-61D5-470A-BAF2-0DA8D829DB44}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A6C5B532-3D4D-4A02-9389-DC199AE9DD19}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2CD52EA7-912D-4783-A42C-4A40412E3C15}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E86E914A-33E6-4759-879A-9B350C059557}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{D024D31D-BE3C-46F2-800E-18B196FC3D62}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{83B0E116-6B60-462E-90D6-E97CD6EC0C37}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-09-2016 14:58:25 Windows Update
12-09-2016 23:08:01 Removed Finale 2014.5
19-09-2016 11:56:13 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
19-09-2016 11:57:03 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
19-09-2016 11:57:46 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
19-09-2016 11:59:21 Installed Finale
20-09-2016 01:27:06 Windows Update
21-09-2016 00:57:45 Windows Update

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/25/2016 05:04:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/24/2016 06:16:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/23/2016 08:05:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/23/2016 03:13:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/21/2016 10:33:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/20/2016 08:50:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/20/2016 08:30:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/20/2016 11:06:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/20/2016 12:02:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Acrobat.exe, version: 15.17.20050.61080, time stamp: 0x5774fb5a
Faulting module name: Updater.api_unloaded, version: 0.0.0.0, time stamp: 0x5774f9f1
Exception code: 0xc0000005
Fault offset: 0x5f856666
Faulting process id: 0x1880
Faulting application start time: 0x01d212f3b8ba6d65
Faulting application path: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Faulting module path: Updater.api
Report Id: 1dfbc06d-7ee7-11e6-ace4-e06995daf5de

Error: (09/20/2016 12:02:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Acrobat.exe, version: 15.17.20050.61080, time stamp: 0x5774fb5a
Faulting module name: Updater.api_unloaded, version: 0.0.0.0, time stamp: 0x5774f9f1
Exception code: 0xc0000005
Fault offset: 0x5f86861a
Faulting process id: 0x1880
Faulting application start time: 0x01d212f3b8ba6d65
Faulting application path: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Faulting module path: Updater.api
Report Id: 1851ee62-7ee7-11e6-ace4-e06995daf5de


System errors:
=============
Error: (09/23/2016 08:05:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (09/23/2016 08:05:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (09/20/2016 11:11:26 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (09/19/2016 10:26:24 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (09/18/2016 11:23:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP17.0.0 service.

Error: (09/18/2016 09:58:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Streamer Service service to connect.

Error: (09/13/2016 03:37:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Office Click-to-Run Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (09/13/2016 03:37:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Office Click-to-Run Service service to connect.

Error: (09/12/2016 09:03:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Office Click-to-Run Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (09/12/2016 09:03:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Office Click-to-Run Service service to connect.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 37%
Total physical RAM: 8172.31 MB
Available physical RAM: 5073.5 MB
Total Virtual: 16342.81 MB
Available Virtual: 12752.08 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1397.17 GB) (Free:1224.66 GB) NTFS
Drive e: () (Fixed) (Total:149.04 GB) (Free:6.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 564EE687)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1397.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 48E2519E)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

There's nothing really suspicious in your FRST logs, only a few entries that needs to be corrected. We'll also run JRT and AdwCleaner to see if they can catch anything.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

iT103hr.pngJunkware Removal Tool (JRT)

  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;

Your next reply(ies) should include:

  • Copy/pasted content of the FRST fixlog.txt;
  • Copy/pasted content of JRT.txt;
  • Copy/pasted content of AdwCleaner's clean log;

fixlist.txt

Link to post
Share on other sites

Because my browser would not allow me to copy/paste text, I have attached the logs.

Also when running the FRST fix, Kaspersky discovered the FRST64.exe as malware, specifically PDM:Trojan.Win32.Generic. Kaspersky asked me if I wanted to disinfect the infection with or without restarting my computer, and I chose to disinfect without restart. After doing so, Kaspersky told me "the malware action has now been rolled back" and a registry entry had been restored. Although the actual FRST64.exe file remains in quarantine.

