jenksy Posted February 6, 2017 ID:1099310 Share Posted February 6, 2017 Suspecting I have an infection I installed Malwarebytes and sure enough I'm receiving several notifications indicating a Website is blocked, each time with a different (very-suspicious) domain and IP address. It appears to be coming from C:\Windows\System32\rundll32.exe (screenshot attached). I've attached my Additiional.txt and my FRST.txt is below: PLEASE HELP, and THANK YOU in advance!! Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017 Ran by jenksy (administrator) on R5 (05-02-2017 21:49:09) Running from C:\Users\jenksy\Desktop Loaded Profiles: jenksy (Available Profiles: jenksy) Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki119562.inf_amd64_6a130ba6366a3570\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe (Code 42 Software) C:\Program Files\CrashPlan\CrashPlanService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe (Intel Corporation) C:\Windows\System32\ibtsiva.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Alienware) C:\Program Files\Alienware\Command Center\ThermalsWindowsService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe (Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki119562.inf_amd64_6a130ba6366a3570\igfxEM.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Alienware) C:\Program Files\Alienware\Command Center\ThermalController.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (TechSmith Corporation) C:\Program Files (x86)\Snagit 11\Snagit32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe (Blue Jeans) C:\Users\jenksy\AppData\Local\Blue Jeans\App\BlueJeans.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (TechSmith Corporation) C:\Program Files (x86)\Snagit 11\TscHelp.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (TechSmith Corporation) C:\Program Files (x86)\Snagit 11\SnagPriv.exe (Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (TechSmith Corporation) C:\Program Files (x86)\Snagit 11\SnagitEditor.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamuseragent.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe (Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe (Dell) C:\Program Files\Alienware\Dell Foundation Services\DFSSvc.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Inc.) C:\Program Files (x86)\Alienware Update\DellUpService.exe (Dell Inc.) C:\Program Files (x86)\Alienware Update\DellUpTray.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Dell) C:\Program Files\Alienware\Alienware Product Registration\PRSvc.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Dell) C:\Program Files\Alienware\Dell Foundation Services\DFS.Common.Agent.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8861208 2016-09-15] (Realtek Semiconductor) HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13720 2016-03-09] (Alienware) HKLM\...\Run: [Marcs Updater] => C:\Program Files\Marcs Updater\Marcs Updater.exe [879976 2013-04-19] (Marc Hörsken) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [16286840 2016-08-29] (Logitech Inc.) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-23] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322120 2016-04-28] (Intel Corporation) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-09-24] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26219896 2017-01-30] (Dropbox, Inc.) HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.) HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe [11054800 2016-09-14] (Corsair Components, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKU\S-1-5-21-1846019180-1375671099-2972171178-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation) HKU\S-1-5-21-1846019180-1375671099-2972171178-1001\...\Run: [Zoom] => 0 HKU\S-1-5-21-1846019180-1375671099-2972171178-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1846019180-1375671099-2972171178-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1846019180-1375671099-2972171178-1001\...\Run: [Windows Performance Monitor] => rundll32.exe "C:\Users\jenksy\AppData\Local\Microsoft\Performance\Monitor\PerformanceMonitor.dll",DllInstall HKU\S-1-5-21-1846019180-1375671099-2972171178-1001\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-1846019180-1375671099-2972171178-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-08-30] ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk [2016-09-17] ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\Snagit 11\Snagit32.exe (TechSmith Corporation) Startup: C:\Users\jenksy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bluejeans-helper.vbs [2017-01-09] () GroupPolicy: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 208.67.220.220 192.168.1.1 Tcpip\..\Interfaces\{5aa050e3-13d0-4405-bc58-87d702a282cb}: [DhcpNameServer] 208.67.220.220 192.168.1.1 Tcpip\..\Interfaces\{c5a78410-b9d5-4dc1-8211-eaaf75f28749}: [DhcpNameServer] 208.67.220.220 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-1846019180-1375671099-2972171178-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE HKU\S-1-5-21-1846019180-1375671099-2972171178-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE HKU\S-1-5-21-1846019180-1375671099-2972171178-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alienwarearena.com/welcome-ca-e SearchScopes: HKU\S-1-5-21-1846019180-1375671099-2972171178-1001 -> DefaultScope {3C836957-33F4-4444-BC38-E60B25473EFB} URL = SearchScopes: HKU\S-1-5-21-1846019180-1375671099-2972171178-1001 -> {3C836957-33F4-4444-BC38-E60B25473EFB} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-28] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22] (Oracle Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22] (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2015-09-24] (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-01-28] (Microsoft Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-08-11] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-28] (Microsoft Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated) DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T30L10NSP14-10100/webex/ieatgpc1.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://access.neteller.com/dana-cached/sc/JuniperSetupClient.cab Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-28] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-28] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-28] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-28] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: 7ciyjm5s.default FF ProfilePath: C:\Users\jenksy\AppData\Roaming\Mozilla\Firefox\Profiles\7ciyjm5s.default [2016-12-24] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-10-08] [not signed] FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-22] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-22] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-28] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-28] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://jordan/ CHR StartupUrls: Default -> "hxxps://ca.search.yahoo.com/?fr=spigot-yhp-gcmac&ilc=12&type=997063" CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default [2017-02-05] CHR Extension: (Google Slides) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-07] CHR Extension: (BetterTTV) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-10-08] CHR Extension: (Google Docs) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-07] CHR Extension: (Google Drive) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-07] CHR Extension: (Regex Search) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcdabfmndggphffkchfdcekcokmbnkjl [2016-09-07] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-09-07] CHR Extension: (WhatsChrome) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgkodfmeijboinjdegggmkbkjfiagaan [2016-09-07] CHR Extension: (Signal Private Messenger) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bikioccmkafdpakkkcpdbppfkghcmihk [2017-01-30] CHR Extension: (YouTube) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-07] CHR Extension: (Google Cast) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-12-28] CHR Extension: (Chromoji - Emoji for Google Chrome) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2016-10-24] CHR Extension: (DownAlbum) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok [2017-01-30] CHR Extension: (Pushbullet) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2016-10-27] CHR Extension: (Open Tab In New Process) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmabfeonjnioeecnjdgdjleoemncbfpg [2016-09-07] CHR Extension: (Tampermonkey) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-01-03] CHR Extension: (Innovative Exams Screensharing) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkbjhjljfaagngbdhomnlcheiiangfle [2016-12-22] CHR Extension: (Postman - REST Client) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdmmgilgnpjigdojojpjoooidkmcomcm [2016-09-17] CHR Extension: (Google Sheets) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-07] CHR Extension: (Postman) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2016-12-14] CHR Extension: (Window Expander For YouTube) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpaakpeehepibjpdmoocdaonognfiog [2016-09-07] CHR Extension: (Chrome Remote Desktop) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-09-07] CHR Extension: (The QR Code Generator) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2016-09-07] CHR Extension: (Google Docs Offline) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-07] CHR Extension: (AdBlock) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-30] CHR Extension: (TweetDeck by Twitter) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2016-09-07] CHR Extension: (LastPass: Free Password Manager) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-01-30] CHR Extension: (AirDroid) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgndiocipalkpejnpafdbdlfdjihomd [2016-09-07] CHR Extension: (90`s Games) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\illbbfoihflomkbpcaaakhijinbnejom [2016-09-07] CHR Extension: (Dropbox) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2016-09-07] CHR Extension: (Multi Forward for Gmail) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjmdplljmniahpamcmabdnahmjdlikpm [2016-11-07] CHR Extension: (Markdown Preview) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmchmkecamhbiokiopfpnfgbidieafmd [2016-09-07] CHR Extension: (Web Scraper) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnhgnonknehpejjnehehllkliplmbmhn [2016-11-16] CHR Extension: (Reddit Enhancement Suite) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-12-18] CHR Extension: (Any.do Extension) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2016-09-07] CHR Extension: (Wave Accounting) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa [2016-09-07] CHR Extension: (CodinGame Sync - Ext) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjnbdgcceengbjkalemckffhaajkehd [2016-09-07] CHR Extension: (Unofficial HipChat) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdomahdfnkdhjfkennlfhagbjamalkb [2016-09-07] CHR Extension: (cookie.txt export) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lopabhfecdfhgogdbojmaicoicjekelh [2016-09-07] CHR Extension: (Chrome Web Store Payments) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18] CHR Extension: (Blue Jeans Meeting) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nodamnmigpadbnfioofpbacngdlcidgn [2017-02-01] CHR Extension: (Visualping) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2016-09-07] CHR Extension: (Evernote Web Clipper) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-12-20] CHR Extension: (Gmail) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-07] CHR Extension: (Chrome Media Router) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AlienFXWindowsService; C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe [14744 2016-03-09] (Alienware) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1404936 2016-09-07] () R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe [72024 2017-01-03] (Google Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3697352 2017-01-29] (Microsoft Corporation) S2 CLKMSVC10_3CD7F304; C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Common\NavFilter\KmSvc.exe [312088 2016-05-09] (CyberLink) S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\ki119562.inf_amd64_6a130ba6366a3570\IntelCpHeciSvc.exe [301528 2016-11-24] (Intel Corporation) S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\ki119562.inf_amd64_6a130ba6366a3570\IntelCpHDCPSvc.exe [480216 2016-11-24] (Intel Corporation) R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [266112 2016-10-17] (Code 42 Software) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-07] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-07] (Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-01-30] (Dropbox, Inc.) R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.) R2 Dell Foundation Services; C:\Program Files\Alienware\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell) R2 DellUpdate; C:\Program Files (x86)\Alienware Update\DellUpService.exe [229376 2016-05-02] (Dell Inc.) S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-08-11] (Futuremark) R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2016-04-28] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\ki119562.inf_amd64_6a130ba6366a3570\igfxCUIService.exe [341976 2016-11-24] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-07-06] (Intel Corporation) [File not signed] S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC) R2 IRMTService; c:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe [182336 2015-09-10] (Intel Corporation) R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-07-06] () [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2016-01-21] (Intel Corporation) R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [454872 2016-02-12] (Rivet Networks) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-08-29] (Logitech Inc.) S2 Marcs Updater; C:\Program Files\Marcs Updater\Marcs Updater.exe [879976 2013-04-19] (Marc Hörsken) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-10-28] () R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-01-05] (NVIDIA Corporation) R3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-01-05] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2017-01-05] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2121736 