Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Security Essentials issues and can't connect to internet


  • This topic is locked This topic is locked
47 replies to this topic

#1 bee24

bee24

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 01 December 2015 - 01:58 PM

My computer had crashed a few times about a week ago. I was looking into hardware issues until I noticed that MSE wasn't running. When I tried to open it, it opened for less than a second then closes. Windows defender did the same thing. As I was trying to look into this issue I suddenly couldn't connect to the internet anymore. When I run the windows troubleshooter it says "the wired network adapter is experiencing problems". I have no problems connecting to the internet on other computers in the house or through wifi. I'm running windows 7. I'm able to connect to the internet by using a usb ethernet adapter that I have but not through the Ethernet port. I posted a thread in "Am I infected? What do i do?" and ran a few scans. You can find the thread here http://www.bleepingcomputer.com/forums/t/597415/microsoft-security-essentials-closing-immediately-and-no-internet/ . I included these logs as well.

 

On Nov. 28, I went to use my computer and AVG wanted to reboot to install an update so I did. When windows rebooted, AVG immediately found a threat in C:\windows\syswow64\wmpduiq.dll and quarantined it. I was able to open MSE and windows defender. I tried to run a scan in MSE but 30 minutes in, it froze. I thought having AVG running may have caused a conflict so I uninstalled AVG and MSE (or so I thought). When I tried to reinstall MSE I received an error. It suggested I reboot and try again so I did. When Windows booted, to my surprise MSE opened and was running. I tried to uninstall it again but it wasn't in the installed programs list anymore. I installed the MSE removal tool and ran it. The client closed and I can't open it anymore but the entire "Microsoft Security Client" still exists in program files with files inside. Most of the files were created in April. I'm unable to manually delete any of the files inside of the folder because it says I don't have permission from system. Now, when trying to install or uninstall MSE I receive an error. What should my steps be at this point? I reinstalled AVG in the mean time and I can still open Windows Defender. 

 
 

 

 

AVG:

"Whole Computer Scan"

"Scanned:";"Scan Whole Computer"
"Started:";"11/24/2015, 9:48:13 PM"
"Finished:";"11/24/2015, 11:31:04 PM"
"Number of items:";"374101"
"Launched by:";"Brendan"
 
"Name";"Description";"Status";"Status";"Priority"
"c:\Program Files\Microsoft Security Client\MsMpEng.exe (5988)";"Trojan horse Hiloti.CG";"Secured";"Healed";"High"
"C:\Users\Brendan\AppData\Local\Temp\setdebug.exe";"Trojan horse Downloader.Generic14.ABWS";"Secured";"Healed";"High"
"D:\downloads\vector_calculus_marsden_6th_edition_solutions_manual_rar_downloader.exe";"Adware Generic_r.ATM";"Secured";"Healed";"Medium"
"C:\Windows\Temp\pcds86.exe";"Trojan horse MSIL9.AMQG";"Secured";"Healed";"High"
"D:\downloads\vector_calculus_marsden_6th_edition_solutions_manual_rar_downloader (1).exe";"Adware Generic_r.ATM";"Secured";"Healed";"Medium"
 
Malwarebytes: 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/25/2015
Scan Time: 12:27 PM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.25.04
Rootkit Database: v2015.11.23.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Brendan
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 378849
Time Elapsed: 4 min, 2 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
ESET:
D:\123\LOST.DIR\175634 a variant of Android/Inmobi.A potentially unsafe application deleted - quarantined
D:\downloads\aida64extreme460.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\downloads\cbsidlm-cbsi213-SpeedFan-ORG-10067444.exe a variant of Win32/CNETInstaller.B potentially unwanted application cleaned by deleting - quarantined
D:\downloads\cbsidlm-tr1_14-MagicDisc-SEO-10383679.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
D:\downloads\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\downloads\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\downloads\CrystalDiskMark3_0_3-en.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
D:\downloads\FoxitReader605.0618_enu_Setup.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\downloads\FoxitReader611.1031_enu_Setup.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\downloads\undeleteplus_setup_a.exe Win32/MyPCBackup.A potentially unwanted application deleted - quarantined
D:\New folder (2)\clockworkmod\backup\2012-02-05.20.34.02\data.ext3.tar a variant of Android/Inmobi.A potentially unsafe application deleted - quarantined
D:\New folder (2)\rerware\MyBackup\AllAppsBackups\AppsMedia_2012_05_22\Apps\com.magmamobile.game.Galaxy_6.apk a variant of Android/Inmobi.A potentially unsafe application deleted - quarantined
D:\New folder (2)\rerware\MyBackup\AllAppsBackups\AppsMedia_2012_05_22\Apps\com.zynga.hanging_454.apk a variant of Android/Inmobi.A potentially unsafe applicationdeleted - quarantined
D:\New folder (2)\rerware\MyBackup\AllAppsBackups\AppsMedia_2012_05_22\Apps\com.zynga.scramble_461.apk a variant of Android/Inmobi.A potentially unsafe applicationdeleted - quarantined
D:\New folder (2)\rerware\MyBackup\AllAppsBackups\Schedule\Apps\com.ludia.familyfeudandfriends.free_11.apk a variant of Android/Inmobi.A potentially unsafe applicationdeleted - quarantined
D:\New folder (2)\rerware\MyBackup\AllAppsBackups\Schedule\Apps\com.ludia.FifthGrader.free_10.apk a variant of Android/Inmobi.A potentially unsafe application deleted - quarantined
D:\New folder (2)\rerware\MyBackup\AllAppsBackups\Schedule\Apps\com.zeptolab.ctr.lite.google_1.apk a variant of Android/Inmobi.A potentially unsafe application deleted - quarantined
D:\New folder (2)\rerware\MyBackup\AllAppsBackups\Schedule\Apps\com.zynga.scramble_461.apk a variant of Android/Inmobi.A potentially unsafe application deleted - quarantined
E:\123\LOST.DIR\175634 a variant of Android/Inmobi.A potentially unsafe application deleted - quarantined
E:\Downloads\ccsetup402.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Downloads\CrystalDiskMark3_0_2c-en.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
E:\Downloads\FoxitReader545.0114_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application deleted - quarantined
E:\Downloads\Fraps_3.5.9_Pre-Registered_[MBT]_secure.exe Win32/TopMedia.B potentially unwanted application deleted - quarantined
E:\Downloads\spsetup119.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
E:\Downloads\spsetup120.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
E:\New folder (2)\clockworkmod\backup\2012-02-05.20.34.02\data.ext3.tar a variant of Android/Inmobi.A potentially unsafe application deleted - quarantined
 
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
Ran by Brendan (administrator) on BRENDAN-PC (01-12-2015 13:31:44)
Running from D:\downloads
Loaded Profiles: Brendan & DefaultAppPool (Available Profiles: Brendan & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Foxit Corporation) D:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [855608 2007-09-26] (Microsoft Corporation)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3432567822-1334913527-2629878951-1000\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-3432567822-1334913527-2629878951-1000\...\MountPoints2: {a7748147-5d3f-11e3-9113-806e6f6e6963} - D:\Bin\ASSETUP.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-07] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5510AA9F-D457-4365-A206-1F59D039855B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{94289D00-88F5-493B-BCA3-35D4CFF7A7C4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DD03EA90-11CE-4F7B-8F08-D164E0753D71}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-10-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-12] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-12] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-09-23] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-09-23] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\gj98c1lj.default
FF Homepage: hxxp://www.youtube.com/feed/subscriptions
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-10] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> D:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> D:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-09-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-09-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF Extension: DownloadHelper - C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\gj98c1lj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-04-03] [not signed]
FF Extension: Adblock Plus - C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\gj98c1lj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-02]
 