Fixlog.txt

JRT.txt

AdwCleaner[S0].txt

Link to post
Share on other sites

Alright, it looks like copy/paste is working again on the browser, so here are the results of the new Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-09-2016
Ran by Jordan (26-09-2016 17:55:10) Run:2
Running from C:\Users\Jordan\Desktop
Loaded Profiles: Jordan (Available Profiles: Jordan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION

AlternateDataStreams: C:\ProgramData\TEMP:4ABA35EE [212]

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.

=========================  bcdedit ========================


The operation completed successfully.

========= End of bcdedit =========

C:\ProgramData\TEMP => ":4ABA35EE" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 42877728 B
Java, Flash, Steam htmlcache => 51697754 B
Windows/system/drivers => 147168264 B
Edge => 0 B
Chrome => 98167868 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558406 B
systemprofile32 => 66088 B
LocalService => 0 B
NetworkService => 45504 B
Jordan => 454591166 B

RecycleBin => 748 B
EmptyTemp: => 821.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:55:46 ====

Link to post
Share on other sites

Good :) Well the FRST fix went through, JRT and AdwCleaner didn't pick up anything worthy as well. Your computer looks pretty clean to me. Were there any other issues (that you think are malware related) you would like me to check before we finish, or was this all?

Link to post
Share on other sites

No problem! Since your logs don't show any sign of infection anymore, I guess we're done here. We'll just finish up with DelFix to delete the tools and logs that were used during this clean-up.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.

  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options :
    • Activate UAC;
    • Remove disinfection tools;
    • Create registry backup;
    • Purge system restore;
    • Reset system settings;
  • Once all the options mentionned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply;

warning.gifOutdated Programs Warning!

I noticed that you have outdated vulnerable programs installed on your system. I'll ask you to uninstall them since keeping outdated software installed on a system puts it more at risk of being infected. Otherwise, you can update them right now, and make sure that their outdated version is uninstalled after. We will reinstall these programs at the end of the clean-up if you decide to uninstall them now, and need them after.

  • Adobe Flash Player ActiveX
  • Adobe Shockwave Player


If you have an issue when uninstalling a program, please let me know.

Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.

Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eLDnJfI.pngSecuniaPSI and dqVs5wj.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

Antivirus, Antimalware, Firewall and Anti-Exploit/Ransomware

Having a decent security setup (led by an Antivirus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

Antivirus

Antimalware

Firewall
Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.

  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages);
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall;
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it;

Anti-Exploit/Anti-Ransomware

Web Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits. 

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.

  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome and Mozilla Firefox, called uBlock on Opera);
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera);
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers);
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers);
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera);
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser);

As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:


As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :


gRvSooB.pngThe End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on Malwarebytes Forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread? :)

Link to post
Share on other sites

Here we go, the final log! Thanks very much for your help!

# DelFix v1.013 - Logfile created 27/09/2016 at 13:06:17
# Updated 17/04/2016 by Xplode
# Username : Jordan - JORDAN-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Jordan\Desktop\Addition.txt
Deleted : C:\Users\Jordan\Desktop\AdwCleaner.exe
Deleted : C:\Users\Jordan\Desktop\Fixlog.txt
Deleted : C:\Users\Jordan\Desktop\FRST.txt
Deleted : C:\Users\Jordan\Desktop\FRST64.exe
Deleted : C:\Users\Jordan\Desktop\JRT.exe
Deleted : C:\Users\Jordan\Desktop\JRT.txt

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #61 [Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 | 09/19/2016 15:56:13]
Deleted : RP #62 [Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 | 09/19/2016 15:57:03]
Deleted : RP #63 [Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 | 09/19/2016 15:57:46]
Deleted : RP #64 [Installed Finale | 09/19/2016 15:59:21]
Deleted : RP #65 [Windows Update | 09/20/2016 05:27:06]
Deleted : RP #66 [Windows Update | 09/21/2016 04:57:45]
Deleted : RP #68 [Restore Point Created by FRST | 09/26/2016 21:08:23]
Deleted : RP #69 [JRT Pre-Junkware Removal | 09/26/2016 21:10:59]
Deleted : RP #71 [Restore Point Created by FRST | 09/26/2016 21:55:15]
Deleted : RP #72 [Installed FSX Google Earth Tracker | 09/26/2016 22:49:24]
Deleted : RP #73 [Windows Update | 09/26/2016 23:19:09]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.