2017-01-28] (Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2183696 2017-01-28] (Electronic Arts) R2 Product Registration; C:\Program Files\Alienware\Alienware Product Registration\PRSvc.exe [80208 2016-09-22] (Dell) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2015-09-02] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [332048 2016-09-15] (Realtek Semiconductor) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 ThermalsWindowsService; C:\Program Files\Alienware\Command Center\ThermalsWindowsService.exe [14232 2016-03-09] (Alienware) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-10-28] (Intel® Corporation) R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X] S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [144456 2016-02-12] (Rivet Networks, LLC.) S3 blackberryncm; C:\WINDOWS\System32\drivers\blackberryncm6_AMD64.sys [36360 2016-04-06] (BlackBerry) R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45056 2016-09-09] (Corsair) R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [22520 2016-09-09] (Corsair) S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32464 2016-01-05] (Dell Computer Corporation) S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2016-01-05] (Dell Computer Corporation) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] () S3 iaLPSS2_SPI; C:\WINDOWS\System32\drivers\iaLPSS2_SPI.sys [152376 2016-01-22] (Intel Corporation) R3 iaLPSS2_UART2; C:\WINDOWS\System32\drivers\iaLPSS2_UART2.sys [281400 2016-01-22] (Intel Corporation) R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation) R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\ki119562.inf_amd64_6a130ba6366a3570\igdkmd64.sys [11039704 2016-11-24] (Intel Corporation) R3 IntelReadyModeDriver; C:\WINDOWS\System32\drivers\IntelReadyModeDriver.sys [33512 2015-09-10] (Intel Corporation) R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [162456 2016-02-12] (Qualcomm Atheros, Inc.) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-08-29] (Logitech Inc.) R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2016-08-29] (Logitech Inc.) S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [49312 2014-11-10] (Visicom Media Inc.) R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-05] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-05] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-05] (Malwarebytes) R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-05] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-05] (Malwarebytes) S3 mc2avs; C:\WINDOWS\System32\Drivers\mc2avs.sys [358520 2012-06-06] (Native Instruments GmbH) S3 mc2usb_svc; C:\WINDOWS\System32\Drivers\mc2usb.sys [81016 2012-06-06] (Native Instruments GmbH) S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [36000 2014-11-10] (Visicom Media Inc.) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvddi.inf_amd64_ecf4171f88569c29\nvlddmkm.sys [14200880 2016-12-12] (NVIDIA Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-01-05] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-01-05] (NVIDIA Corporation) R3 Phosgene; C:\WINDOWS\system32\DRIVERS\Phosgene.sys [34136 2015-09-02] (Adoriasoft LLC) U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [92344 2017-02-03] (Sysinternals - www.sysinternals.com) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-01-16] (Oracle Corporation) R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205440 2017-01-16] (Oracle Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation) S3 dbx; system32\DRIVERS\dbx.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-05 21:43 - 2017-02-05 21:49 - 00043094 _____ C:\Users\jenksy\Desktop\FRST.txt 2017-02-05 21:43 - 2017-02-05 21:49 - 00000000 ____D C:\FRST 2017-02-05 21:39 - 2017-02-05 21:42 - 02421248 _____ (Farbar) C:\Users\jenksy\Desktop\FRST64.exe 2017-02-05 21:31 - 2017-02-05 21:33 - 47683808 _____ (Microsoft Corporation) C:\Users\jenksy\Downloads\Windows-KB890830-x64-V5.44 (1).exe 2017-02-05 21:30 - 2017-02-05 21:31 - 00000345 _____ C:\Users\jenksy\Downloads\fixlist.txt 2017-02-05 21:24 - 2017-02-05 21:37 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-02-05 21:24 - 2017-02-05 21:37 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-02-05 21:24 - 2017-02-05 21:37 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-02-05 21:24 - 2017-02-05 21:37 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-02-05 21:24 - 2017-02-05 21:24 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2017-02-05 21:23 - 2017-02-05 21:23 - 47683808 _____ (Microsoft Corporation) C:\Users\jenksy\Downloads\Windows-KB890830-x64-V5.44.exe 2017-02-05 21:23 - 2017-02-05 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-02-05 21:23 - 2017-02-05 21:23 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-02-05 21:23 - 2017-02-05 21:23 - 00000000 ____D C:\Program Files\Malwarebytes 2017-02-05 21:23 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-02-05 21:22 - 2017-02-05 21:22 - 55566792 _____ (Malwarebytes ) C:\Users\jenksy\Downloads\mb3-setup-consumer-3.0.6.1469.exe 2017-02-04 23:56 - 2017-02-04 23:56 - 74520472 _____ (Logitech, Inc.) C:\Users\jenksy\Downloads\lws280.exe 2017-02-04 23:06 - 2017-02-04 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2017-02-04 23:05 - 2017-02-04 23:06 - 123323224 _____ (Oracle Corporation) C:\Users\jenksy\Downloads\VirtualBox-5.1.14-112924-Win.exe 2017-02-04 22:17 - 2017-02-04 22:17 - 00000000 ____D C:\Users\jenksy\AppData\Local\aaa01f1d 2017-02-04 22:01 - 2017-02-04 22:07 - 00000000 ___HD C:\Users\jenksy\AppData\Local\SysHashTable 2017-02-04 21:59 - 2017-02-04 21:59 - 00622104 _____ C:\Users\jenksy\Downloads\White pencil.mcv 2017-02-04 21:59 - 2017-02-04 21:59 - 00189560 _____ C:\Users\jenksy\Downloads\Type.mcv 2017-02-04 21:59 - 2017-02-04 21:59 - 00163872 _____ C:\Users\jenksy\Downloads\Stained Glass.mcv 2017-02-04 21:59 - 2017-02-04 21:59 - 00107752 _____ C:\Users\jenksy\Downloads\Contours.mcv 2017-02-04 21:59 - 2017-02-04 21:59 - 00095376 _____ C:\Users\jenksy\Downloads\Black Contours.mcv 2017-02-04 21:59 - 2017-02-04 21:59 - 00095312 _____ C:\Users\jenksy\Downloads\White Contours.mcv 2017-02-04 21:59 - 2017-02-04 21:59 - 00082504 _____ C:\Users\jenksy\Downloads\Black Gradient.mcv 2017-02-04 21:59 - 2017-02-04 21:59 - 00065520 _____ C:\Users\jenksy\Downloads\Black Blobs.mcv 2017-02-04 21:59 - 2017-02-04 21:59 - 00055768 _____ C:\Users\jenksy\Downloads\Gray Lines.mcv 2017-02-04 21:59 - 2017-02-04 21:59 - 00048080 _____ C:\Users\jenksy\Downloads\Brush Art.mcv 2017-02-04 21:58 - 2017-02-04 22:01 - 00000000 ____D C:\Users\jenksy\Downloads\ManyCam 5.5 2017-02-04 21:58 - 2017-02-04 21:58 - 00064192 _____ C:\Users\jenksy\Downloads\Blur.mcv 2017-02-04 21:57 - 2017-02-04 22:03 - 00000000 ____D C:\Users\jenksy\AppData\LocalLow\uTorrent 2017-02-04 21:50 - 2017-02-04 21:54 - 00000000 ____D C:\Program Files (x86)\ManyCam 2017-02-04 21:48 - 2017-02-04 21:48 - 58509578 _____ C:\Users\jenksy\Downloads\ManyCam.Enterprise.4.1.0.12.rar 2017-02-04 20:03 - 2017-02-04 20:03 - 00000754 _____ C:\Users\jenksy\Desktop\PSX.lnk 2017-02-04 18:33 - 2017-02-04 18:33 - 00000000 ____D C:\Users\jenksy\AppData\Roaming\Blender Foundation 2017-02-04 14:23 - 2017-02-04 14:23 - 00666176 _____ C:\Users\jenksy\Downloads\pSX_1_13.rar 