Chrome: 
=======
CHR HomePage: Profile 1 -> hxxps://www.youtube.com/feed/subscriptions
CHR StartupUrls: Profile 1 -> "hxxps://www.youtube.com/feed/subscriptions"
CHR NewTab: Profile 1 -> "chrome-extension://icpgjfneehieebagbmdbhnlpiopdcmna/main.html"
CHR Profile: C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (BetterTTV) - C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-07-08]
CHR Extension: (Google Docs) - C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Google Search) - C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (AdBlock) - C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-25]
CHR Extension: (New Tab Redirect) - C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2014-12-14]
CHR Extension: (ReChat for Twitch™) - C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ipplilmaapjjklilmmaccfemdmhkoacd [2015-10-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-09]
CHR Extension: (Gmail) - C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [1475744 2012-05-24] (ASUSTeK Computer Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
R2 FoxitCloudUpdateService; D:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-11-25] (Futuremark)
S3 GalaxyClientService; D:\GalaxyClient\GalaxyClientService.exe [1720888 2015-08-26] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6920248 2015-08-26] (GOG.com)
R3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [18384 2014-07-09] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
S3 AIDA64Driver; D:\FinalWire\AIDA64 Extreme\kerneld.x64 [34136 2014-07-29] ()
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-27] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [83968 2014-02-28] (ASIX Electronics Corp.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2015-03-06] (REALiX™)
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [28912 2014-06-17] (Intel Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [125952 2014-06-16] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2013-12-05] () [File not signed]
R3 VSTWinDriver6; C:\Windows\System32\drivers\VSTwindrvr6.sys [252928 2014-06-03] (Jungo)
U3 aj754eeg; C:\Windows\System32\Drivers\aj754eeg.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 cpuz138; \??\C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-01 13:30 - 2015-12-01 13:31 - 00000000 ____D C:\FRST
2015-11-30 00:16 - 2015-11-30 00:16 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2015-11-30 00:16 - 2015-11-30 00:16 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-11-28 15:05 - 2015-11-30 00:16 - 00000965 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-11-28 15:05 - 2015-11-30 00:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-11-28 15:05 - 2015-11-28 15:05 - 00000000 ___HD C:\$AVG
2015-11-28 15:05 - 2015-11-28 15:05 - 00000000 ____D C:\Users\Brendan\AppData\Roaming\AVG2015
2015-11-28 15:05 - 2015-11-28 15:05 - 00000000 ____D C:\ProgramData\AVG2015
2015-11-28 15:05 - 2015-11-28 15:05 - 00000000 ____D C:\Program Files (x86)\AVG
2015-11-28 15:04 - 2015-12-01 13:30 - 00000000 ____D C:\ProgramData\MFAData
2015-11-28 15:04 - 2015-11-28 15:16 - 00000000 ____D C:\Users\Brendan\AppData\Local\Avg2015
2015-11-28 15:04 - 2015-11-28 15:04 - 00000000 ____D C:\Users\Brendan\AppData\Local\MFAData
2015-11-28 14:35 - 2015-11-28 14:41 - 00000938 _____ C:\FixitRegBackup.reg
2015-11-28 14:35 - 2015-11-28 14:35 - 428283454 _____ C:\Users\Brendan\Documents\123.reg
2015-11-28 13:21 - 2015-11-28 15:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-11-28 13:21 - 2015-11-28 15:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-11-28 13:21 - 2015-11-28 13:21 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-11-28 12:10 - 2015-11-28 12:10 - 00095706 _____ C:\Users\Brendan\Documents\cc_20151128_121031.reg
2015-11-26 12:55 - 2015-11-28 15:05 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-26 12:49 - 2015-11-26 12:49 - 00000000 ____D C:\Users\Brendan\AppData\Roaming\AVG
2015-11-26 12:47 - 2015-11-30 00:15 - 00000000 ____D C:\Users\Brendan\AppData\Local\Avg
2015-11-26 12:47 - 2015-11-26 12:53 - 00000000 ____D C:\Users\Brendan\AppData\Local\AvgSetupLog
2015-11-26 12:47 - 2015-11-26 12:53 - 00000000 ____D C:\ProgramData\Avg
2015-11-25 15:31 - 2015-11-25 15:37 - 00007344 _____ C:\Users\Brendan\Desktop\eset1.txt
2015-11-25 12:31 - 2015-11-25 12:31 - 00001056 _____ C:\Users\Brendan\Desktop\mbam.txt
2015-11-25 12:12 - 2015-11-25 12:12 - 00011938 _____ C:\Users\Brendan\Desktop\eset.txt
2015-11-24 23:32 - 2015-11-25 12:24 - 00001682 _____ C:\Users\Brendan\Desktop\avg.txt
2015-11-24 20:05 - 2015-12-01 00:10 - 00003244 _____ C:\Windows\System32\Tasks\IORRT
2015-11-24 18:27 - 2015-11-24 18:27 - 00000833 _____ C:\Users\Brendan\Desktop\JRT.txt
2015-11-24 18:27 - 2015-11-24 18:27 - 00000000 ____D C:\Program Files (x86)\ESET
2015-11-24 17:39 - 2015-11-24 17:39 - 00000872 _____ C:\Users\Brendan\Desktop\AdwCleaner[S3].txt
2015-11-24 17:36 - 2015-11-24 17:37 - 00217686 _____ C:\TDSSKiller.3.1.0.6_24.11.2015_17.36.24_log.txt
2015-11-24 17:33 - 2015-11-24 17:27 - 02870984 _____ (ESET) C:\Users\Brendan\Desktop\esetsmartinstaller_enu.exe
2015-11-24 17:33 - 2015-11-24 17:27 - 01733632 _____ C:\Users\Brendan\Desktop\AdwCleaner.exe
2015-11-24 17:33 - 2015-11-24 17:27 - 01599080 _____ (Malwarebytes) C:\Users\Brendan\Desktop\JRT.exe
2015-11-24 17:33 - 2015-11-24 17:26 - 04397752 _____ (Kaspersky Lab ZAO) C:\Users\Brendan\Desktop\tdsskiller.exe
2015-11-24 17:33 - 2015-11-24 17:26 - 00891392 _____ (Farbar) C:\Users\Brendan\Desktop\MiniToolBox.exe
2015-11-24 17:00 - 2015-11-24 17:38 - 00000000 ____D C:\AdwCleaner
2015-11-24 16:41 - 2015-11-24 16:41 - 00001548 _____ C:\Users\Brendan\Desktop\msseces1- Shortcut (2).lnk
2015-11-24 16:40 - 2015-11-24 16:40 - 00001548 _____ C:\Users\Brendan\Desktop\msseces - Shortcut.lnk
2015-11-24 16:29 - 2015-11-24 16:29 - 00000000 ____D C:\Users\Brendan\AppData\Roaming\TuneUp Software
2015-11-24 12:01 - 2015-11-24 12:01 - 01287624 _____ C:\Windows\Minidump\112415-8018-01.dmp
2015-11-24 06:44 - 2015-11-24 06:44 - 00519352 _____ C:\Windows\Minidump\112415-43274-01.dmp
2015-11-24 06:43 - 2015-11-24 06:43 - 00003288 ____N C:\bootsqm.dat
2015-11-23 21:48 - 2015-12-01 13:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-23 21:48 - 2015-11-23 21:48 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-23 21:04 - 2015-11-28 15:33 - 00000304 _____ C:\Windows\Tasks\IDQMMPQ.job
2015-11-23 21:04 - 2015-11-23 21:04 - 00002584 _____ C:\Windows\System32\Tasks\IDQMMPQ
2015-11-22 19:25 - 2015-11-22 19:25 - 00000000 ____D C:\Users\Brendan\AppData\Local\AMD
2015-11-22 19:24 - 2015-11-22 19:24 - 00277488 _____ C:\Windows\Minidump\112215-45536-01.dmp
2015-11-21 07:23 - 2015-11-28 15:34 - 00003030 _____ C:\Windows\System32\Tasks\MSIAfterburner
2015-11-21 06:44 - 2015-11-21 06:44 - 00000000 ____D C:\Users\Brendan\AppData\Local\Fallout4
2015-11-21 06:44 - 2015-11-21 06:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-11-21 06:44 - 2015-11-21 06:44 - 00000000 ____D C:\ProgramData\ATI
2015-11-21 06:28 - 2015-11-21 06:28 - 00000625 _____ C:\Users\Brendan\Desktop\Fallout 4.lnk
2015-11-21 06:28 - 2015-11-21 06:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2015-11-18 15:20 - 2015-11-18 15:21 - 00000000 ___RD C:\Users\Brendan\Dropbox
2015-11-18 15:19 - 2015-11-21 05:52 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-11-18 15:19 - 2015-11-18 15:21 - 00000000 ____D C:\Users\Brendan\AppData\Local\Dropbox
2015-11-18 15:19 - 2015-11-18 15:19 - 00000000 ____D C:\Users\Brendan\AppData\Roaming\Dropbox
2015-11-18 15:19 - 2015-11-18 15:19 - 00000000 ____D C:\ProgramData\Dropbox
2015-11-18 02:55 - 2015-11-18 02:55 - 01217576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2015-11-18 02:55 - 2015-11-18 02:55 - 00133016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2015-11-18 02:55 - 2015-11-18 02:55 - 00120656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2015-11-18 02:55 - 2015-11-18 02:55 - 00102616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2015-11-18 02:55 - 2015-11-18 02:55 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2015-11-18 02:55 - 2015-11-18 02:55 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2015-11-18 02:55 - 2015-11-18 02:55 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2015-11-18 02:55 - 2015-11-18 02:55 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2015-11-18 02:54 - 2015-11-18 02:54 - 10226528 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2015-11-18 02:54 - 2015-11-18 02:54 - 08895768 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2015-11-18 02:54 - 2015-11-18 02:54 - 08779872 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2015-11-18 02:54 - 2015-11-18 02:54 - 07931152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2015-11-18 02:54 - 2015-11-18 02:54 - 07408936 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2015-11-18 02:52 - 2015-11-18 02:52 - 00297672 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2015-11-18 02:49 - 2015-11-18 02:49 - 21661696 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2015-11-18 02:44 - 2015-11-18 02:44 - 47785472 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2015-11-18 02:44 - 2015-11-18 02:44 - 01187342 _____ C:\Windows\system32\amdocl_as64.exe
2015-11-18 02:44 - 2015-11-18 02:44 - 01061902 _____ C:\Windows\system32\amdocl_ld64.exe
2015-11-18 02:44 - 2015-11-18 02:44 - 00995342 _____ C:\Windows\SysWOW64\amdocl_as32.exe
2015-11-18 02:44 - 2015-11-18 02:44 - 00798734 _____ C:\Windows\SysWOW64\amdocl_ld32.exe
2015-11-18 02:44 - 2015-11-18 02:44 - 00235008 _____ C:\Windows\system32\clinfo.exe
2015-11-18 02:43 - 2015-11-18 02:43 - 39712768 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2015-11-18 02:42 - 2015-11-18 02:42 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-11-18 02:42 - 2015-11-18 02:42 - 00059392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-11-18 02:40 - 2015-11-18 02:40 - 27535872 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2015-11-18 02:40 - 2015-11-18 02:40 - 22318592 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2015-11-18 02:20 - 2015-11-18 02:20 - 00675328 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2015-11-18 02:19 - 2015-11-18 02:19 - 06728192 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2015-11-18 02:19 - 2015-11-18 02:19 - 00560640 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2015-11-18 02:19 - 2015-11-18 02:19 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2015-11-18 02:19 - 2015-11-18 02:19 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2015-11-18 02:14 - 2015-11-18 02:14 - 05290496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2015-11-18 02:13 - 2015-11-18 02:13 - 30767616 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2015-11-18 02:10 - 2015-11-18 02:10 - 00096256 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2015-11-18 02:10 - 2015-11-18 02:10 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2015-11-18 02:07 - 2015-11-18 02:07 - 25312768 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2015-11-18 02:06 - 2015-11-18 02:06 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2015-11-18 02:06 - 2015-11-18 02:06 - 00039424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2015-11-18 02:04 - 2015-11-18 02:04 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2015-11-18 02:03 - 2015-11-18 02:03 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2015-11-18 02:03 - 2015-11-18 02:03 - 00663992 _____ C:\Windows\SysWOW64\atiapfxx.blb
2015-11-18 02:03 - 2015-11-18 02:03 - 00663992 _____ C:\Windows\system32\atiapfxx.blb
2015-11-18 02:03 - 2015-11-18 02:03 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2015-11-18 02:03 - 2015-11-18 02:03 - 00204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2015-11-18 02:03 - 2015-11-18 02:03 - 00204952 _____ C:\Windows\system32\ativvsvl.dat
2015-11-18 02:03 - 2015-11-18 02:03 - 00157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2015-11-18 02:03 - 2015-11-18 02:03 - 00157144 _____ C:\Windows\system32\ativvsva.dat
2015-11-18 02:03 - 2015-11-18 02:03 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2015-11-18 02:03 - 2015-11-18 02:03 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2015-11-18 02:03 - 2015-11-18 02:03 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2015-11-18 02:03 - 2015-11-18 02:03 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2015-11-18 02:02 - 2015-11-18 02:02 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2015-11-18 01:59 - 2015-11-18 01:59 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2015-11-18 01:59 - 2015-11-18 01:59 - 00674816 _____ (AMD) C:\Windows\system32\atieclxx.exe
2015-11-18 01:59 - 2015-11-18 01:59 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2015-11-18 01:59 - 2015-11-18 01:59 - 00204800 _____ C:\Windows\system32\amdgfxinfo64.dll
2015-11-18 01:59 - 2015-11-18 01:59 - 00189952 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2015-11-18 01:59 - 2015-11-18 01:59 - 00160256 _____ C:\Windows\system32\atieah64.exe
2015-11-18 01:59 - 2015-11-18 01:59 - 00143872 _____ C:\Windows\SysWOW64\atieah32.exe
2015-11-18 01:59 - 2015-11-18 01:59 - 00029696 _____ (AMD) C:\Windows\system32\atimuixx.dll
2015-11-18 01:58 - 2015-11-18 01:58 - 00246784 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2015-11-18 01:58 - 2015-11-18 01:58 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2015-11-18 01:55 - 2015-11-18 01:55 - 01247744 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2015-11-18 01:55 - 2015-11-18 01:55 - 00926720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2015-11-18 01:55 - 2015-11-18 01:55 - 00926720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2015-11-18 01:55 - 2015-11-18 01:55 - 00666112 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2015-11-18 01:55 - 2015-11-18 01:55 - 00156672 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2015-11-18 01:55 - 2015-11-18 01:55 - 00141824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2015-11-18 01:55 - 2015-11-18 01:55 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2015-11-18 01:55 - 2015-11-18 01:55 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2015-11-18 01:55 - 2015-11-18 01:55 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2015-11-18 01:54 - 2015-11-18 01:54 - 00102912 _____ C:\Windows\system32\hsa-thunk64.dll
2015-11-18 01:54 - 2015-11-18 01:54 - 00102400 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2015-11-18 01:52 - 2015-11-18 01:52 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2015-11-17 16:45 - 2015-11-17 21:59 - 00038808 _____ C:\Users\Brendan\Documents\physics 2 lab 7 graph.cmbl
2015-11-12 22:59 - 2015-11-03 12:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 11:24 - 2015-11-11 11:24 - 00000829 _____ C:\Users\Brendan\Desktop\Ryse - Son of Rome.lnk
2015-11-11 11:24 - 2015-11-11 11:24 - 00000000 ____D C:\Users\Brendan\AppData\Roaming\Ryse - Son of Rome
2015-11-11 10:48 - 2015-11-11 10:48 - 00000000 ____D C:\Users\Brendan\AppData\Local\Downloaded Installations
2015-11-10 17:11 - 2015-11-03 17:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-10 17:11 - 2015-11-03 16:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-10 17:11 - 2015-10-30 18:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-10 17:11 - 2015-10-30 18:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-10 17:11 - 2015-10-30 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-10 17:11 - 2015-10-30 18:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-10 17:11 - 2015-10-30 18:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-10 17:11 - 2015-10-30 18:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-10 17:11 - 2015-10-30 18:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-10 17:11 - 2015-10-30 18:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-10 17:11 - 2015-10-30 18:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-10 17:11 - 2015-10-30 18:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-10 17:11 - 2015-10-30 18:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-10 17:11 - 2015-10-30 18:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-10 17:11 - 2015-10-30 18:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-10 17:11 - 2015-10-30 18:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-10 17:11 - 2015-10-30 18:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-10 17:11 - 2015-10-30 18:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-10 17:11 - 2015-10-30 18:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-10 17:11 - 2015-10-30 18:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-10 17:11 - 2015-10-30 18:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-10 17:11 - 2015-10-30 17:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-10 17:11 - 2015-10-30 17:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-10 17:11 - 2015-10-30 17:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-10 17:11 - 2015-10-30 17:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-10 17:11 - 2015-10-30 17:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-10 17:11 - 2015-10-30 17:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-10 17:11 - 2015-10-30 17:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-10 17:11 - 2015-10-30 17:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-10 17:11 - 2015-10-30 17:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-10 17:11 - 2015-10-30 17:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-10 17:11 - 2015-10-30 17:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-10 17:11 - 2015-10-30 17:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-10 17:11 - 2015-10-30 17:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-10 17:11 - 2015-10-30 17:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-10 17:11 - 2015-10-30 17:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-10 17:11 - 2015-10-30 17:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-10 17:11 - 2015-10-30 17:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-10 17:11 - 2015-10-30 17:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-10 17:11 - 2015-10-30 17:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-10 17:11 - 2015-10-30 17:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-10 17:11 - 2015-10-30 17:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-10 17:11 - 2015-10-30 17:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-10 17:11 - 2015-10-30 17:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-10 17:11 - 2015-10-30 17:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-10 17:11 - 2015-10-30 17:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-10 17:11 - 2015-10-30 17:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-10 17:11 - 2015-10-30 17:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-10 17:11 - 2015-10-30 17:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-10 17:11 - 2015-10-30 17:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-10 17:11 - 2015-10-30 17:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-10 17:11 - 2015-10-30 17:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-10 17:11 - 2015-10-30 17:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-10 17:11 - 2015-10-30 17:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-10 17:11 - 2015-10-30 17:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-10 17:11 - 2015-10-30 17:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-10 17:11 - 2015-10-30 17:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-10 17:11 - 2015-10-30 17:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-10 17:11 - 2015-10-30 17:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-10 17:11 - 2015-10-30 17:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-10 17:11 - 2015-10-30 16:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-10 17:11 - 2015-10-30 16:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-10 17:11 - 2015-10-30 16:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-10 17:11 - 2015-10-30 16:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-10 17:11 - 2015-10-20 13:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-10 17:11 - 2015-10-20 13:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-10 17:11 - 2015-10-20 13:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-10 17:11 - 2015-10-20 13:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-10 17:11 - 2015-10-20 13:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-10 17:11 - 2015-10-20 13:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-10 17:11 - 2015-10-20 13:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-10 17:11 - 2015-10-20 13:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-10 17:11 - 2015-10-20 13:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-10 17:11 - 2015-10-20 13:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-10 17:11 - 2015-10-20 13:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-10 17:11 - 2015-10-20 12:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-10 17:11 - 2015-10-20 12:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-10 17:11 - 2015-10-20 12:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-10 17:11 - 2015-10-20 12:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-10 17:11 - 2015-10-20 12:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-10 17:11 - 2015-10-19 20:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-10 17:11 - 2015-10-19 20:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-10 17:11 - 2015-10-19 20:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-10 17:11 - 2015-10-19 20:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-10 17:11 - 2015-10-19 20:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-10 17:11 - 2015-10-19 20:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-10 17:11 - 2015-10-19 20:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-10 17:11 - 2015-10-19 20:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-10 17:11 - 2015-10-19 20:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-10 17:11 - 2015-10-19 20:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-10 17:11 - 2015-10-19 20:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-10 17:11 - 2015-10-19 20:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-10 17:11 - 2015-10-19 20:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-10 17:11 - 2015-10-19 20:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-10 17:11 - 2015-10-19 20:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-10 17:11 - 2015-10-19 20:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-10 17:11 - 2015-10-19 20:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-10 17:11 - 2015-10-19 20:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-10 17:11 - 2015-10-19 20:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-10 17:11 - 2015-10-19 20:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-10 17:11 - 2015-10-19 20:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-10 17:11 - 2015-10-19 20:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-10 17:11 - 2015-10-19 20:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-10 17:11 - 2015-10-19 20:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-10 17:11 - 2015-10-19 20:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-10 17:11 - 2015-10-19 20:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-10 17:11 - 2015-10-19 20:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-10 17:11 - 2015-10-19 20:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-10 17:11 - 2015-10-19 20:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-10 17:11 - 2015-10-19 20:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-10 17:11 - 2015-10-19 20:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-10 17:11 - 2015-10-19 20:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-10 17:11 - 2015-10-19 20:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-10 17:11 - 2015-10-19 19:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-10 17:11 - 2015-10-19 19:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-10 17:11 - 2015-10-19 19:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-10 17:11 - 2015-10-19 19:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-10 17:11 - 2015-10-19 19:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-10 17:11 - 2015-10-19 19:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-10 17:11 - 2015-10-19 19:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-10 17:11 - 2015-10-19 19:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-10 17:11 - 2015-10-19 19:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-10 17:11 - 2015-10-19 19:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-10 17:11 - 2015-10-19 19:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-10 17:11 - 2015-10-19 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-10 17:11 - 2015-10-19 19:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-10 17:11 - 2015-10-19 19:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-10 17:11 - 2015-10-19 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-10 17:11 - 2015-10-19 19:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-10 17:11 - 2015-10-19 19:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-10 17:11 - 2015-10-19 19:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-10 17:11 - 2015-10-19 19:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-10 17:11 - 2015-10-19 19:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-10 17:11 - 2015-10-19 19:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-10 17:11 - 2015-10-19 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-10 17:11 - 2015-10-19 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 18:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-10 17:11 - 2015-10-19 18:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-10 17:11 - 2015-10-19 18:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-10 17:11 - 2015-10-19 18:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-10 17:11 - 2015-10-19 18:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-10 17:11 - 2015-10-19 18:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 18:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 18:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-10 17:11 - 2015-10-19 18:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-10 17:11 - 2015-10-13 11:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-10 17:11 - 2015-10-13 11:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-10 17:11 - 2015-10-12 23:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-10 17:11 - 2015-10-01 13:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-10 17:11 - 2015-10-01 13:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-10 17:11 - 2015-10-01 12:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-10 17:11 - 2015-09-23 08:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-10 17:11 - 2015-09-23 08:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-10 17:11 - 2015-09-23 08:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-06 18:57 - 2015-11-06 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect Keyboard
2015-11-06 18:51 - 2015-11-06 18:51 - 00000000 ____D C:\Users\Brendan\Documents\Cooler Master
2015-11-06 18:47 - 2015-11-06 18:47 - 00003050 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_IType_exe
2015-11-06 18:47 - 2015-11-06 18:47 - 00000000 ____D C:\Program Files\Microsoft IntelliType Pro
2015-11-06 18:35 - 2015-11-09 16:55 - 00036836 _____ C:\Users\Brendan\Documents\physics 2 lab 6 graph.cmbl
2015-11-04 20:32 - 2015-11-04 20:32 - 00000363 _____ C:\Users\Brendan\Desktop\schedule.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-01 13:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-01 13:27 - 2014-10-30 02:38 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-30 19:56 - 2014-10-30 02:38 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-30 00:25 - 2009-07-13 23:45 - 00015008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-30 00:25 - 2009-07-13 23:45 - 00015008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-28 15:39 - 2009-07-14 00:13 - 00876868 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-28 15:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-11-28 15:34 - 2013-12-04 19:29 - 00002186 _____ C:\Windows\epplauncher.mif
2015-11-28 15:33 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-28 13:27 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-28 12:11 - 2013-12-04 16:20 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-25 15:18 - 2015-05-16 20:47 - 00007604 _____ C:\Users\Brendan\AppData\Local\Resmon.ResmonCfg
2015-11-24 21:39 - 2013-12-04 17:20 - 00000000 ____D C:\Users\Brendan\AppData\Roaming\uTorrent
2015-11-24 20:10 - 2014-10-28 14:11 - 00003718 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-11-24 17:56 - 2015-09-23 08:54 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-24 17:55 - 2015-09-23 08:52 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-24 16:38 - 2013-12-04 17:34 - 00000000 ____D C:\Users\Brendan\AppData\Local\ElevatedDiagnostics
2015-11-24 12:01 - 2015-08-17 19:14 - 800101833 _____ C:\Windows\MEMORY.DMP
2015-11-24 12:01 - 2013-12-04 17:25 - 00000000 ____D C:\Windows\Minidump
2015-11-23 21:48 - 2013-12-04 16:23 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-23 21:48 - 2013-12-04 16:23 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-21 06:44 - 2014-05-28 18:41 - 00000000 ____D C:\Users\Brendan\Documents\My Games
2015-11-21 06:43 - 2015-05-20 18:09 - 00000000 ____D C:\Program Files\AMD
2015-11-21 06:40 - 2015-01-15 14:37 - 00000000 ____D C:\AMD
2015-11-21 06:30 - 2014-07-16 18:53 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-11-18 16:08 - 2015-05-30 22:35 - 00000000 ____D C:\Users\Brendan\Desktop\MSOffice2007Settings
2015-11-18 15:20 - 2013-12-04 16:01 - 00000000 ____D C:\Users\Brendan
2015-11-18 02:55 - 2014-09-15 17:31 - 00152056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2015-11-18 02:55 - 2013-10-08 09:01 - 01479768 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2015-11-18 02:54 - 2014-09-15 17:31 - 12101120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2015-11-18 01:56 - 2015-06-22 20:21 - 00865792 _____ (AMD) C:\Windows\system32\coinst_15.20.dll
2015-11-17 15:50 - 2013-12-14 17:20 - 00000000 ____D C:\Users\Brendan\AppData\Roaming\vlc
2015-11-13 03:16 - 2009-07-13 23:45 - 00438200 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-11 21:46 - 2014-10-30 02:38 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-11 11:24 - 2014-06-18 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-11-11 10:49 - 2015-05-20 18:10 - 00000000 ____D C:\Program Files (x86)\AMD
2015-11-11 03:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-11-11 03:07 - 2013-12-05 14:09 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 03:04 - 2013-12-05 14:09 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-11 03:01 - 2013-12-04 16:20 - 00869106 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-11 03:00 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-08 10:25 - 2013-12-04 16:13 - 00111856 _____ C:\Users\Brendan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-06 19:30 - 2014-04-30 09:30 - 00000000 ____D C:\ProgramData\TEMP
2015-11-06 18:58 - 2013-12-04 16:01 - 00000000 ____D C:\Users\Brendan\AppData\Local\VirtualStore
2015-11-03 20:32 - 2013-12-04 17:19 - 00000000 ____D C:\Users\Brendan\AppData\Local\Battle.net
2015-11-03 20:32 - 2013-12-04 17:18 - 00000000 ____D C:\Program Files (x86)\Battle.net
 
==================== Files in the root of some directories =======
 
2015-02-27 17:06 - 2015-02-27 17:06 - 0000000 ___SH () C:\Users\Brendan\AppData\Local\LumaEmu
2015-05-16 20:47 - 2015-11-25 15:18 - 0007604 _____ () C:\Users\Brendan\AppData\Local\Resmon.ResmonCfg
2013-12-19 09:49 - 2013-12-19 09:49 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
C:\Users\Brendan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpb_ifph.dll
C:\Users\Brendan\AppData\Local\Temp\Foxit Reader Updater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-30 03:52
 
==================== End of FRST.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:35 PM

Posted 03 December 2015 - 10:12 AM

Greetings bee24 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

There is evidence of illegal software on your computer. Before addressing your issues I am going to request you uninstall Microsoft Office 15 and all other software for which you do not have a valid Product key (including games). If you are willing to uninstall these programs please do so and post fresh FRST and Addition.txt reports. If you prefer to not uninstall these programs please let me know and I will close the Topic.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 bee24

bee24
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 03 December 2015 - 11:58 PM

Hi Gary. I'm Brendan. Thanks for helping me. I do have a legitimate copy of office. It is synced through my school email address. It doesn't validate unless I open word and sign in. I would rather not uninstall it as it's the end of the semester and I still need it for school. I'm going to include Addition.txt here since it failed to attach to my first post. Please let me know if there is anything else I should do. 

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-12-2015
Ran by Brendan (2015-12-01 13:31:59)
Running from D:\downloads
Windows 7 Home Premium Service Pack 1 (X64) (2013-12-04 21:01:38)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3432567822-1334913527-2629878951-500 - Administrator - Disabled)
Brendan (S-1-5-21-3432567822-1334913527-2629878951-1000 - Administrator - Enabled) => C:\Users\Brendan
Guest (S-1-5-21-3432567822-1334913527-2629878951-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 
3DMark (HKLM-x32\...\{7330098c-3669-4f39-9e82-4221d489db39}) (Version: 1.4.828.0 - Futuremark)
3DMark (Version: 1.4.828.0 - Futuremark) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
AIDA64 Extreme v4.60 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.60 - FinalWire Ltd.)
AMD Catalyst Install Manager (HKLM\...\{F564317A-AB84-BEE8-A670-B6C09BC08AFB}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6176 - AVG Technologies)
AVG 2015 (Version: 15.0.4477 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6176 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
calibre (HKLM-x32\...\{7D69BF2B-6C60-4D0A-8A6C-BCFD025D5D84}) (Version: 1.17.0 - Kovid Goyal)
Castle Crashers (HKLM-x32\...\Castle Crashers) (Version: 1.4 - Jimbo)
Catzilla 1.3 (HKLM\...\{41EE0CB2-75DE-4FE0-AEB2-4CBC30624FA6}_is1) (Version: 1.3 - ALLPlayer Group Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Cities - Skylines (HKLM-x32\...\Cities - Skylines_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CrystalDiskMark 3.0.3 (HKLM\...\CrystalDiskMark_is1) (Version: 3.0.3 - Crystal Dew World)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Curse Client (HKU\S-1-5-21-3432567822-1334913527-2629878951-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Fallout 4 v.1.1.30 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.1.618 - Foxit Corporation)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{03856D3F-DDDC-4C9A-9202-36529D21D94C}) (Version: 4.32.483.0 - Futuremark)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Sony Online Entertainment)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{A3E89C5B-BB3A-433A-A878-D1310BB13EAD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
Intel Extreme Tuning Utility (HKLM-x32\...\{a6e81627-a651-408c-8fb6-19a078070830}) (Version: 5.1.0.23 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 5.1.0.23 - Intel Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.25.1036 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® SSD Toolbox (HKLM-x32\...\{06D085C8-1F00-11B2-96A7-8f0CE39193ED}) (Version: 3.1.9.400 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version:  - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Logger Pro 3.8.6.1 (HKLM-x32\...\{D651D84F-47D8-42B7-8F92-202A90EB2011}) (Version: 5.120.386 - Vernier Software & Technology)
Logger Pro 3.9 (HKLM-x32\...\{E77A0117-F519-4C0D-27B5-173D2BAA596D}) (Version: 5.182.504 - Vernier Software & Technology)
Logger Pro 3.9 Demo (HKLM-x32\...\{F599A0CE-56B5-4128-BF90-F15A3A99D084}) (Version: 5.182.504 - Vernier Software & Technology)
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4771.1004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.1 (HKLM\...\{8A837C47-2B21-4FDF-8370-41A1EB6A26E8}) (Version: 1.10.123.0 - Microsoft)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0a2 - Mozilla)
mp3splt-gtk (HKLM-x32\...\mp3splt-gtk) (Version:  - )
MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.51.0 - Black Tree Gaming)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
PCMark 8 (HKLM-x32\...\{9f744264-4a6e-4141-96ba-b05b1b6a176c}) (Version: 2.3.293.0 - Futuremark)
PCMark 8 (Version: 2.3.293.0 - Futuremark) Hidden
Perfect Keyboard (HKLM-x32\...\Perfect Keyboard) (Version:  - )
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Resident Evil 6 Benchmark Tool (HKLM-x32\...\Steam App 229950) (Version:  - Capcom)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
TI-83 Plus Flash Debugger (HKLM-x32\...\TI-83 Plus Flash Debugger) (Version:  - )
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Viper Plagiarism Scanner (HKLM-x32\...\{2D9F8754-84AB-4C46-8243-9EADF23A63EE}_is1) (Version: 4.1.90.1039 - All Answers Ltd)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.24 - NCH Software)
Windows Driver Package - ASIX (AX88178) Net  (07/12/2013 1.14.6.0) (HKLM\...\29D833C89C48AAD25433D33C7847A6E8E712F9D1) (Version: 07/12/2013 1.14.6.0 - ASIX)
Windows Driver Package - ASIX (AX88179) Net  (12/03/2013 1.14.8.0) (HKLM\...\1B4B5A7C69F7245159762A3E760F3C782264C800) (Version: 12/03/2013 1.14.8.0 - ASIX)
Windows Driver Package - ASIX (AX88772) Net  (11/05/2013 3.14.5.0) (HKLM\...\808BADE605FC3CF278F67B4033C3CB969A596775) (Version: 11/05/2013 3.14.5.0 - ASIX)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04084D3A-5D21-42D2-A529-8CE0E8B9D39E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-23] (Adobe Systems Incorporated)
Task: {0A91AAEB-49CF-432D-8CB1-119A8C0D67C1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {0F8AF55A-2FB7-4B0F-9E93-53092D894559} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2014-09-03] ()
Task: {205D548E-2B05-441D-ACCE-E5A34CA65CA7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {3F7D5A26-8711-45D0-B1B7-23C2875876A1} - System32\Tasks\{17DE4D69-DA15-4CB0-9C8E-FA451E09C512} => pcalua.exe -a "E:\Downloads\dotnetfx35setup (1).exe" -d E:\Downloads
Task: {47EC78B3-3474-44CE-BB61-3AC46D438821} - System32\Tasks\{BEF84438-545A-43A9-BB0F-E4A322730DF4} => pcalua.exe -a D:\downloads\LeagueofLegends_NA_Installer_05_07_13(1).exe -d C:\Windows\SysWOW64 -c /groupsextract:100;101;102;103; /out:"C:\Users\Brendan\AppData\Roaming\Riot Games\League of Legends\prerequisites" /callbackid:4776
Task: {4DAC6D53-8C4A-4132-AE40-BB377D374A27} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6230FC19-0DB9-439C-B828-7D9FF10BA22C} - System32\Tasks\MSIAfterburner => D:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2015-06-01] ()
Task: {649447D6-11E0-40B9-9C57-1EDCA9704142} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2014-09-03] ()
Task: {79C1B981-2A0A-4591-A29F-12894B2F17C4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {A37B756D-A041-46A8-809F-01D2E3A793B2} - System32\Tasks\GetNetworkInfo => C:\Users\Brendan\AppData\Local\Temp\setdebug.exe <==== ATTENTION
Task: {A40DB331-9DD7-4BE9-9DB0-EA0116378248} - System32\Tasks\IDQMMPQ => Rundll32.exe "C:\Windows\SysWOW64\WmpDuiq.dll",Ydksr
Task: {AAADE664-B2D3-464C-A735-9D697F1229CD} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {BD22B634-7563-4F8F-962C-643F7E556B52} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {D83BBC8A-B2BC-4AEB-B26D-843B388024F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E40E56F4-A952-4370-AE36-081FE5AA6445} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {EDCCC623-D92E-4952-A83B-12C5B6FEAD0D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-10-13] (Microsoft Corporation)
Task: {EE277394-01AE-4E4A-BA89-5D94577676D3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {F0F3A093-9E96-4496-9DC6-B6684EB11354} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {F3E5A497-AA81-469B-9F2B-F2ECDA59194A} - System32\Tasks\{12603B45-CD7A-4B15-B8D2-12A61914D435} => pcalua.exe -a "E:\Downloads\setup (1).exe" -d E:\Downloads
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\IDQMMPQ.job => C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\WmpDuiq.dll
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-06-01 04:42 - 2012-06-01 04:42 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2015-09-23 08:52 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-30 02:25 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-14 15:25 - 2015-11-28 15:33 - 00027136 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2015-05-14 15:25 - 2010-06-28 21:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2015-10-30 02:25 - 2015-09-01 07:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-10-15 02:25 - 2014-10-15 02:25 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2013-12-04 16:11 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-12-07 00:05 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-12-07 00:05 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-11-11 21:46 - 2015-11-06 23:36 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:36C8EA71
AlternateDataStreams: C:\ProgramData\TEMP:DDCCB2FA
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3432567822-1334913527-2629878951-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3432567822-1334913527-2629878951-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3432567822-1334913527-2629878951-1000\...\sharepoint.com -> hxxps://mailsunysuffolk.sharepoint.com
IE trusted site: HKU\S-1-5-21-3432567822-1334913527-2629878951-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3432567822-1334913527-2629878951-1000\...\sony.com -> sony.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3432567822-1334913527-2629878951-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Brendan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{77A2F6AF-892A-4349-8653-D073550010D9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2417\Agent.exe
FirewallRules: [{5F0A3C16-45CC-4028-A112-4517DA449835}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2417\Agent.exe
FirewallRules: [{1BC356EC-1AB0-443D-A8DB-5ABE367C9C2A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6C22920C-419E-433D-B69F-E1C321B6AE2B}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{C2133FB5-8C21-4DB4-AF44-0E2EEE614C7C}] => (Allow) C:\Users\Brendan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0B1F86A4-055E-4EC3-AC94-F4EB6977B6EF}] => (Allow) C:\Users\Brendan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{71F052BD-E407-4857-9797-D75BC5CCE459}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2417\Agent.exe
FirewallRules: [{FCE1DD2D-34F4-4B22-8B56-00BA30185836}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2417\Agent.exe
FirewallRules: [{EA707BDF-A179-4E14-BBA1-C8BA71F785D5}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{24F4350D-8735-4AC0-9CE6-BB5A15AA53CE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{94C695CF-013E-46E8-9E60-0584BBC71C86}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{39EEB992-6168-4232-A927-54881A144C1E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{33ABEC0C-20D7-46A0-95A9-98D2CCD8FCC5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9ABCBD8E-B447-4179-B4BB-EC44E737F17F}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{3913B8BF-100F-454C-8D0C-AE034BA12C10}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe
FirewallRules: [{F0181989-5B01-4E45-805C-0D15CE3B004B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{5C36A21D-1D1C-4775-AA73-BEAD54296F86}C:\program files (x86)\castle crashers\castle.exe] => (Block) C:\program files (x86)\castle crashers\castle.exe
FirewallRules: [UDP Query User{B144F47A-AE66-4E01-8A79-97BD25D97E02}C:\program files (x86)\castle crashers\castle.exe] => (Block) C:\program files (x86)\castle crashers\castle.exe
FirewallRules: [{B287D3FF-0356-4EFD-80CC-E7E7338F65A8}] => (Allow) D:\steam\Steam.exe
FirewallRules: [{07834AE1-DB45-47AC-AD03-93F836CB9EA1}] => (Allow) D:\steam\Steam.exe
FirewallRules: [{4418D717-E4E7-4304-B155-25D6754EC1A7}] => (Allow) D:\steam\bin\steamwebhelper.exe
FirewallRules: [{B8C59596-C228-4D54-BF5D-06E901DCE359}] => (Allow) D:\steam\bin\steamwebhelper.exe
FirewallRules: [{9425DBFF-2A51-48D3-9E22-31B01A1C6D54}] => (Allow) D:\steam\steamapps\common\Resident Evil 6 Benchmark Tool\RE6.exe
FirewallRules: [{9EC7EA09-3DDF-4C9A-8FDB-2CDAE07E5A32}] => (Allow) D:\steam\steamapps\common\Resident Evil 6 Benchmark Tool\RE6.exe
FirewallRules: [{C52909E4-3470-411A-B60F-1BED1C245B5B}] => (Allow) D:\steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{54D6905E-BDF6-4681-8439-4841C0953784}] => (Allow) D:\steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2249E23A-624E-4E59-A340-E1C72F7AF9E8}] => (Allow) D:\Ventrilo\Ventrilo.exe
FirewallRules: [{1AA8D766-3A09-4B63-A1D1-DC1C84DA72B5}] => (Allow) D:\Ventrilo\Ventrilo.exe
FirewallRules: [{01BDDD1F-719B-47DD-B657-034F097CF700}] => (Allow) D:\steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{FBED9403-B4C9-44C9-AF22-581E78C7FF1D}] => (Allow) D:\steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [TCP Query User{ECE939B1-94EA-47EE-867D-2C6981117866}D:\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{BE69A747-7058-4237-AD4C-B013BC01BA63}D:\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{BE82C20B-8C03-46DA-A9F4-6E0D3C87C1AA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1C35EA4F-7D62-469F-B056-E4ACE067459B}] => (Allow) LPort=2869
FirewallRules: [{78B83038-A753-43F4-9EAE-93B8D8A85437}] => (Allow) LPort=1900
FirewallRules: [{5D499015-62B3-4E37-91CD-7E0DEBE3A3F8}] => (Allow) D:\WOW\Hearthstone\Hearthstone.exe
FirewallRules: [{ABDD50A7-E428-43AB-B1AF-1554B0774090}] => (Allow) D:\WOW\Hearthstone\Hearthstone.exe
FirewallRules: [{CB45B4AA-3080-4F53-BCDE-9C12A0008453}] => (Allow) C:\Program Files\Dolphin\Dolphin.exe
FirewallRules: [{8AD55B42-1745-4989-8FAB-440BF7ABAC1F}] => (Allow) C:\Program Files\Dolphin\Dolphin.exe
FirewallRules: [{2F057AA6-0587-4CD8-91C7-23583E10D0C1}] => (Allow) C:\Program Files\Dolphin\Dolphin.exe
FirewallRules: [{022D51B4-6F9D-4BD4-B2AD-2E0A08433115}] => (Allow) C:\Program Files\Dolphin\Dolphin.exe
FirewallRules: [{96757345-B656-4D45-BDAE-5A73BF9F81F9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{53DD53A1-63E6-4C8F-9C86-83C74C50E9AD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{BFAE67E3-F9A9-4DBD-8D90-D39ACF6D7088}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{3FB17B93-8003-43AD-9C4D-F354AE884C79}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7F06365B-8F83-43B3-A53F-506D6E29FA6B}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{B31DB685-F25B-4FBE-BA23-46CDCF957439}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{3DAD2CFA-9EAB-4928-A401-91D7EC30C5FC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{20162833-5598-40A9-A46D-2F2375CE7E40}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{A890478B-F001-4DE8-B7BC-5E2E83767C57}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{750942A3-F994-4A6B-961A-CCE0F7428506}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{E933961B-624B-439A-BA72-FA0BC6FE4EE7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{EBCE74A5-935A-4BDC-B19B-E468DF440515}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{BB143C68-BBA5-4D24-B84D-A287A4B11B43}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{6548E9C6-80C1-4B3E-B0F0-13794E4D7889}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® Management Engine Interface 
Description: Intel® Management Engine Interface 
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/01/2015 01:26:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20863590
 
Error: (12/01/2015 01:26:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20863590
 
Error: (12/01/2015 01:26:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/30/2015 07:42:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 49439057
 
Error: (11/30/2015 07:42:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 49439057
 
Error: (11/30/2015 07:42:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/28/2015 10:05:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5990
 
 
System errors:
=============
Error: (12/01/2015 04:05:57 AM) (Source: AX88772) (EventID: 17) (User: )
Description: RX complete failed.
 
Error: (12/01/2015 04:05:57 AM) (Source: AX88772) (EventID: 17) (User: )
Description: RX complete failed.
 
Error: (11/30/2015 00:09:42 AM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel® Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x1E000055, FWSTS1: 0x66000106).
 
Error: (11/28/2015 03:33:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error: 
%%-2147024894
 
Error: (11/28/2015 02:36:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error: 
%%-2147024894
 
Error: (11/28/2015 02:32:51 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%8604.8.0204.0%%834%%8580x80070057The parameter is incorrect. 3
 
Error: (11/28/2015 02:31:26 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%8604.8.0204.0%%834%%8580x80070057The parameter is incorrect. 3
 
Error: (11/28/2015 02:19:40 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%8604.8.0204.0%%834%%8580x80070057The parameter is incorrect. 3
 
Error: (11/28/2015 02:18:45 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%8604.8.0204.0%%834%%8580x80070057The parameter is incorrect. 3
 
Error: (11/28/2015 02:17:13 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%8604.8.0204.0%%834%%8580x80070057The parameter is incorrect. 3
 
 
CodeIntegrity:
===================================
  Date: 2013-12-04 18:25:28.356
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-userenv_31bf3856ad364e35_6.1.7601.17514_none_9247d45ea984f2ad\userenv.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-04 18:25:28.340
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-userenv_31bf3856ad364e35_6.1.7601.17514_none_9247d45ea984f2ad\userenv.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-04 18:25:28.340
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-userenv_31bf3856ad364e35_6.1.7601.17514_none_9247d45ea984f2ad\userenv.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-04 18:25:28.325
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-userenv_31bf3856ad364e35_6.1.7601.17514_none_9247d45ea984f2ad\userenv.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-04 18:25:03.037
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-rpc-remote_31bf3856ad364e35_6.1.7601.17514_none_c2a09d30916321d9\RpcRtRemote.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-04 18:25:03.037
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-rpc-remote_31bf3856ad364e35_6.1.7601.17514_none_c2a09d30916321d9\RpcRtRemote.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-04 18:25:03.021
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-rpc-remote_31bf3856ad364e35_6.1.7601.17514_none_c2a09d30916321d9\RpcRtRemote.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-04 18:25:03.021
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-rpc-remote_31bf3856ad364e35_6.1.7601.17514_none_c2a09d30916321d9\RpcRtRemote.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-04 18:21:12.874
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_c03ca3001653c1ef\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-04 18:21:12.874
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_c03ca3001653c1ef\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 27%
Total physical RAM: 8140.65 MB
Available physical RAM: 5921 MB
Total Virtual: 16279.51 MB
Available Virtual: 12542.37 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:21.32 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:218.44 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:465.76 GB) (Free:60.31 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 06D30AF4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A4C36060)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4E4E27C6)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:35 PM

Posted 04 December 2015 - 09:53 AM

Greetings Brendan,

Fair enough, let's see what we can do. Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-3432567822-1334913527-2629878951-1000\...\Run: [GalaxyClient] => [X]
SearchScopes: HKLM-x32 -> DefaultScope value is missing
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
U3 aj754eeg; C:\Windows\System32\Drivers\aj754eeg.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 cpuz138; \??\C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
C:\Windows\System32\Drivers\aj754eeg.sys
2015-11-23 21:04 - 2015-11-28 15:33 - 00000304 _____ C:\Windows\Tasks\IDQMMPQ.job
2015-11-23 21:04 - 2015-11-23 21:04 - 00002584 _____ C:\Windows\System32\Tasks\IDQMMPQ
2015-11-21 06:28 - 2015-11-21 06:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
Task: {A37B756D-A041-46A8-809F-01D2E3A793B2} - System32\Tasks\GetNetworkInfo => C:\Users\Brendan\AppData\Local\Temp\setdebug.exe <==== ATTENTION
Task: {A40DB331-9DD7-4BE9-9DB0-EA0116378248} - System32\Tasks\IDQMMPQ => Rundll32.exe "C:\Windows\SysWOW64\WmpDuiq.dll",Ydksr
Task: {F3E5A497-AA81-469B-9F2B-F2ECDA59194A} - System32\Tasks\{12603B45-CD7A-4B15-B8D2-12A61914D435} => pcalua.exe -a "E:\Downloads\setup (1).exe" -d E:\Downloads
Task: {3F7D5A26-8711-45D0-B1B7-23C2875876A1} - System32\Tasks\{17DE4D69-DA15-4CB0-9C8E-FA451E09C512} => pcalua.exe -a "E:\Downloads\dotnetfx35setup (1).exe" -d E:\Downloads
Task: {47EC78B3-3474-44CE-BB61-3AC46D438821} - System32\Tasks\{BEF84438-545A-43A9-BB0F-E4A322730DF4} => pcalua.exe -a D:\downloads\LeagueofLegends_NA_Installer_05_07_13(1).exe -d C:\Windows\SysWOW64 -c /groupsextract:100;101;102;103; /out:"C:\Users\Brendan\AppData\Roaming\Riot Games\League of Legends\prerequisites" /callbackid:4776
AlternateDataStreams: C:\ProgramData\TEMP:36C8EA71
AlternateDataStreams: C:\ProgramData\TEMP:DDCCB2FA
C:\Users\Brendan\AppData\Local\Temp\setdebug.exe
C:\Windows\SysWOW64\WmpDuiq.dll
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • System Summary information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 bee24

bee24
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 04 December 2015 - 03:24 PM

Here is the information you requested. I still cannot install MSE and can't connect to the internet using the Ethernet port. Please let me know what I should do next. 

 

Fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version:01-12-2015
Ran by Brendan (2015-12-04 15:15:04) Run:1
Running from C:\Users\Brendan\Desktop
Loaded Profiles: Brendan & DefaultAppPool (Available Profiles: Brendan & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-3432567822-1334913527-2629878951-1000\...\Run: [GalaxyClient] => [X]
SearchScopes: HKLM-x32 -> DefaultScope value is missing
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
U3 aj754eeg; C:\Windows\System32\Drivers\aj754eeg.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 cpuz138; \??\C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
C:\Windows\System32\Drivers\aj754eeg.sys
2015-11-23 21:04 - 2015-11-28 15:33 - 00000304 _____ C:\Windows\Tasks\IDQMMPQ.job
2015-11-23 21:04 - 2015-11-23 21:04 - 00002584 _____ C:\Windows\System32\Tasks\IDQMMPQ
2015-11-21 06:28 - 2015-11-21 06:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
Task: {A37B756D-A041-46A8-809F-01D2E3A793B2} - System32\Tasks\GetNetworkInfo => C:\Users\Brendan\AppData\Local\Temp\setdebug.exe <==== ATTENTION
Task: {A40DB331-9DD7-4BE9-9DB0-EA0116378248} - System32\Tasks\IDQMMPQ => Rundll32.exe "C:\Windows\SysWOW64\WmpDuiq.dll",Ydksr
Task: {F3E5A497-AA81-469B-9F2B-F2ECDA59194A} - System32\Tasks\{12603B45-CD7A-4B15-B8D2-12A61914D435} => pcalua.exe -a "E:\Downloads\setup (1).exe" -d E:\Downloads
Task: {3F7D5A26-8711-45D0-B1B7-23C2875876A1} - System32\Tasks\{17DE4D69-DA15-4CB0-9C8E-FA451E09C512} => pcalua.exe -a "E:\Downloads\dotnetfx35setup (1).exe" -d E:\Downloads
Task: {47EC78B3-3474-44CE-BB61-3AC46D438821} - System32\Tasks\{BEF84438-545A-43A9-BB0F-E4A322730DF4} => pcalua.exe -a D:\downloads\LeagueofLegends_NA_Installer_05_07_13(1).exe -d C:\Windows\SysWOW64 -c /groupsextract:100;101;102;103; /out:"C:\Users\Brendan\AppData\Roaming\Riot Games\League of Legends\prerequisites" /callbackid:4776
AlternateDataStreams: C:\ProgramData\TEMP:36C8EA71
AlternateDataStreams: C:\ProgramData\TEMP:DDCCB2FA
C:\Users\Brendan\AppData\Local\Temp\setdebug.exe
C:\Windows\SysWOW64\WmpDuiq.dll
*****************
 
HKU\S-1-5-21-3432567822-1334913527-2629878951-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
aj754eeg => service removed successfully
cpuz138 => service removed successfully
GPUZ => service removed successfully
Could not move "C:\Windows\System32\Drivers\aj754eeg.sys" => Scheduled to move on reboot.
C:\Windows\Tasks\IDQMMPQ.job => moved successfully
C:\Windows\System32\Tasks\IDQMMPQ => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A37B756D-A041-46A8-809F-01D2E3A793B2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A37B756D-A041-46A8-809F-01D2E3A793B2}" => key removed successfully
C:\Windows\System32\Tasks\GetNetworkInfo => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GetNetworkInfo" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A40DB331-9DD7-4BE9-9DB0-EA0116378248}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A40DB331-9DD7-4BE9-9DB0-EA0116378248}" => key removed successfully
C:\Windows\System32\Tasks\IDQMMPQ => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IDQMMPQ" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E5A497-AA81-469B-9F2B-F2ECDA59194A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E5A497-AA81-469B-9F2B-F2ECDA59194A}" => key removed successfully
C:\Windows\System32\Tasks\{12603B45-CD7A-4B15-B8D2-12A61914D435} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{12603B45-CD7A-4B15-B8D2-12A61914D435}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F7D5A26-8711-45D0-B1B7-23C2875876A1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F7D5A26-8711-45D0-B1B7-23C2875876A1}" => key removed successfully
C:\Windows\System32\Tasks\{17DE4D69-DA15-4CB0-9C8E-FA451E09C512} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{17DE4D69-DA15-4CB0-9C8E-FA451E09C512}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47EC78B3-3474-44CE-BB61-3AC46D438821}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47EC78B3-3474-44CE-BB61-3AC46D438821}" => key removed successfully
C:\Windows\System32\Tasks\{BEF84438-545A-43A9-BB0F-E4A322730DF4} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BEF84438-545A-43A9-BB0F-E4A322730DF4}" => key removed successfully
C:\ProgramData\TEMP => ":36C8EA71" ADS removed successfully.
C:\ProgramData\TEMP => ":DDCCB2FA" ADS removed successfully.
"C:\Users\Brendan\AppData\Local\Temp\setdebug.exe" => not found.
"C:\Windows\SysWOW64\WmpDuiq.dll" => not found.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-12-04 15:16:26)
 
C:\Windows\System32\Drivers\aj754eeg.sys => Is moved successfully
 

 

==== End of Fixlog 15:16:26 ====
 
 

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:35 PM

Posted 04 December 2015 - 05:53 PM

Thank you Brendan.

Boot your computer into Safe Mode with Networking and let me know if you have Internet issues.

Is it correct that you do not have wireless capabilities on this computer and that you are currently connected to the Internet using an external USB to Ethernet connector?

Please do this for me.

===================================================

Troubleshooting Through Device Manager

----------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type devmgmt.msc and press Enter
  • Expand the Network Adapters section by clicking + sign
  • Please list all the entries located under this category
===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:service
*Ydksr*
:process
*Ydksr*
:filefind
*Ydksr*
:regfind
*Ydksr*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply or, if necessary zip and attach the file.
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Internet issues in Safe Mode with Networking?
  • Reply to questions
  • Device Manager information
  • SystemLook report
  • RogueKiller report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 bee24

bee24
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 04 December 2015 - 06:33 PM

Hi Gary. I tried to boot into safe mode with networking and still no luck. You are correct, I do not have wireless capabilities on this computer and am currently connected to the Internet using an external USB to Ethernet connector. What should I try next?

 

listed entries in network adapters:

ASIX AX88772 USB2.0 to Fast Ethernet Adapter

Realtek PCIe GBE Family Controller
 
SystemLook:
SystemLook 30.07.11 by jpshortstuff
Log created at 18:18 on 04/12/2015 by Brendan
Administrator - Elevation successful
 
========== service ==========
 
*Ydksr* - Unable to open Service Handle.
 
========== process ==========
 
*Ydksr* - Unable to open process handle.
 
========== filefind ==========
 
Searching for "*Ydksr*"
No files found.
 
========== regfind ==========
 
Searching for "*Ydksr*"
No data found.
 
-= EOF =-

 

RogueKiller: 

RogueKiller V11.0.0.0 [Nov 27 2015] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Brendan [Administrator]
Started from : C:\Users\Brendan\Desktop\RogueKiller.exe
Mode : Scan -- Date : 12/04/2015 18:25:52
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 2 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_67A5\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_67A5\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] gj98c1lj.default : user_pref("browser.startup.homepage", "http://www.youtube.com/feed/subscriptions"); -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: INTEL SSDSC2BW120A4 +++++
--- User ---
[MBR] d46efb8e3b177c810f94a7720db20614
[BSP] ecfb1f198b43aa98d305a6c96929e767 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: WDC WD10EZEX-75ZF5A0 +++++
--- User ---
[MBR] 55cba92e55e96249dbe1ab8396d5f196
[BSP] 235ff830b8fa1fdd46b54fbb504c1678 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: WDC WD5000AADS-00S9B0 +++++
--- User ---
[MBR] 4e4e69ed8cabe0f6a4c0c7ab0b0db9aa
[BSP] 06a9d5f608bf60f73bdf7e38075c9e59 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:35 PM

Posted 04 December 2015 - 07:40 PM

Excellent, thank you. Please do this.

===================================================

Uninstalling/Reinstalling a Device Driver

----------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type devmgmt.msc and press Enter
  • Expand the Network Adapters section by clicking + sign
  • Right click on the Realtek PCIe GBE Family Controller, select Uninstall, then OK
  • Reboot your computer
  • Check your computer Ethernet port
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 bee24

bee24
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 04 December 2015 - 08:23 PM

Success! Thanks for the help Gary. Maybe a virus corrupted the driver? Should we tackle the Microsoft Security Essentials installation issues? I'm using AVG right now and I'm fine with that. I have a feeling the problems I'm having may just be an issue with MSE. What do you think?



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:35 PM

Posted 04 December 2015 - 08:30 PM

Excellent but we are not done yet.

Yes, the drivers for your Ethernet card were corrupted.

You should only have one antivirus program on your computer at a time even if you are only running one. I think currently MSE is not listed in Programs and Features to uninstall but there is still evidence of the program on your computer. Do I have this right?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 bee24

bee24
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 04 December 2015 - 08:41 PM

Yes, that is correct. MSE is not in the installed programs list and I receive errors when trying to install or uninstall MSE. The Microsoft Security Client folder still exists in C:\Program Files with files inside but I can't manually delete them. 

 

Edit: The folder also exists in C:\Program Files (x86) with files inside. 


Edited by bee24, 04 December 2015 - 08:43 PM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:35 PM

Posted 04 December 2015 - 08:50 PM

Is this the tool you used to try to uninstall MSE?

http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 bee24

bee24
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 04 December 2015 - 09:51 PM

Yes. I tried using that tool a few times after failing to uninstall it manually.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:35 PM

Posted 04 December 2015 - 09:55 PM

OK, thanks for the clarification. Let's take this step.

===================================================

GrantPerms by Farbar

--------------------
  • Download GrantPerms for either 32 bit or 64 bit systems and save it to your desktop
  • Unzip the file and launch the program
  • Copy and paste the following in the edit box:

C:\Program Files (x86)\Microsoft Security Client
C:\Program Files\Microsoft Security Client

  • Click Unlock. When it is done click OK
  • Click List Permissions and copy/paste the results of the Perms.txt document in your reply
  • Check your ability to delete the folders
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Were you able to delete the folders?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 bee24

bee24
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 04 December 2015 - 10:16 PM

I still can't delete the folders. If I try to delete the folder itself I get the message "You require permission from Administrators to make changes to this folder". If I try to delete the files inside the folder I get the message "You require permission from SYSTEM to make changes to this file". Here's the log:

 

GrantPerms by Farbar 
Ran by Brendan (administrator) at 2015-12-04 22:12:17
 
===============================================
\\?\C:\Program Files (x86)\Microsoft Security Client
 
   Owner: BUILTIN\Administrators
 
   DACL(NP)(AI):
   NT SERVICE\TrustedInstaller   FULL   ALLOW   (I)
   NT SERVICE\TrustedInstaller   FULL   ALLOW   (CI)(IO)(I)
   NT AUTHORITY\SYSTEM   FULL   ALLOW   (I)
   NT AUTHORITY\SYSTEM   FULL   ALLOW   (CI)(OI)(IO)(I)
   BUILTIN\Administrators   FULL   ALLOW   (I)
   BUILTIN\Administrators   FULL   ALLOW   (CI)(OI)(IO)(I)
   BUILTIN\Users   READ/EXECUTE   ALLOW   (I)
   BUILTIN\Users   READ/EXECUTE   ALLOW   (CI)(OI)(IO)(I)
   CREATOR OWNER   FULL   ALLOW   (CI)(OI)(IO)(I)
 
 
\\?\C:\Program Files\Microsoft Security Client
 
   Owner: BUILTIN\Administrators
 
   DACL((NP)):
   BUILTIN\Users   READ/EXECUTE   ALLOW   (CI)(OI)
   NT AUTHORITY\SYSTEM   FULL   ALLOW   (CI)(OI)
   BUILTIN\Administrators   FULL   ALLOW   (CI)(OI)
   NT AUTHORITY\SYSTEM   FULL   ALLOW   (CI)(OI)
 
 
 
================ End Of List ================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users