2017-02-04 14:22 - 2017-02-04 14:22 - 00241675 _____ C:\Users\jenksy\Downloads\SCPH7003.zip 2017-02-04 14:20 - 2017-02-04 14:20 - 00241658 _____ C:\Users\jenksy\Downloads\SCPH1001.zip 2017-02-04 14:19 - 2017-02-04 14:20 - 01381554 _____ C:\Users\jenksy\Downloads\ePSXe205.zip 2017-02-04 14:14 - 2017-02-04 14:14 - 00002116 _____ C:\Users\jenksy\Downloads\745BA8031DB4D2ED7F63266723BF420CDE4996AE.torrent 2017-02-04 14:13 - 2017-02-04 14:13 - 00000000 ____D C:\Users\jenksy\Downloads\PaRappa the Rapper (USA) (En,Fr,De,Es,It) 2017-02-04 14:07 - 2017-02-05 17:16 - 00000000 ____D C:\tmp 2017-02-04 13:39 - 2017-02-04 13:39 - 00000000 ____D C:\Users\jenksy\.thumbnails 2017-02-04 13:38 - 2017-02-04 13:38 - 00000950 _____ C:\Users\jenksy\Desktop\blender.lnk 2017-02-04 13:38 - 2017-02-04 13:38 - 00000000 ____D C:\Users\jenksy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender 2017-02-04 13:38 - 2017-02-04 13:38 - 00000000 ____D C:\Program Files\Blender 2017-02-04 13:34 - 2017-02-04 13:35 - 88088716 _____ C:\Users\jenksy\Downloads\blender-2.78a-windows64.msi 2017-02-03 21:41 - 2017-02-03 21:41 - 00000132 _____ C:\Users\jenksy\AppData\Roaming\Adobe PNG Format CS6 Prefs 2017-02-03 21:34 - 2017-02-03 21:34 - 00554148 _____ C:\Users\jenksy\Downloads\Vintage-TV.zip 2017-02-03 21:01 - 2017-02-03 21:01 - 00092344 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS 2017-02-03 21:01 - 2016-08-15 08:24 - 02135712 ____N (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Procmon.exe 2017-02-03 21:01 - 2016-08-15 08:17 - 00063582 ____N C:\WINDOWS\system32\procmon.chm 2017-02-03 21:00 - 2016-11-18 07:26 - 02720928 ____N (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\procexp.exe 2017-02-03 21:00 - 2016-11-18 07:18 - 01457312 ____N (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\procexp64.exe 2017-02-03 21:00 - 2016-11-18 07:10 - 00072154 ____N C:\WINDOWS\system32\procexp.chm 2017-02-03 21:00 - 2016-03-03 21:44 - 00007490 ____N C:\WINDOWS\system32\Eula.txt 2017-02-03 20:59 - 2017-02-03 20:59 - 01932769 _____ C:\Users\jenksy\Downloads\ProcessExplorer.zip 2017-02-03 20:59 - 2017-02-03 20:59 - 00998093 _____ C:\Users\jenksy\Downloads\ProcessMonitor.zip 2017-02-03 20:58 - 2017-02-03 20:58 - 120703968 _____ (obsproject.com) C:\Users\jenksy\Downloads\OBS-Studio-17.0.2-Full-Installer.exe 2017-02-03 18:53 - 2017-02-03 18:53 - 06791967 _____ C:\Users\jenksy\Downloads\nukkit-1.0-SNAPSHOT.jar 2017-02-03 12:02 - 2017-02-03 12:02 - 02415543 _____ C:\Users\jenksy\Downloads\Jenken, Jesse - New Account Forms 01172017-signed (1).pdf 2017-02-03 12:01 - 2017-02-03 12:01 - 04142449 _____ C:\Users\jenksy\Downloads\Photos.zip 2017-02-03 11:52 - 2017-02-03 11:52 - 02415543 _____ C:\Users\jenksy\Downloads\Jenken, Jesse - New Account Forms 01172017-signed.pdf 2017-02-03 11:01 - 2017-02-03 11:01 - 00798033 _____ C:\Users\jenksy\Downloads\Jenken, Jesse - New Account Forms 01172017.pdf 2017-02-02 22:40 - 2017-02-02 22:40 - 00732896 _____ C:\Users\jenksy\Downloads\UnityDownloadAssistant-5.5.1f1.exe 2017-02-02 22:08 - 2017-02-02 22:08 - 00000000 ____D C:\Users\jenksy\AppData\Roaming\Notzombies 2017-02-01 13:34 - 2017-02-01 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-01-30 07:02 - 2017-01-30 07:02 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2017-01-30 07:02 - 2017-01-30 07:02 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2017-01-30 07:02 - 2017-01-30 07:02 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2017-01-30 07:02 - 2017-01-30 07:02 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2017-01-29 17:26 - 2017-01-29 17:26 - 00000000 ____D C:\Users\jenksy\Documents\FaceRig Avatars 2017-01-29 15:22 - 2017-01-29 15:22 - 00000000 ____D C:\Users\jenksy\AppData\LocalLow\Dodge Roll 2017-01-27 22:25 - 2017-01-27 22:25 - 00000000 ____D C:\Users\jenksy\AppData\LocalLow\Free Lives 2017-01-27 10:54 - 2017-01-27 10:54 - 00003266 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-01-27 08:17 - 2017-01-27 08:17 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2017-01-24 19:52 - 2016-12-21 00:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2017-01-24 19:52 - 2016-12-20 21:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2017-01-24 09:26 - 2017-01-24 09:26 - 00000000 ____D C:\WINDOWS\SysWOW64\Dell 2017-01-24 09:26 - 2017-01-24 09:26 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect 2017-01-21 08:33 - 2017-01-21 08:33 - 00276992 _____ C:\Users\jenksy\Downloads\pftest.exe 2017-01-21 08:11 - 2017-01-05 18:10 - 00158264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll 2017-01-21 08:11 - 2017-01-05 18:10 - 00126008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll 2017-01-21 08:11 - 2017-01-05 18:10 - 00059448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys 2017-01-18 06:24 - 2017-01-18 06:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2017-01-16 17:38 - 2017-01-16 17:38 - 00205440 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetLwf.sys 2017-01-16 17:38 - 2017-01-16 17:38 - 00131144 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys 2017-01-11 21:14 - 2017-01-11 21:14 - 00000000 ____D C:\Users\jenksy\AppData\Roaming\com.treefortress.Bardbarian 2017-01-10 17:16 - 2016-12-21 01:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll 2017-01-10 17:16 - 2016-12-21 01:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll 2017-01-10 17:16 - 2016-12-21 01:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-01-10 17:16 - 2016-12-21 00:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll 2017-01-10 17:16 - 2016-12-21 00:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2017-01-10 17:16 - 2016-12-21 00:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2017-01-10 17:16 - 2016-12-21 00:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll 2017-01-10 17:16 - 2016-12-21 00:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2017-01-10 17:16 - 2016-12-21 00:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2017-01-10 17:16 - 2016-12-21 00:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-01-10 17:16 - 2016-12-21 00:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2017-01-10 17:16 - 2016-12-21 00:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2017-01-10 17:16 - 2016-12-21 00:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2017-01-10 17:16 - 2016-12-21 00:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2017-01-10 17:16 - 2016-12-21 00:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2017-01-10 17:16 - 2016-12-21 00:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2017-01-10 17:16 - 2016-12-21 00:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-01-10 17:16 - 2016-12-21 00:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2017-01-10 17:16 - 2016-12-21 00:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2017-01-10 17:16 - 2016-12-21 00:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll 2017-01-10 17:16 - 2016-12-21 00:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2017-01-10 17:16 - 2016-12-21 00:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll 2017-01-10 17:16 - 2016-12-21 00:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll 2017-01-10 17:16 - 2016-12-21 00:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll 2017-01-10 17:16 - 2016-12-21 00:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll 2017-01-10 17:16 - 2016-12-21 00:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll 2017-01-10 17:16 - 2016-12-21 00:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2017-01-10 17:16 - 2016-12-21 00:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll 2017-01-10 17:16 - 2016-12-21 00:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2017-01-10 17:16 - 2016-12-21 00:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2017-01-10 17:16 - 2016-12-21 00:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2017-01-10 17:16 - 2016-12-21 00:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll 2017-01-10 17:16 - 2016-12-21 00:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2017-01-10 17:16 - 2016-12-21 00:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-01-10 17:16 - 2016-12-21 00:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2017-01-10 17:16 - 2016-12-21 00:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll 2017-01-10 17:16 - 2016-12-21 00:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2017-01-10 17:16 - 2016-12-21 00:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2017-01-10 17:16 - 2016-12-21 00:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll 2017-01-10 17:16 - 2016-12-20 23:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2017-01-10 17:16 - 2016-12-20 23:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2017-01-10 17:16 - 2016-12-20 23:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-01-10 17:16 - 2016-12-20 23:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll 2017-01-10 17:16 - 2016-12-20 23:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll 2017-01-10 17:16 - 2016-12-20 23:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll 2017-01-10 17:16 - 2016-12-20 23:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-01-10 17:16 - 2016-12-20 23:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2017-01-10 17:16 - 2016-12-20 23:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll 2017-01-10 17:16 - 2016-12-20 23:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe 2017-01-10 17:16 - 2016-12-20 23:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll 2017-01-10 17:16 - 2016-12-20 23:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2017-01-10 17:16 - 2016-12-20 23:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2017-01-10 17:16 - 2016-12-20 23:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2017-01-10 17:16 - 2016-12-20 23:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2017-01-10 17:16 - 2016-12-20 23:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2017-01-10 17:16 - 2016-12-20 23:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2017-01-10 17:16 - 2016-12-20 23:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2017-01-10 17:16 - 2016-12-20 23:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2017-01-10 17:16 - 2016-12-20 23:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2017-01-10 17:16 - 2016-12-20 22:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll 2017-01-10 17:16 - 2016-12-20 22:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll 2017-01-10 17:16 - 2016-12-20 22:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2017-01-10 17:16 - 2016-12-20 22:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2017-01-10 17:16 - 2016-12-20 22:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2017-01-10 17:16 - 2016-12-20 22:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2017-01-10 17:16 - 2016-12-20 22:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2017-01-10 17:16 - 2016-12-20 22:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2017-01-10 17:16 - 2016-12-20 22:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-01-10 17:16 - 2016-12-20 21:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2017-01-10 17:16 - 2016-12-20 21:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll 2017-01-10 17:16 - 2016-12-20 21:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll 2017-01-10 17:16 - 2016-12-20 21:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2017-01-10 17:16 - 2016-12-20 21:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2017-01-10 17:16 - 2016-12-20 21:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll 2017-01-10 17:16 - 2016-12-20 21:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll 2017-01-10 17:16 - 2016-12-20 21:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2017-01-10 17:16 - 2016-12-20 21:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2017-01-10 17:16 - 2016-12-20 21:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2017-01-10 17:16 - 2016-12-20 21:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll 2017-01-10 17:16 - 2016-12-20 21:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2017-01-10 17:16 - 2016-12-20 21:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll 2017-01-10 17:16 - 2016-12-20 21:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2017-01-10 17:16 - 2016-12-20 21:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-01-10 17:16 - 2016-12-20 21:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-01-10 17:16 - 2016-12-20 21:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll 2017-01-10 17:16 - 2016-12-20 21:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2017-01-10 17:16 - 2016-12-20 21:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll 2017-01-10 17:16 - 2016-12-20 21:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll 2017-01-10 17:16 - 2016-12-20 21:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2017-01-10 17:16 - 2016-12-20 21:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe 2017-01-10 17:16 - 2016-12-20 21:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-01-10 17:16 - 2016-12-20 21:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2017-01-10 17:16 - 2016-12-20 21:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll 2017-01-10 17:16 - 2016-12-20 21:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2017-01-10 17:16 - 2016-12-20 21:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2017-01-10 17:16 - 2016-12-20 21:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2017-01-10 17:16 - 2016-12-13 22:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2017-01-10 17:16 - 2016-12-13 22:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2017-01-10 17:16 - 2016-12-13 22:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2017-01-10 17:16 - 2016-12-13 22:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll 2017-01-10 17:16 - 2016-12-13 22:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll 2017-01-10 17:16 - 2016-12-13 22:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll 2017-01-10 17:16 - 2016-12-13 22:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2017-01-10 17:16 - 2016-12-13 22:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll 2017-01-10 17:16 - 2016-12-13 22:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll 2017-01-10 17:16 - 2016-12-13 22:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe 2017-01-10 17:16 - 2016-12-13 22:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll 2017-01-10 17:16 - 2016-12-13 22:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll 2017-01-10 17:16 - 2016-12-13 22:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll 2017-01-10 17:16 - 2016-12-13 22:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll 2017-01-10 17:16 - 2016-12-13 22:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll 2017-01-10 17:16 - 2016-12-13 22:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll 2017-01-10 17:16 - 2016-12-13 22:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll 2017-01-10 17:16 - 2016-12-13 22:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll 2017-01-10 17:16 - 2016-12-13 22:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe 2017-01-10 17:16 - 2016-12-13 22:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe 2017-01-10 17:16 - 2016-12-13 22:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll 2017-01-10 17:16 - 2016-12-13 22:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2017-01-10 17:16 - 2016-12-13 22:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2017-01-10 17:16 - 2016-12-13 22:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2017-01-10 17:16 - 2016-12-13 22:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2017-01-10 17:16 - 2016-12-13 22:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2017-01-10 17:16 - 2016-12-13 22:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2017-01-10 17:16 - 2016-12-13 22:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2017-01-10 17:16 - 2016-12-13 22:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2017-01-10 17:16 - 2016-12-13 22:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll 2017-01-10 17:16 - 2016-12-13 22:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2017-01-10 17:16 - 2016-12-13 22:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2017-01-10 17:16 - 2016-12-13 22:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2017-01-10 17:16 - 2016-12-13 22:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2017-01-10 17:16 - 2016-12-13 22:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll 2017-01-10 17:16 - 2016-12-13 21:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2017-01-10 17:16 - 2016-12-13 21:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2017-01-10 17:16 - 2016-12-13 21:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2017-01-10 17:16 - 2016-12-13 21:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2017-01-10 17:16 - 2016-12-13 21:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll 2017-01-10 17:16 - 2016-12-13 21:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll 2017-01-10 17:16 - 2016-12-13 21:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll 2017-01-10 17:16 - 2016-12-13 21:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll 2017-01-10 17:16 - 2016-12-13 21:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll 2017-01-10 17:16 - 2016-12-13 21:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-01-10 17:16 - 2016-12-13 21:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2017-01-10 17:16 - 2016-12-13 21:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll 2017-01-10 17:16 - 2016-12-13 21:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll 2017-01-10 17:16 - 2016-12-13 21:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll 2017-01-10 17:16 - 2016-12-13 21:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll 2017-01-10 17:16 - 2016-12-13 21:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll 2017-01-10 17:16 - 2016-12-13 21:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2017-01-10 17:16 - 2016-12-13 21:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll 2017-01-10 17:16 - 2016-12-13 21:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2017-01-10 17:16 - 2016-12-13 21:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2017-01-10 17:16 - 2016-12-13 21:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll 2017-01-10 17:16 - 2016-12-13 21:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll 2017-01-10 17:16 - 2016-12-13 21:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2017-01-10 17:16 - 2016-12-13 21:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2017-01-10 17:16 - 2016-12-13 21:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2017-01-10 17:16 - 2016-12-13 21:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2017-01-10 17:16 - 2016-12-13 21:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2017-01-10 17:16 - 2016-12-13 21:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2017-01-10 17:16 - 2016-12-13 21:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll 2017-01-10 17:16 - 2016-12-13 21:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll 2017-01-10 17:16 - 2016-12-13 21:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll 2017-01-10 17:16 - 2016-12-13 21:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2017-01-10 17:16 - 2016-12-13 21:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2017-01-10 17:16 - 2016-12-13 21:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2017-01-10 17:16 - 2016-12-13 21:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2017-01-10 17:16 - 2016-12-13 21:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll 2017-01-10 17:16 - 2016-12-13 21:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2017-01-10 17:16 - 2016-12-13 21:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2017-01-10 17:16 - 2016-12-13 21:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2017-01-10 17:16 - 2016-12-13 21:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-01-10 17:16 - 2016-12-13 21:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2017-01-10 17:16 - 2016-12-13 21:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-01-10 17:16 - 2016-12-13 21:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-01-10 17:16 - 2016-12-13 21:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2017-01-10 17:16 - 2016-12-13 21:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-01-10 17:16 - 2016-12-13 21:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-01-10 17:16 - 2016-11-02 05:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2017-01-10 17:16 - 2016-11-02 04:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2017-01-10 17:16 - 2016-11-02 03:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll 2017-01-10 17:16 - 2016-11-02 03:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2017-01-10 17:16 - 2016-11-02 03:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2017-01-10 17:16 - 2016-08-01 21:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2017-01-09 07:46 - 2017-01-09 07:46 - 00002169 _____ C:\Users\jenksy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blue Jeans.lnk 2017-01-09 07:46 - 2017-01-09 07:46 - 00000000 ____D C:\Users\jenksy\AppData\LocalLow\Blue Jeans 2017-01-09 07:46 - 2017-01-09 07:46 - 00000000 ____D C:\Users\jenksy\AppData\Local\Blue Jeans 2017-01-09 07:45 - 2017-01-09 07:45 - 00240336 _____ C:\Users\jenksy\Downloads\Blue Jeans Launcher.exe 2017-01-08 00:26 - 2017-01-08 00:27 - 51965139 _____ C:\Users\jenksy\Downloads\KSP Real Skybox.zip 2017-01-07 22:37 - 2017-01-07 22:41 - 00001372 _____ C:\Users\jenksy\Downloads\mods.ckan ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-05 21:43 - 2016-09-07 21:34 - 00000000 ____D C:\Program Files (x86)\Steam 2017-02-05 21:43 - 2016-04-25 12:58 - 02001650 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-02-05 21:39 - 2016-09-23 06:57 - 00000000 ____D C:\ProgramData\NVIDIA 2017-02-05 21:38 - 2016-09-08 20:29 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-02-05 21:38 - 2016-09-08 13:50 - 00000000 ____D C:\Users\jenksy\AppData\Local\CrashDumps 2017-02-05 21:37 - 2016-09-23 07:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-02-05 21:37 - 2016-09-07 18:45 - 00000000 __SHD C:\Users\jenksy\IntelGraphicsProfiles 2017-02-05 21:37 - 2016-08-30 10:28 - 00190664 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_3CD7F304.sys 2017-02-05 21:37 - 2016-07-15 23:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2017-02-05 21:36 - 2016-09-23 06:58 - 00000000 ____D C:\Users\jenksy 2017-02-05 21:22 - 2016-10-08 17:01 - 00000000 ____D C:\Users\jenksy\AppData\Roaming\obs-studio 2017-02-05 20:53 - 2016-09-23 06:56 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-02-05 00:02 - 2016-09-09 21:54 - 00000000 ____D C:\Users\jenksy\.VirtualBox 2017-02-04 23:55 - 2016-12-28 19:50 - 00000000 ____D C:\Program Files\Common Files\logishrd 2017-02-04 23:55 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF 2017-02-04 23:04 - 2016-11-12 00:37 - 00000000 ____D C:\Users\jenksy\.chatty 2017-02-04 22:03 - 2016-09-07 18:56 - 00000000 ____D C:\Users\jenksy\AppData\Roaming\uTorrent 2017-02-04 12:53 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-02-03 21:32 - 2016-09-21 18:28 - 00000000 ____D C:\Users\jenksy\AppData\Local\Adobe 2017-02-03 21:05 - 2016-09-08 18:30 - 00001281 _____ C:\Users\Public\Desktop\OBS Studio.lnk 2017-02-03 09:33 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-02-03 09:32 - 2016-08-30 10:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2017-02-03 09:31 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-02-01 13:34 - 2016-09-07 20:48 - 00000000 ____D C:\Program Files (x86)\Dropbox 2017-01-31 16:17 - 2016-09-07 18:55 - 00000000 ____D C:\Program Files (x86)\Google 2017-01-30 20:16 - 2016-09-09 23:15 - 00000600 _____ C:\Users\jenksy\AppData\Local\PUTTY.RND 2017-01-30 18:47 - 2016-08-30 10:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alienware 2017-01-30 18:47 - 2016-08-30 10:12 - 00000000 ____D C:\Program Files\Alienware 2017-01-29 16:24 - 2016-10-16 14:56 - 00000000 ____D C:\Users\jenksy\AppData\Roaming\.minecraft 2017-01-29 14:09 - 2016-09-07 20:49 - 00000000 ___RD C:\Users\jenksy\Dropbox 2017-01-29 00:44 - 2016-10-31 19:43 - 00000000 ____D C:\Users\jenksy\AppData\Roaming\vlc 2017-01-29 00:29 - 2016-09-08 13:54 - 00000000 ____D C:\Users\jenksy\AppData\Roaming\Origin 2017-01-29 00:29 - 2016-09-08 13:51 - 00000000 ____D C:\ProgramData\Origin 2017-01-28 23:51 - 2016-10-14 16:31 - 00001249 _____ C:\Users\Public\Desktop\Battlefield 1.lnk 2017-01-28 23:51 - 2016-08-30 10:14 - 00000000 ____D C:\ProgramData\Package Cache 2017-01-28 23:36 - 2016-09-08 13:51 - 00000000 ____D C:\Program Files (x86)\Origin 2017-01-27 22:25 - 2016-09-09 20:51 - 00000000 ____D C:\Users\jenksy\Documents\My Games 2017-01-27 11:41 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-01-27 10:54 - 2016-09-07 18:47 - 00002372 _____ C:\Users\jenksy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-01-27 10:54 - 2016-09-07 18:47 - 00000000 ___RD C:\Users\jenksy\OneDrive 2017-01-27 08:17 - 2016-08-30 10:06 - 00000000 ____D C:\Intel 2017-01-25 20:17 - 2016-09-13 20:52 - 00002244 _____ C:\Users\jenksy\Desktop\Discord.lnk 2017-01-25 20:17 - 2016-09-13 20:52 - 00000000 ____D C:\Users\jenksy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc 2017-01-25 20:17 - 2016-09-13 20:52 - 00000000 ____D C:\Users\jenksy\AppData\Roaming\discord 2017-01-25 20:17 - 2016-09-13 20:52 - 00000000 ____D C:\Users\jenksy\AppData\Local\Discord 2017-01-25 16:50 - 2016-09-08 07:39 - 00002340 ____H C:\Users\jenksy\Documents\Default.rdp 2017-01-25 10:19 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2017-01-24 21:43 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-01-22 13:20 - 2016-09-30 22:31 - 00000000 ____D C:\ProgramData\Oracle 2017-01-22 10:20 - 2016-09-30 22:31 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2017-01-22 10:20 - 2016-09-30 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2017-01-22 10:20 - 2016-09-30 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-01-22 10:20 - 2016-09-07 18:56 - 00000000 ____D C:\Program Files\Java 2017-01-21 08:23 - 2016-09-23 06:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2017-01-21 08:12 - 2016-09-08 18:49 - 00000000 ____D C:\Users\jenksy\AppData\Local\NVIDIA Corporation 2017-01-21 08:11 - 2017-01-01 18:50 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-21 08:11 - 2017-01-01 18:50 - 00001491 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2017-01-21 08:11 - 2016-09-23 07:02 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-21 08:11 - 2016-09-23 07:02 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-21 08:11 - 2016-09-23 07:02 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-21 08:11 - 2016-09-23 07:02 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-21 08:11 - 2016-09-23 07:02 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-21 08:11 - 2016-09-23 07:02 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-21 08:11 - 2016-09-23 06:57 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2017-01-21 08:11 - 2016-09-23 06:57 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-01-18 06:24 - 2016-10-15 09:10 - 00003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask 2017-01-18 06:24 - 2016-10-15 09:10 - 00000000 ____D C:\Program Files (x86)\Garmin 2017-01-16 17:38 - 2016-09-09 21:54 - 00959720 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys 2017-01-16 17:38 - 2016-09-09 21:54 - 00149304 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys 2017-01-13 17:24 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\rescache 2017-01-10 20:02 - 2016-04-25 13:36 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-01-10 19:51 - 2017-01-01 18:50 - 00005701 _____ C:\ProgramData\NvTelemetryContainer.log_backup1 2017-01-10 19:51 - 2016-09-23 06:56 - 05169936 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-01-10 19:50 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-01-10 19:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2017-01-10 19:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\oobe 2017-01-10 19:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\ShellExperiences 2017-01-10 19:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Provisioning 2017-01-10 19:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2017-01-10 19:06 - 2016-09-08 20:29 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-01-10 18:51 - 2017-01-04 17:37 - 00000000 ____D C:\Users\jenksy\Desktop\Taxes 2017-01-10 17:56 - 2016-09-08 12:34 - 00000000 ____D C:\Program Files (x86)\Rockstar Games 2017-01-10 17:56 - 2016-09-08 12:33 - 00000000 ____D C:\Program Files\Rockstar Games 2017-01-09 22:55 - 2016-09-09 21:55 - 00000000 ____D C:\Users\jenksy\VirtualBox VMs ==================== Files in the root of some directories ======= 2017-02-03 21:41 - 2017-02-03 21:41 - 0000132 _____ () C:\Users\jenksy\AppData\Roaming\Adobe PNG Format CS6 Prefs 2016-09-09 23:15 - 2017-01-30 20:16 - 0000600 _____ () C:\Users\jenksy\AppData\Local\PUTTY.RND 2016-09-11 19:29 - 2016-10-30 16:18 - 0007631 _____ () C:\Users\jenksy\AppData\Local\Resmon.ResmonCfg 2016-09-23 06:57 - 2016-09-23 06:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-09-09 22:02 - 2016-09-09 22:02 - 0000016 _____ () C:\ProgramData\mntemp 2017-01-01 18:50 - 2017-01-21 08:11 - 0014245 _____ () C:\ProgramData\NvTelemetryContainer.log 2017-01-01 18:50 - 2017-01-10 19:51 - 0005701 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1 2016-08-30 10:26 - 2016-08-30 10:27 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2016-08-30 10:28 - 2016-08-30 10:28 - 0000105 _____ () C:\ProgramData\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}.log 2016-08-30 10:28 - 2016-08-30 10:28 - 0000100 _____ () C:\ProgramData\{6BADCD73-E925-46F7-A295-FF2448632728}.log 2016-08-30 10:28 - 2016-08-30 10:28 - 0000098 _____ () C:\ProgramData\{CEF5334F-B91A-4327-ACAE-AA50DCE3F995}.log Some files in TEMP: ==================== 2017-01-07 19:01 - 2017-01-07 19:01 - 0005120 _____ () C:\Users\jenksy\AppData\Local\Temp\2a8f28d5-aea1-4c7d-be57-d46d45b07c50.exe 2016-11-17 19:06 - 2016-11-17 19:06 - 0914432 _____ (Igor Pavlov) C:\Users\jenksy\AppData\Local\Temp\7z.dll 2016-10-26 19:08 - 2016-10-26 19:08 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-1199825974582821648.dll 2016-10-26 19:15 - 2016-10-26 19:15 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-1276457462488333738.dll 2016-10-27 18:51 - 2016-10-27 18:51 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-2900208450124874458.dll 2016-10-27 18:28 - 2016-10-27 18:28 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-3392305107059323784.dll 2016-10-26 19:09 - 2016-10-26 19:09 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-4082226969068755312.dll 2016-10-26 19:17 - 2016-10-26 19:17 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-4858948843905633503.dll 2016-10-26 19:58 - 2016-10-26 19:58 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-5172998115970190908.dll 2016-10-26 19:35 - 2016-10-26 19:35 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-606422466675757122.dll 2016-10-26 20:25 - 2016-10-26 20:25 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-7783225489100015593.dll 2016-10-26 19:05 - 2016-10-26 19:05 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-8600104877528286630.dll 2016-10-26 19:34 - 2016-10-26 19:34 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-8874951839601360887.dll 2016-10-26 19:53 - 2016-10-26 19:53 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-9180780194298208281.dll 2016-10-26 19:09 - 2016-10-26 19:09 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-91873735403389908.dll 2016-10-26 19:19 - 2016-10-26 19:19 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-9189453557189547304.dll 2016-11-12 00:37 - 2017-02-04 22:17 - 0000000 _____ () C:\Users\jenksy\AppData\Local\Temp\JIntellitype.dll 2016-10-19 13:44 - 2016-10-19 13:44 - 0737856 _____ (Oracle Corporation) C:\Users\jenksy\AppData\Local\Temp\jre-8u111-windows-au.exe 2017-01-22 10:20 - 2017-01-22 10:20 - 0739904 _____ (Oracle Corporation) C:\Users\jenksy\AppData\Local\Temp\jre-8u121-windows-au.exe 2016-09-23 07:08 - 2016-09-23 07:08 - 2449544 _____ () C:\Users\jenksy\AppData\Local\Temp\neoNCSetup64.exe 2016-09-17 09:56 - 2016-11-24 12:22 - 0747648 _____ (NVIDIA Corporation) C:\Users\jenksy\AppData\Local\Temp\nvSCPAPI.dll 2016-09-17 09:56 - 2016-11-24 12:22 - 0860960 _____ (NVIDIA Corporation) C:\Users\jenksy\AppData\Local\Temp\nvSCPAPI64.dll 2016-10-17 13:27 - 2016-11-24 12:22 - 0353336 _____ (NVIDIA Corporation) C:\Users\jenksy\AppData\Local\Temp\nvStInst.exe 2016-09-14 21:30 - 2016-11-24 13:53 - 1135552 _____ (NVIDIA Corporation) C:\Users\jenksy\AppData\Local\Temp\NvTelemetry.dll 2016-09-14 21:30 - 2016-12-12 16:36 - 0253376 _____ (NVIDIA Corporation) C:\Users\jenksy\AppData\Local\Temp\NvTelemetryAPI32.dll 2016-09-14 21:30 - 2016-12-12 16:36 - 0334272 _____ (NVIDIA Corporation) C:\Users\jenksy\AppData\Local\Temp\NvTelemetryAPI64.dll 2016-10-12 20:06 - 2016-09-17 19:19 - 4235264 _____ (New Technology Studio) C:\Users\jenksy\AppData\Local\Temp\ovi-uninstall.exe 2016-11-17 19:06 - 2016-11-17 19:06 - 0163840 _____ (Igor Pavlov) C:\Users\jenksy\AppData\Local\Temp\sevnz.exe 2016-10-26 19:17 - 2016-10-26 19:17 - 0515584 _____ () C:\Users\jenksy\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-01-28 08:50 ==================== End of FRST.txt ============================ Addition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted February 6, 2017 ID:1099342 Share Posted February 6, 2017 Hello jenksy and welcome to Malwarebytes, My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please: Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good... Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan Scan within Archives are both on.... Leave all other settings to default.. Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply... Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed... Next, Go here and click 'SCAN NOW' under 'ESET Online Scanner' save to your Desktop. Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how Right click on and select "Run as Administrator" In the new Window accept the terms of service In the new Window select "Enable detection of potentially unwanted applictions" then expand "Advanced Settings" In the new Window checkmark (tick) the entries as shown, make sure "Clean threats automatically" is not checkmarked. Now select "Scan" In the new Window new virus database signatures will download, Do Not Select Stop The Window will progress showing the scan in action.... In the new Window if no threats are found, select "Delete applications data on close" then select "Finish" no log is produced, confirm that in your reply... If threats are found the following Window will open: Click on "Select All" then "Save to Text file" name and save that file, attach to your reply. Now select "Do not clean" and then close out.... Let me see those logs in your reply.... Also tell me if there are any remaining issues or concerns. Thank you, Kevin... fixlist.txt Link to post Share on other sites More sharing options...
jenksy Posted February 7, 2017 Author ID:1099752 Share Posted February 7, 2017 Kevin! I think you did it! After performing a _full_ scan with Malwarebytes, the popups ceased. This took some time. I ran the scans you suggested and have not had a single website connection atttempt blocked since! I'm currently at work, but wanted to follow up; most of this was performed yesterday. If logs are still important I can paste what was created, but I'm less concerned now that the connections appear to have ceased. Many, MANY thanks! Link to post Share on other sites More sharing options...
kevinf80 Posted February 7, 2017 ID:1099773 Share Posted February 7, 2017 Yes logs are very important, please post all logs. If no remaining issues I will give clean up instructions... Thank you, Kevin.... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 18, 2017 Root Admin ID:1102715 Share Posted February 18, 2017 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts