Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojans


  • This topic is locked This topic is locked
7 replies to this topic

#1 LostApprentice

LostApprentice

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 03 January 2016 - 06:59 PM

Pretty sure I'm infected and I don't know what to do. My computer isn't running a lot of programs correctly and I've lost sound. I tried running multiple antivirus scans as well as malware scans.


Edited by LostApprentice, 04 January 2016 - 04:37 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:35 PM

Posted 05 January 2016 - 09:59 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


How is the computer running now?
Wait for further instructions.

#3 LostApprentice

LostApprentice
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 09 January 2016 - 05:12 PM

Sorry for the late response here. Life and all that.

 

I've ran mbam multiple times already, but I'll run it again for you. I'll post all logs when I get them.



#4 LostApprentice

LostApprentice
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 09 January 2016 - 06:16 PM

MBAM log:

 

Potential issues:
==============================
 
LAN Settings: No Settings are Set <--NOT DETECTING SETTING AUTOMATICALLY
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
mbam-check result log version:     2.3.0.0
========================================
 
User Account type:                 Administrator
DomainComputer:                    No
OS:                                Windows 8.1  64 bit Operating System
Current Version and Build:         6.3.9200.0 
mbam-check result log version: 2.3.0.0
 
Date Log Created: 01/09/16
Time Log Created: 15:15:28
 
 
User Information for Local System:
===========================================
User Account: Aaron
Account Level: Admin
User Account: Administrator
Account Level: Admin
User Account: ASPNET
Account Level: Limited User
User Account: Guest
Account Level: Guest
User Account: HomeGroupUser$
Account Level: Guest
Total # of user entries: 5
 
UAC Settings:
===================
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
DWORD 0 Status: OFF
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
DWORD 5 Status: ON
 
AntiVirus Information:
===================
AntiVirus Software Installed: "Norton Security with Backup"
AntiVirus Software Installed: "Windows Defender"
 
FireWall Information:
===================
3rd Party FireWall Software Installed: "Norton Security with Backup"
 
AntiSpyware Information:
===================
AntiSpyware Software Installed: "Windows Defender"
AntiSpyware Software Installed: "Norton Security with Backup"
 
Machine Information
===============================================
Machine ID: d6035154c3c7ed015a9ad57faa9a6339f7167a81
System has been up for: 0.0744444 Hours
System has been booted within the last hour
Current Date: 2016-Jan-09 23:15:28.794797
Date Booted: 2016-Jan-09 23:15:28.794797
 
Compatibility Flag Settings:
=================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
SIGN.MEDIA=3B58EAC Demos\Bg2eng.exeREG_SZ $ DWM8And16BitMitigation
D:\IDMain.exe                 REG_SZ $ DWM8And16BitMitigation
D:\Baldur's Gate - Enhanced Edition\Baldur.exeREG_SZ ~WIN7RTM RUNASADMIN
D:\This War of Mine\This War of Mine.exeREG_SZ HIGHDPIAWARE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
SIGN.MEDIA=3B58EAC Demos\Bg2eng.exeREG_SZ DWM8And16BitMitigation
D:\IDMain.exe                 REG_SZ DWM8And16BitMitigation
C:\Program Files (x86)\GOG.com\Neverwinter Nights Diamond Edition\nwn.exeREG_SZ $ ElevateCreateProcess
D:\Baldur's Gate - Enhanced Edition\Baldur.exeREG_SZ ~WIN7RTM RUNASADMIN
D:\Neverwinter Nights 2 Complete\nwn2.exeREG_SZ RUNASADMIN HIGHDPIAWARE
D:\This War of Mine\This War of Mine.exeREG_SZ HIGHDPIAWARE
D:\Sacred Gold\sacred.exe     REG_SZ ~HIGHDPIAWARE RUNASADMIN
D:\Sacred Gold\config.exe     REG_SZ HIGHDPIAWARE RUNASADMIN
D:\Sacred Gold\GameServer.exe REG_SZ HIGHDPIAWARE RUNASADMIN
D:\The Witcher\System\witcher.exeREG_SZ $ IgnoreFreeLibrary<Wpc.dll>
D:\Games\Fallout 4\Fallout4Launcher.exeREG_SZ RUNASADMIN
C:\Program Files (x86)\Yahoo!\Common\unyt_wrap.exeREG_SZ $ VistaSP2
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
D:\Sacred Gold\sacred.exe     REG_SZ ~HIGHDPIAWARE RUNASADMIN
D:\Games\Game of Thrones - A Telltale Games Series\Thrones.exeREG_SZ RUNASADMIN
 
Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:
 
MBAM Startup Entries: 
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
 
Malwarebytes Anti-Malware Service and Driver Status:
=======================================================
 
--------------Driver File Info:--------------
C:\WINDOWS\system32\drivers\mbam.sys
File Size: 25816     BYTES FileVersion: 0.1.16.0 MD5: [cfbc6c6d8a492697cabd1d353ee64933]
C:\WINDOWS\system32\drivers\mwac.sys
File Size: 64216     BYTES FileVersion: 1.0.6.0 MD5: [08decfcb9ba97786165a69ab1015bc30]
C:\WINDOWS\system32\drivers\mbamswissarmy.sys
File Size: 192216    BYTES FileVersion: 0.3.0.4 MD5: [78488af2ab2111d67b3c4044707a519b]
C:\WINDOWS\system32\drivers\mbamchameleon.sys
File Size: 109272    BYTES FileVersion: 1.1.21.0 MD5: [42b3f5c9fbc9b3f0e0ba6b5d7fc8e849]
 
--------------MBAMProtector:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
--------------MBAMService:--------------
Type:                   16
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
--------------MBAMScheduler:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMWebAccessControl:--------------
Type:                   2
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
Required Dependencies:
======================
 
--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
DisplayName                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1001
ErrorControl                  REG_DWORD 1
Group                         REG_SZ NetworkProvider
ImagePath                     REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Start                         REG_DWORD 2
Type                          REG_DWORD 32
Description                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1002
DependOnService               REG_MULTI_SZ RpcSs
WfpLwfs
 
ObjectName                    REG_SZ NT AUTHORITY\LocalService
ServiceSidType                REG_DWORD 3
RequiredPrivileges            REG_MULTI_SZ SeAuditPrivilege
 
FailureActions                REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
ServiceDllUnloadOnStop        REG_DWORD 1
ServiceMain                   REG_SZ BfeServiceMain
ServiceDll                    REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
{89a89b7c-b5ab-4ed6-bf05-d3059281a5c5}REG_BINARY Binary Data
 
{84750a0c-b836-48e3-ab80-104985c857db}REG_BINARY Binary Data
 
{8c300c03-7d30-1b44-8a83-dcc8c09cfa85}REG_BINARY Binary Data
 
{e88282c2-f90f-ef54-1a60-13cbe22eceaa}REG_BINARY Binary Data
 
{e1739739-ee27-4492-b61b-b1fd907d9e88}REG_BINARY Binary Data
 
{0f14dd31-cf58-4fab-9127-e085c7547d7a}REG_BINARY Binary Data
 
{034c737b-f629-a1b4-6afb-1a2f44a1a1d7}REG_BINARY Binary Data
 
{cfb4c757-0bff-94e4-7801-a2b2f62f35ce}REG_BINARY Binary Data
 
{47a3a498-021c-7304-b85a-6bb5e43ade96}REG_BINARY Binary Data
 
{5bb9675e-0064-2cb4-d89d-bcd4e20e11c8}REG_BINARY Binary Data
 
{ca70ae30-59e8-46ef-b483-c22ee366ab29}REG_BINARY Binary Data
 
{b18f04c9-f2e9-4d39-9510-b9265a6b071d}REG_BINARY Binary Data
 
{430f2767-3528-2784-289e-b0860d99a608}REG_BINARY Binary Data
 
{a06ae492-b0c1-1f94-caa4-bb9b226ca22d}REG_BINARY Binary Data
 
{c540d974-3c6c-be64-5bff-3db65b322a1d}REG_BINARY Binary Data
 
{3e3f092e-1288-a8c4-28bf-2b4ef96df312}REG_BINARY Binary Data
 
{e20f0605-5735-38d4-6aea-19d1b15c7868}REG_BINARY Binary Data
 
{2dc4271a-246e-a1a4-3a70-4c8f14fd7ba0}REG_BINARY Binary Data
 
{638ffdf7-a3ff-66c4-7b65-4f406b0da651}REG_BINARY Binary Data
 
{f9bc3444-96d0-0ca4-8920-5425ed611a9e}REG_BINARY Binary Data
 
{0ff1f959-c0d4-3ca4-a8a5-cb469d318b39}REG_BINARY Binary Data
 
{1dd94704-a218-0d34-18d3-1ba50d201728}REG_BINARY Binary Data
 
{39f29298-8fa5-0144-fab3-bcd9ad227c3b}REG_BINARY Binary Data
 
{f154d790-c121-3a84-7824-f7ff97bea29e}REG_BINARY Binary Data
 
{a708428d-50f4-9d44-aa15-fd48988b7d66}REG_BINARY Binary Data
 
{98b0b712-aa06-f734-0bec-c14f445161c4}REG_BINARY Binary Data
 
{70e10304-e806-1af4-4a65-791688215398}REG_BINARY Binary Data
 
{fb588d62-f991-4044-bba6-5e96cf3939df}REG_BINARY Binary Data
 
{64f39050-d77f-7a74-8a07-2a7c2dd7802d}REG_BINARY Binary Data
 
{e69be8e1-869d-0e34-99f6-f82ea91df33d}REG_BINARY Binary Data
 
{dcae098a-dff1-ffe4-9b22-0bb2738885db}REG_BINARY Binary Data
 
{113ba551-0a01-aa84-1944-25df351f74ab}REG_BINARY Binary Data
 
{ef11fc1e-9d20-ff14-3b74-55b7e55eeb97}REG_BINARY Binary Data
 
{b457115e-0fc4-89f4-2b7d-85e7d94efcaa}REG_BINARY Binary Data
 
{2265f512-4d6b-8484-fbf8-7d6ec7579b67}REG_BINARY Binary Data
 
{1b0fa1a4-5e46-8cc4-18c0-f5ff3dd69546}REG_BINARY Binary Data
 
{d663476c-94a3-c5e4-db44-7aa6c8fabd83}REG_BINARY Binary Data
 
{d4de1868-54d9-b4e4-ab30-b9c378cb4b18}REG_BINARY Binary Data
 
{c8e26ddd-a426-73e4-b848-a5c31a087eca}REG_BINARY Binary Data
 
{f67c8b29-2d24-0a74-fbd7-a5cbbe16f710}REG_BINARY Binary Data
 
{fbe3d017-fb99-8c14-aad9-631321b22614}REG_BINARY Binary Data
 
{b47f0b6a-3185-6434-c8b0-e1e69c18eb94}REG_BINARY Binary Data
 
{68487fdc-3301-cef4-ea7a-583c54b3069c}REG_BINARY Binary Data
 
{21e3a753-0ccf-f284-abd6-7221adbd9311}REG_BINARY Binary Data
 
{ffb717c4-ecc7-8b14-3978-dca6602db705}REG_BINARY Binary Data
 
{c40bc20f-87a8-8e24-e824-38f14fb83d7e}REG_BINARY Binary Data
 
{9cd26f24-b76d-2e14-ca19-d17d552bb424}REG_BINARY Binary Data
 
{3bbaa68c-b062-66a4-8a85-648680f757ca}REG_BINARY Binary Data
 
{cd1b16b0-cc00-0be4-79f2-7b4ae69a2037}REG_BINARY Binary Data
 
{511094b4-6ffd-e2e4-0bcf-9794e77d95ae}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Options
EnablePacketQueue             REG_DWORD 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout
{22001ee0-8e87-4f75-ba58-248f5918a63a}REG_BINARY Binary Data
 
{79f2a265-b693-4cc9-b480-cbcd87bd4747}REG_BINARY Binary Data
 
{c4b50f21-503e-4d7a-abd4-ed0a823a2453}REG_BINARY Binary Data
 
{91e902db-2cef-4040-b8e2-02fe4fd49c25}REG_BINARY Binary Data
 
{288d1fdb-0317-7e44-cb75-83debf2aebf5}REG_BINARY Binary Data
 
{43ebc567-3739-d724-e89c-cd57f7f662be}REG_BINARY Binary Data
 
{e07dc617-78d7-4317-8d98-1de4a06a7447}REG_BINARY Binary Data
 
{fa50a7a7-58aa-48cc-b795-039f0519e05d}REG_BINARY Binary Data
 
{83b672f1-37df-f3d4-c8be-2d0ed09451ed}REG_BINARY Binary Data
 
{1938590a-37c1-4754-e9ee-c9198f101b57}REG_BINARY Binary Data
 
{63ceb950-c8c2-62c4-197a-70815d052de9}REG_BINARY Binary Data
 
{7f44d536-a1d5-04b4-5821-f9d3f05e7b77}REG_BINARY Binary Data
 
{0c1ac9f9-08e1-4a93-b969-f2cc78ab71da}REG_BINARY Binary Data
 
{ba7a59eb-6441-4b0a-8867-5e8b896c2786}REG_BINARY Binary Data
 
{822c8b33-e507-cad4-ab50-e06d74102386}REG_BINARY Binary Data
 
{ce939e38-be51-53f4-d98e-c7905ea7af84}REG_BINARY Binary Data
 
{b787f560-894f-8db4-1bd5-ea38d2f4006a}REG_BINARY Binary Data
 
{5040b65d-0ecd-5fc4-99ee-7bccd3941b13}REG_BINARY Binary Data
 
{e53d1460-4afc-e1e4-8a2e-e210cc564688}REG_BINARY Binary Data
 
{2e971130-3bf4-ea64-9ab5-cb9c3a0cad57}REG_BINARY Binary Data
 
{bff0c14d-5646-7644-3a01-f0344e4cb231}REG_BINARY Binary Data
 
{3ce1de5f-d7ef-e064-1991-abe3beefda33}REG_BINARY Binary Data
 
{d384de9c-320b-7564-788b-7e17bd4f3e06}REG_BINARY Binary Data
 
{b6fe0628-75e9-41d4-c85b-106b79a9605c}REG_BINARY Binary Data
 
{6db2047b-4844-4a34-c9f7-612acd816b15}REG_BINARY Binary Data
 
{7dbcb70a-fa99-76c4-2bb7-44e9545c290b}REG_BINARY Binary Data
 
{f0888ff5-e13d-e844-1b13-64f885451c9e}REG_BINARY Binary Data
 
{1e6f2082-dc1c-e774-9889-d77bc276de17}REG_BINARY Binary Data
 
{34392ca1-05dd-d324-d886-a1db63fd0a1c}REG_BINARY Binary Data
 
{2c8aea04-7f81-44e4-380a-4f1f1fd3ec8b}REG_BINARY Binary Data
 
{4d6ff4f5-33fc-04a4-5a43-580d83238c1f}REG_BINARY Binary Data
 
{056d0c54-b875-6b54-3b6b-85fb20ef945b}REG_BINARY Binary Data
 
{d9bf7a23-80e2-16f4-4916-10b6881da7f4}REG_BINARY Binary Data
 
{3b15de27-387f-0b04-b8fd-9cfec1fc2b53}REG_BINARY Binary Data
 
{ff60487c-9b38-8b74-eaad-a723fe2920f3}REG_BINARY Binary Data
 
{e113abe3-c2c2-e7d4-981a-1d81cef728cd}REG_BINARY Binary Data
 
{f9c69fee-fab9-4d14-7bf0-4150924172c3}REG_BINARY Binary Data
 
{013bfb29-c999-4f74-e91a-163592356489}REG_BINARY Binary Data
 
{a1f52b10-d3a0-5584-db3f-4fbff5ee691e}REG_BINARY Binary Data
 
{a66e372d-6ad2-32b4-fa7a-9e5406a06efb}REG_BINARY Binary Data
 
{25452abe-22c4-46e4-4b43-4e63c44ff052}REG_BINARY Binary Data
 
{d2186677-8f09-80c4-9a3c-fb95a7cafe47}REG_BINARY Binary Data
 
{13d22885-8869-6194-8a68-eabf78dc7b1d}REG_BINARY Binary Data
 
{85d443eb-d02f-35b4-09b6-17a55933e9a9}REG_BINARY Binary Data
 
{468aa82e-7c0b-3484-f976-c96cac54f548}REG_BINARY Binary Data
 
{d7167dab-073c-70f4-eaa7-27a7f9058100}REG_BINARY Binary Data
 
{aa75c41d-0567-9754-fbb4-98314d2e1025}REG_BINARY Binary Data
 
{72d8a0b2-f9e8-3a14-5947-53b26053e2cc}REG_BINARY Binary Data
 
{1e83b45d-73c2-3c74-69ca-ca49a21a9471}REG_BINARY Binary Data
 
{124cd831-d190-26d4-1912-9d66a2f87850}REG_BINARY Binary Data
 
{f4965f1d-9b1d-c1b4-a9bf-7f14d9558673}REG_BINARY Binary Data
 
{d9fbf698-6e04-4044-e834-05a80e2c7216}REG_BINARY Binary Data
 
{3c565f9a-e9d1-52d4-280a-204519ae9b74}REG_BINARY Binary Data
 
{cae4853d-d48a-5094-9998-a654d8a1f201}REG_BINARY Binary Data
 
{c195d6cb-28ba-0244-f9ea-d52c30774a2f}REG_BINARY Binary Data
 
{945df99a-f3cd-63b4-1925-816ce9429e3b}REG_BINARY Binary Data
 
{323a84ef-da67-4c44-3940-200827d6c044}REG_BINARY Binary Data
 
{379a9aa8-6286-9274-6a9a-1b9f9fef5ea2}REG_BINARY Binary Data
 
{3162ae5d-fd53-7894-badc-9910318def3f}REG_BINARY Binary Data
 
{83ad9a09-ff8f-4a54-d99a-cec7b98984ff}REG_BINARY Binary Data
 
{2de5159c-7a8e-f814-58c2-236f884dbb18}REG_BINARY Binary Data
 
{539b7c6d-8ad7-ea54-cbba-f028c6a88719}REG_BINARY Binary Data
 
{6329feaf-fae0-51e4-aba7-9107bc00d060}REG_BINARY Binary Data
 
{b99aa75f-8721-98a4-e952-f03e1e644994}REG_BINARY Binary Data
 
{a49c4ab8-c054-9914-2b9c-7d0ae48d8505}REG_BINARY Binary Data
 
{7df4b338-f782-f0f4-9bed-e9b45deb580e}REG_BINARY Binary Data
 
{f319fd16-192f-13a4-ea06-180e16c755f9}REG_BINARY Binary Data
 
{3cc23cb2-30bd-6674-3bf9-81d622fde73d}REG_BINARY Binary Data
 
{4053bd41-f27e-8bc4-39d8-4420fc25b014}REG_BINARY Binary Data
 
{92517201-7702-8bf4-dbea-9fdfe8a32410}REG_BINARY Binary Data
 
{1d0f6316-1e62-7cb4-b908-aebc52d7af48}REG_BINARY Binary Data
 
{c28099d7-7ef3-3f64-785c-9e82ff2678a9}REG_BINARY Binary Data
 
{9a81b08a-d239-9f14-ea63-fa043703c04b}REG_BINARY Binary Data
 
{a739d627-00a3-9634-ebf2-0b0c7977fea1}REG_BINARY Binary Data
 
{bd54f486-7316-ae84-bad6-efec4ca12d63}REG_BINARY Binary Data
 
{9d16cb2a-7eb4-db64-5980-d989275b5c6a}REG_BINARY Binary Data
 
{b95281e9-0df5-3664-289a-2cda6a45f97d}REG_BINARY Binary Data
 
{ca4cad28-4dd9-6034-69c5-d5362f3cc1cb}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
{89a89b7c-b5ab-4ed6-bf05-d3059281a5c5}REG_BINARY Binary Data
 
{84750a0c-b836-48e3-ab80-104985c857db}REG_BINARY Binary Data
 
{e72646bc-7d3f-4c5c-a679-b3716f8c6cc8}REG_BINARY Binary Data
 
{b98b75dc-17c0-4e84-bd4e-2080527ca6a6}REG_BINARY Binary Data
 
{56b4fdc4-bb4e-4c42-a9d8-f627ee15ac21}REG_BINARY Binary Data
 
{1ba41ed8-151d-4577-9272-317856bc637c}REG_BINARY Binary Data
 
{9248d57e-f843-4159-807d-3813173e2096}REG_BINARY Binary Data
 
{4658cd86-525d-44ed-98a5-791a7b8655f1}REG_BINARY Binary Data
 
{8c300c03-7d30-1b44-8a83-dcc8c09cfa85}REG_BINARY Binary Data
 
{e311ae9f-e0fb-7f04-7b55-8a257506650f}REG_BINARY Binary Data
 
{e88282c2-f90f-ef54-1a60-13cbe22eceaa}REG_BINARY Binary Data
 
{4ef2b2de-4b97-0234-3bbf-eaa6719814d6}REG_BINARY Binary Data
 
{e1739739-ee27-4492-b61b-b1fd907d9e88}REG_BINARY Binary Data
 
{e7609227-f261-4b39-a7f5-64e338ade472}REG_BINARY Binary Data
 
{0f14dd31-cf58-4fab-9127-e085c7547d7a}REG_BINARY Binary Data
 
{f3009b7d-992b-4cce-b65a-2792465c6ea4}REG_BINARY Binary Data
 
{034c737b-f629-a1b4-6afb-1a2f44a1a1d7}REG_BINARY Binary Data
 
{dcbbcd6b-37fe-0914-2b3e-a5a15ed83c24}REG_BINARY Binary Data
 
{cfb4c757-0bff-94e4-7801-a2b2f62f35ce}REG_BINARY Binary Data
 
{a5f90f38-2ba6-0c84-3a97-906cc41a4860}REG_BINARY Binary Data
 
{47a3a498-021c-7304-b85a-6bb5e43ade96}REG_BINARY Binary Data
 
{3bb6a48a-db01-da24-6b94-b0890b8da96f}REG_BINARY Binary Data
 
{5bb9675e-0064-2cb4-d89d-bcd4e20e11c8}REG_BINARY Binary Data
 
{642969df-6023-55a4-384d-a00571e7a98a}REG_BINARY Binary Data
 
{ca70ae30-59e8-46ef-b483-c22ee366ab29}REG_BINARY Binary Data
 
{c91d1d66-421c-4b87-ac5b-a18193abbd64}REG_BINARY Binary Data
 
{b18f04c9-f2e9-4d39-9510-b9265a6b071d}REG_BINARY Binary Data
 
{bb623a72-5252-4284-a365-1cd0f83e55ce}REG_BINARY Binary Data
 
{430f2767-3528-2784-289e-b0860d99a608}REG_BINARY Binary Data
 
{3ba7deb2-a886-ae74-f87a-72194738a423}REG_BINARY Binary Data
 
{a06ae492-b0c1-1f94-caa4-bb9b226ca22d}REG_BINARY Binary Data
 
{11cc978e-2782-1724-79bf-9a7edca87fae}REG_BINARY Binary Data
 
{c540d974-3c6c-be64-5bff-3db65b322a1d}REG_BINARY Binary Data
 
{9de53702-392d-8044-2953-fc2bc7af47ad}REG_BINARY Binary Data
 
{3e3f092e-1288-a8c4-28bf-2b4ef96df312}REG_BINARY Binary Data
 
{d96b0bca-4c17-2b34-48b1-60566dd3e999}REG_BINARY Binary Data
 
{e20f0605-5735-38d4-6aea-19d1b15c7868}REG_BINARY Binary Data
 
{e448f4a4-8392-a954-699a-41c712f4a5d3}REG_BINARY Binary Data
 
{2dc4271a-246e-a1a4-3a70-4c8f14fd7ba0}REG_BINARY Binary Data
 
{e1de2d9d-2a11-f554-0acf-db826b0f4bd6}REG_BINARY Binary Data
 
{638ffdf7-a3ff-66c4-7b65-4f406b0da651}REG_BINARY Binary Data
 
{5342d19f-180e-3124-b95c-cc8d73fef5b1}REG_BINARY Binary Data
 
{f9bc3444-96d0-0ca4-8920-5425ed611a9e}REG_BINARY Binary Data
 
{1c5aab44-1a9b-9c04-9a1d-f9f85ec51e98}REG_BINARY Binary Data
 
{0ff1f959-c0d4-3ca4-a8a5-cb469d318b39}REG_BINARY Binary Data
 
{b5db1d35-04c6-07f4-3912-a48d9266dc36}REG_BINARY Binary Data
 
{1dd94704-a218-0d34-18d3-1ba50d201728}REG_BINARY Binary Data
 
{a95b3da7-c453-a294-cacb-b5065e5a9dd0}REG_BINARY Binary Data
 
{39f29298-8fa5-0144-fab3-bcd9ad227c3b}REG_BINARY Binary Data
 
{4dbfdcf1-8cd6-79a4-1b57-d3ce0245e8ed}REG_BINARY Binary Data
 
{f154d790-c121-3a84-7824-f7ff97bea29e}REG_BINARY Binary Data
 
{b00673e4-f4be-01d4-cab1-cab8f7f217a8}REG_BINARY Binary Data
 
{a708428d-50f4-9d44-aa15-fd48988b7d66}REG_BINARY Binary Data
 
{ad3611e0-f9e2-ebf4-49e1-59361a5ffbea}REG_BINARY Binary Data
 
{98b0b712-aa06-f734-0bec-c14f445161c4}REG_BINARY Binary Data
 
{605a11a1-39e0-8eb4-2850-e2b24f317d76}REG_BINARY Binary Data
 
{70e10304-e806-1af4-4a65-791688215398}REG_BINARY Binary Data
 
{883a9337-5ef5-f4c4-5b87-239da3ee190f}REG_BINARY Binary Data
 
{fb588d62-f991-4044-bba6-5e96cf3939df}REG_BINARY Binary Data
 
{b14c171c-cba7-ebd4-fbb8-ce1071abca6d}REG_BINARY Binary Data
 
{64f39050-d77f-7a74-8a07-2a7c2dd7802d}REG_BINARY Binary Data
 
{24c60015-9c25-3f34-cacf-92da9840e906}REG_BINARY Binary Data
 
{e69be8e1-869d-0e34-99f6-f82ea91df33d}REG_BINARY Binary Data
 
{6d7c050d-a47a-9914-9b9c-3ec20b9d7698}REG_BINARY Binary Data
 
{dcae098a-dff1-ffe4-9b22-0bb2738885db}REG_BINARY Binary Data
 
{2efb3fad-ff4c-e684-5b3c-af1df1bf1ca9}REG_BINARY Binary Data
 
{113ba551-0a01-aa84-1944-25df351f74ab}REG_BINARY Binary Data
 
{125c4673-2cbe-b8d4-8aee-faf905c18997}REG_BINARY Binary Data
 
{ef11fc1e-9d20-ff14-3b74-55b7e55eeb97}REG_BINARY Binary Data
 
{49339bce-1676-b564-79f0-9dedba6ac5a0}REG_BINARY Binary Data
 
{b457115e-0fc4-89f4-2b7d-85e7d94efcaa}REG_BINARY Binary Data
 
{d167b2f1-e18b-4644-2b1f-c8c84095db6b}REG_BINARY Binary Data
 
{2265f512-4d6b-8484-fbf8-7d6ec7579b67}REG_BINARY Binary Data
 
{65bd1b95-7c25-1cb4-e8cf-5f77cf66fc7e}REG_BINARY Binary Data
 
{1b0fa1a4-5e46-8cc4-18c0-f5ff3dd69546}REG_BINARY Binary Data
 
{aea589d8-0f00-bc04-0a41-f96b266d758d}REG_BINARY Binary Data
 
{d663476c-94a3-c5e4-db44-7aa6c8fabd83}REG_BINARY Binary Data
 
{db7b7458-6817-ce44-0abe-440eae0c2b57}REG_BINARY Binary Data
 
{d4de1868-54d9-b4e4-ab30-b9c378cb4b18}REG_BINARY Binary Data
 
{60268e51-b7fd-c1e4-6b82-638aa19227bd}REG_BINARY Binary Data
 
{c8e26ddd-a426-73e4-b848-a5c31a087eca}REG_BINARY Binary Data
 
{1ad00215-eb30-eda4-69bd-346d8371787a}REG_BINARY Binary Data
 
{f67c8b29-2d24-0a74-fbd7-a5cbbe16f710}REG_BINARY Binary Data
 
{60286bb2-acca-67d4-58d8-3610a6618e15}REG_BINARY Binary Data
 
{fbe3d017-fb99-8c14-aad9-631321b22614}REG_BINARY Binary Data
 
{169d6be1-b993-6af4-c9f7-74f6946781e4}REG_BINARY Binary Data
 
{b47f0b6a-3185-6434-c8b0-e1e69c18eb94}REG_BINARY Binary Data
 
{30146aff-3c2c-0aa4-3905-894aa433e953}REG_BINARY Binary Data
 
{7587f941-cafe-99d4-fb05-f470e11db9d0}REG_BINARY Binary Data
 
{a3d09149-cc40-6854-f9b2-5a83e63b5aa9}REG_BINARY Binary Data
 
{08851390-28f1-d024-0a30-96424e7f2a8c}REG_BINARY Binary Data
 
{e00fb75c-bfb8-a0b4-ea1a-aad548b5cb38}REG_BINARY Binary Data
 
{d1d8fe07-0f6f-3bb4-8b2d-ac54185b9ea4}REG_BINARY Binary Data
 
{07a51945-f0a0-a984-19dd-a2fa6df50ca1}REG_BINARY Binary Data
 
{aa959992-13eb-eab4-c8c3-344b164dedc0}REG_BINARY Binary Data
 
{e124c736-1dd5-f034-181e-202a6f0d45e3}REG_BINARY Binary Data
 
{45b3b6b8-08a0-0eb4-2b3f-7cba6fcff68a}REG_BINARY Binary Data
 
{63f3d0c3-b230-3384-a9a0-05fe70c051a9}REG_BINARY Binary Data
 
{7d972967-373f-53c4-c822-6d9b98040aac}REG_BINARY Binary Data
 
{8b0216d4-8c51-5674-d977-0d4c5873c41f}REG_BINARY Binary Data
 
{68487fdc-3301-cef4-ea7a-583c54b3069c}REG_BINARY Binary Data
 
{63421a09-1e6b-1724-88be-ac3012cda100}REG_BINARY Binary Data
 
{21e3a753-0ccf-f284-abd6-7221adbd9311}REG_BINARY Binary Data
 
{d0bbb240-772e-3144-4bcd-ef6b426e90ba}REG_BINARY Binary Data
 
{0259c1da-7cce-f914-7a21-487e1e084a28}REG_BINARY Binary Data
 
{1dd6069a-5a11-49c4-ba9a-67c6a44f5b4c}REG_BINARY Binary Data
 
{104e67d6-ec8f-28b4-bb61-00fde33ab1eb}REG_BINARY Binary Data
 
{b4251f4a-2d5a-b014-0a4a-ed36b5e10ea0}REG_BINARY Binary Data
 
{ffb717c4-ecc7-8b14-3978-dca6602db705}REG_BINARY Binary Data
 
{4f8e204e-5624-9234-8a78-8f16aae3ef20}REG_BINARY Binary Data
 
{c40bc20f-87a8-8e24-e824-38f14fb83d7e}REG_BINARY Binary Data
 
{c55f646a-7d0e-5ff4-9b56-abc231ba1bef}REG_BINARY Binary Data
 
{4776b92a-fed9-d8e4-9a0e-f85cf5865d35}REG_BINARY Binary Data
 
{9f3078ed-3bb3-2e24-ab4a-71722a21fd64}REG_BINARY Binary Data
 
{92ac1647-5cd5-a1d4-0bc1-5fd3213c8c4b}REG_BINARY Binary Data
 
{02cca994-9a30-25a4-3b7c-bd328cba6209}REG_BINARY Binary Data
 
{a64e2fd7-fb02-4674-8819-10780570e8b7}REG_BINARY Binary Data
 
{8daa920a-dfd9-7844-5bf9-ab95051685aa}REG_BINARY Binary Data
 
{9cd26f24-b76d-2e14-ca19-d17d552bb424}REG_BINARY Binary Data
 
{9c8380e5-0d81-eef4-a88b-21dd395c25fa}REG_BINARY Binary Data
 
{3bbaa68c-b062-66a4-8a85-648680f757ca}REG_BINARY Binary Data
 
{22482d59-35d6-1f44-3b51-19ad61d3114c}REG_BINARY Binary Data
 
{cd1b16b0-cc00-0be4-79f2-7b4ae69a2037}REG_BINARY Binary Data
 
{87dc86f5-72ee-2fc4-8a83-0363327f1b96}REG_BINARY Binary Data
 
{511094b4-6ffd-e2e4-0bcf-9794e77d95ae}REG_BINARY Binary Data
 
{d7429422-150f-0c74-3bba-dc048e9baf3d}REG_BINARY Binary Data
 
{bf1b654b-5339-2a44-1923-64119b05b796}REG_BINARY Binary Data
 
{36ed884e-2b1f-e2d4-5b52-d7b9371a4b93}REG_BINARY Binary Data
 
{f0b80ade-0944-73b4-09cc-ba867baba6d6}REG_BINARY Binary Data
 
{3627ecb2-b18b-74a4-7b8a-4dc864cfe05e}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
{decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data
 
{4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data
 
{1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data
 
{aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data
 
{839cd73f-1907-49ea-9aa5-0e6be9048087}REG_BINARY Binary Data
 
{06e9d64c-15e9-4615-a862-1f0dc2674c6a}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
{b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data
 
{b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data
 
{b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data
 
{9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data
 
{8c36b346-4e0c-4049-8b55-5295ac35567c}REG_BINARY Binary Data
 
{138d8cf9-63ce-0264-2a6a-82012a3041e9}REG_BINARY Binary Data
 
{e104491e-e3ff-5884-297d-4a606059202a}REG_BINARY Binary Data
 
{944c7c85-2d3e-3ca4-b96c-45f1fbacf534}REG_BINARY Binary Data
 
{7ad177f7-b8b6-f044-982b-02fba7bb5a4b}REG_BINARY Binary Data
 
{982a8b99-8fda-5af4-394e-b3a86eeae3a2}REG_BINARY Binary Data
 
{716551c6-d81c-c314-8b60-8e802d17af65}REG_BINARY Binary Data
 
{fa440e9d-3210-9e34-0941-9e24589c14a7}REG_BINARY Binary Data
 
{3659e00e-8c62-9174-8be9-e4e562795f04}REG_BINARY Binary Data
 
{a98edafe-8f64-8144-fa1b-ba21cc1c77dd}REG_BINARY Binary Data
 
{7e0920ad-bcec-bb94-f850-b022eac09779}REG_BINARY Binary Data
 
--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
AttachWhenLoaded              REG_DWORD 1
DisplayName                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
ErrorControl                  REG_DWORD 3
Group                         REG_SZ FSFilter Infrastructure
ImagePath                     REG_EXPAND_SZ system32\drivers\fltmgr.sys
Start                         REG_DWORD 0
Tag                           REG_DWORD 1
Type                          REG_DWORD 2
Description                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
 
 
C:\WINDOWS\system32\drivers\fltmgr.sys
File Size: 354112    BYTES FileVersion: 6.3.9600.17326 MD5: [c1fb505a73fa2e9019d32444ab33b75a]
C:\WINDOWS\SysWOW64\mscomctl.ocx
File Size: 1069376   BYTES FileVersion: 6.1.98.18 MD5: [d7eef2c46a9880f21be01511024b53ab]
C:\WINDOWS\SysWOW64\olepro32.dll
File Size: 86016     BYTES FileVersion: 6.3.9600.17415 MD5: [afe3ca77ff01edcb79ab3f9e87b7a50b]
 
 
MBAM Registry Settings and License Info:
========================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware
ScanReboot                    REG_DWORD 1
 
 
 
Scheduler Queue:
================
 
 
Pending File Rename Operations: 
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
Pending File Rename Operations: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
PendingFileRenameOperations REG_MULTI_SZ \??\C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll
 
 
 
MBAMProtector Registry Values:
==============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
Type                          REG_DWORD 2
Start                         REG_DWORD 3
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ \??\C:\WINDOWS\system32\drivers\mbam.sys
Group                         REG_SZ FSFilter Anti-Virus
DependOnService               REG_MULTI_SZ FltMgr
 
WOW64                         REG_DWORD 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
DefaultInstance               REG_SZ MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
Altitude                      REG_SZ 328800
Flags                         REG_DWORD 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters
PassThruFile                  REG_SZ mbampt.exe
ProductPath                   REG_SZ D:\Malwarebytes Anti-Malware
 
MBAMService Registry Values:
============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
Type                          REG_DWORD 16
Start                         REG_DWORD 2
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ "D:\Malwarebytes Anti-Malware\mbamservice.exe"
DependOnService               REG_MULTI_SZ MBAMProtector
 
WOW64                         REG_DWORD 1
ObjectName                    REG_SZ LocalSystem
Description                   REG_SZ Malwarebytes Anti-Malware service
DelayedAutostart              REG_DWORD 0
 
MBAMScheduler Registry Values:
==============================
 
 
 
Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================
 
--------------TERMService:--------------
Type:                   32
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
TermService Start is set to: 3 (Manual Startup)
 
Proxy Status: No proxy is Set
 
Proxy Override: 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
ProxyOverride REG_SZ <local>
 
LAN Settings:
=============
 
No Settings are Set <--NOT DETECTING SETTING AUTOMATICALLY
 
SystemPartition:
================
 
HKEY_LOCAL_MACHINE\SYSTEM\Setup\
SystemPartition REG_SZ \Device\HarddiskVolume2
 
Balloon Tips Status:
====================
 
Enabled
 
Time Format Settings:
=====================
 
Should be:
h:mm:ss tt
AM 
PM 
:
 
Currently:
REG_SZ h:mm:ss tt
REG_SZ AM
REG_SZ PM
REG_SZ :
 
Language and Regional Settings:
===============================
 
ACP: Language is English (United States)
MACCP: Language is English (United States)
OEMCP: Language is English (United States)
 
Startup Folders for Error_Expanding_Variables Check:
====================================================
 
All Users Startup Folder Exists.
Current User's Startup Folder Exists.
 
 
 
MBAM DLL's and Runtime Files:
=============================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
MBAM Registry Settings and License Info (part 2):
==================================================
 
 
 
 
 
 
 
Context Menu Entries:
=====================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
List of MBAM Related Directories:
=================================
 
===============================================================
END OF FILE


#5 LostApprentice

LostApprentice
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 09 January 2016 - 09:02 PM

Adwcleaner log:

 

# AdwCleaner v5.028 - Logfile created 09/01/2016 at 15:19:07
# Updated 04/01/2016 by Xplode
# Database : 2016-01-04.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Aaron - THEMAINFRAME
# Running from : C:\Users\Aaron\Desktop\adwcleaner_5.028.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : logitech-webcam-software.en.softonic.com
[C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : netflix.com
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [818 bytes] ##########


#6 LostApprentice

LostApprentice
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 09 January 2016 - 09:07 PM

Farbar log: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-01-2015
Ran by Aaron (administrator) on THEMAINFRAME (09-01-2016 18:05:22)
Running from C:\Users\Aaron\Desktop\farbar
Loaded Profiles: Aaron (Available Profiles: Aaron)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\Runservice.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.4.24\NSBU.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.4.24\NSBU.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Akamai Technologies, Inc.) C:\Users\Aaron\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Aaron\AppData\Local\Akamai\netsession_win.exe
(MY.COM B.V.) C:\Users\Aaron\AppData\Local\MyComGames\MyComGames.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7192792 2013-07-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-07] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-18] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Aeria Ignite] => D:\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [14408 2015-12-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2590220172-2461181982-2144838109-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Aaron\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2590220172-2461181982-2144838109-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2590220172-2461181982-2144838109-1001\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-2590220172-2461181982-2144838109-1001\...\Run: [MyComGames] => C:\Users\Aaron\AppData\Local\MyComGames\MyComGames.exe [4741064 2016-01-09] (MY.COM B.V.)
HKU\S-1-5-21-2590220172-2461181982-2144838109-1001\...\MountPoints2: {c3149af2-6b39-11e5-bed8-d850e6c2d7e6} - "H:\LGAutoRun.exe" 
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-15]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyEnable: [S-1-5-20] => Proxy is enabled.
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{39875994-5A60-4A5F-A0D6-EE13B0ECF40F}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-2590220172-2461181982-2144838109-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-2590220172-2461181982-2144838109-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-2590220172-2461181982-2144838109-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2590220172-2461181982-2144838109-1001 -> DefaultScope {3439A0AE-4DC6-4CF4-B2B2-282C53EDC463} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20151122&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2590220172-2461181982-2144838109-1001 -> {3439A0AE-4DC6-4CF4-B2B2-282C53EDC463} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20151122&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine64\22.5.4.24\coIEPlg.dll [2015-09-22] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-10-11] (Oracle Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-11] (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.4.24\coIEPlg.dll [2015-09-22] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Arc\plugins\ArcPluginIE.dll [2015-09-15] (Perfect World Entertainment Inc)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.5.4.24\coIEPlg.dll [2015-09-22] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.4.24\coIEPlg.dll [2015-09-22] (Symantec Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-29] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-29] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-29] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-29] (McAfee, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\u20goij3.default
FF DefaultSearchEngineuser_pref("browser.search.defaultenginename","Secure Search");: user_pref("browser.search.defaultenginename","Secure Search");
FF SearchEngineOrder.user_pref("browser.search.order.1","Secure Search");: user_pref("browser.search.order.1","Secure Search");
FF SelectedSearchEngineuser_pref("browser.search.selectedEngine","Secure Search");: user_pref("browser.search.selectedEngine","Secure Search");
FF Keyword.URL: user_pref("keyword.URL","hxxps://search.yahoo.com/search?fr=mcafee&type=B111US0D20140520&p=");
FF Homepage: user_pref("browser.startup.homepage","C:ProgramDataMedlightsf.HP");
FF NewTab: user_pref("browser.newtab.url","C:ProgramDataMedlightsf.NT");
FF NetworkProxy: "autoconfig_url","http://127.0.0.1:5050/pac"
FF NetworkProxy: "type",2
FF NetworkProxy: "no_proxies_on",""
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-11] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @gentek.com/thinclient -> C:\Users\Aaron\AppData\Roaming\gentek\npthinclient.dll [2015-06-20] (Generic Network)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2014-08-03] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-03] (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> D:\Arc\plugins\npArcPluginFF.dll [2015-09-15] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2590220172-2461181982-2144838109-1001: @gentek.com/thinclient -> C:\Users\Aaron\AppData\Roaming\gentek\npthinclient.dll [2015-06-20] (Generic Network)
FF Plugin HKU\S-1-5-21-2590220172-2461181982-2144838109-1001: @my.com/Games -> C:\Users\Aaron\AppData\Local\MyComGames\NPMyComDetector.dll [2015-07-09] (My.com, Inc)
FF Plugin HKU\S-1-5-21-2590220172-2461181982-2144838109-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-05] (The Happy Cloud)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-06-20]
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2016-01-09] [not signed]
FF Extension: BItuSaver - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\u20goij3.default\Extensions\3@mwO.com [2015-01-25] [not signed]
FF Extension: Avira Browser Safety - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\u20goij3.default\Extensions\abs@avira.com [2016-01-04]
FF Extension: BuyNNsave - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\u20goij3.default\Extensions\epZLzEYQa@2K.com [2014-12-14] [not signed]
FF Extension: BuuyNsave - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\u20goij3.default\Extensions\F@N1CvsmYXMw.net [2014-12-14] [not signed]
FF Extension: DeaalExPrESs - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\u20goij3.default\Extensions\m@M.co.uk [2014-12-22] [not signed]
FF Extension: YioutubeADBlockkE - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\u20goij3.default\Extensions\Qb@l.org [2014-12-14] [not signed]
FF Extension: FiondBestoDeal - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\u20goij3.default\Extensions\QmAtzeq@7q7.com [2014-12-28] [not signed]
FF Extension: Avira SafeSearch Plus - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\u20goij3.default\Extensions\safesearchplus2@avira.com [2016-01-04]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{EBA722F5-038F-4CAF-9EE2-545A221628BC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.4.24\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.4.24\coFFPlgn [2016-01-09] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
 
Chrome: 
=======
CHR DefaultSearchURL: Profile 1 -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Profile 1 -> Yahoo
CHR DefaultSuggestURL: Profile 1 -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SiteAdvisor) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-02]
CHR Extension: (Avira Browser Safety) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-01-04]
CHR Extension: (Star Wars Trooper) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdofmfjpncgeomnbdaddblaeojnglpkj [2015-07-26]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2016-01-04]
CHR Profile: C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-04]
CHR Extension: (Google Docs) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-04]
CHR Extension: (Google Drive) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-04]
CHR Extension: (YouTube) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-04]
CHR Extension: (Norton Security Toolbar) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-01-09]
CHR Extension: (Google Search) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-04]
CHR Extension: (Google Sheets) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-04]
CHR Extension: (SiteAdvisor) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-01-04]
CHR Extension: (Avira Browser Safety) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-01-04]
CHR Extension: (Google Docs Offline) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-09]
CHR Extension: (Yahoo Web) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gihfmmedoddijgnhkgfgnkeohkpbipol [2016-01-04]
CHR Extension: (Norton Identity Safe) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-01-09]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2016-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-04]
CHR Extension: (Gmail) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-04]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.4.24\Exts\Chrome.crx [2016-01-09]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-01-05]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.4.24\Exts\Chrome.crx [2016-01-09]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-01-05]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ArcService; D:\Arc\ArcService.exe [88400 2015-09-15] (Perfect World Entertainment Inc)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-06-23] (ASUSTeK Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-18] () [File not signed]
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-07-03] (BitRaider, LLC)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-07-11] (BitRaider, LLC)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-07] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 LicCtrlService; C:\WINDOWS\runservice.exe [2560 2014-07-02] () [File not signed]
S2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [158952 2015-12-29] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [4797064 2013-11-05] (INCA Internet Co., Ltd.)
R2 NSBU; C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.4.24\NSBU.exe [282016 2015-09-23] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-07] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-07] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2078216 2015-10-03] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2014-08-24] ()
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [24216 2015-12-16] (Avira Operations GmbH & Co. KG)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 Tyklebp; "C:\Users\Aaron\AppData\Roaming\AqylvLynhi\Fovsilt.exe" -cms [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-04-24] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2014-09-18] ()
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )
R1 BHDrvx64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\BASHDefs\20150921.003\BHDrvx64.sys [1650936 2015-09-23] (Symantec Corporation)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-07-13] (BitRaider)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-07-04] (BitRaider)
R1 ccSet_NSBU; C:\Windows\system32\drivers\NSBUx64\1605040.018\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-06-13] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2016-01-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2016-01-09] (Symantec Corporation)
S3 hxsyol; C:\WINDOWS\system32\hxsy64.sys [86352 2014-10-27] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\IPSDefs\20150930.101\IDSVia64.sys [767224 2015-09-23] (Symantec Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2014-09-18] ()
R3 LVPr2M64; C:\Windows\system32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37448 2015-12-29] (McAfee, Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\VirusDefs\20160109.038\ENG64.SYS [138488 2016-01-09] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\VirusDefs\20160109.038\EX64.SYS [2148080 2016-01-09] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-07] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2014-11-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NSBUx64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSBUx64\1605040.018\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSBUx64\1605040.018\SYMEFASI64.SYS [1620720 2015-09-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NSBUx64\1605040.018\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-01-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSBUx64\1605040.018\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NSBUx64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-29] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-09 18:05 - 2016-01-09 18:05 - 00000000 ____D C:\FRST
2016-01-09 18:04 - 2016-01-09 18:05 - 00000000 ____D C:\Users\Aaron\Desktop\farbar
2016-01-09 18:03 - 2016-01-09 18:03 - 02370560 _____ (Farbar) C:\Users\Aaron\Downloads\FRST64.exe
2016-01-09 15:18 - 2016-01-09 15:18 - 01749504 _____ C:\Users\Aaron\Desktop\adwcleaner_5.028.exe
2016-01-09 15:17 - 2016-01-09 15:18 - 01749504 _____ C:\Users\Aaron\Downloads\adwcleaner_5.028.exe
2016-01-09 15:08 - 2016-01-09 15:08 - 00130378 _____ C:\Users\Aaron\Desktop\mbam-log-2016-01-09 (14-17-40).xml
2016-01-09 14:24 - 2016-01-09 14:24 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2016-01-09 14:23 - 2016-01-09 14:23 - 00111344 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2016-01-09 14:23 - 2016-01-09 14:23 - 00008214 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2016-01-09 14:23 - 2016-01-09 14:23 - 00003240 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-01-09 14:23 - 2016-01-09 14:23 - 00002563 _____ C:\Users\Public\Desktop\Norton Security with Backup.LNK
2016-01-09 14:23 - 2016-01-09 14:23 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-01-09 14:22 - 2016-01-09 14:23 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security with Backup
2016-01-09 14:22 - 2016-01-09 14:23 - 00000000 ____D C:\ProgramData\Norton
2016-01-09 14:22 - 2016-01-09 14:22 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSBUx64
2016-01-09 14:22 - 2016-01-09 14:22 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-01-09 14:22 - 2016-01-09 14:22 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-01-09 14:22 - 2016-01-09 14:22 - 00000000 ____D C:\Program Files (x86)\Norton Security with Backup
2016-01-09 14:20 - 2016-01-09 14:21 - 133405208 _____ (Symantec Corporation) C:\Users\Aaron\Downloads\NSP10-TW-22.5.4-EN-US.exe
2016-01-04 01:07 - 2016-01-04 01:07 - 00001166 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2016-01-04 01:06 - 2016-01-04 01:07 - 00000000 ____D C:\Users\Public\Speedup Sessions
2016-01-04 01:06 - 2016-01-04 01:06 - 00003364 _____ C:\WINDOWS\System32\Tasks\Avira System Speedup Tray
2016-01-04 01:02 - 2016-01-09 15:11 - 00000000 ____D C:\Program Files (x86)\Avira
2016-01-04 01:02 - 2016-01-09 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-01-04 01:02 - 2016-01-09 14:20 - 00000000 ____D C:\ProgramData\Avira
2016-01-04 00:58 - 2016-01-04 00:57 - 04638208 _____ (Avira Operations GmbH & Co. KG) C:\Users\Aaron\Desktop\avira_en_av_568a33d726fd2__ws.exe
2016-01-04 00:57 - 2016-01-04 00:57 - 04638208 _____ (Avira Operations GmbH & Co. KG) C:\Users\Aaron\Downloads\avira_en_av_568a33d726fd2__ws.exe
2016-01-03 19:47 - 2016-01-03 19:47 - 00001073 _____ C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn.lnk
2016-01-03 19:47 - 2016-01-03 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX
2016-01-03 19:45 - 2016-01-03 19:46 - 112206656 _____ (SQUARE ENIX CO., LTD.) C:\Users\Aaron\Downloads\ffxivsetup_ft (1).exe
2015-12-30 17:21 - 2015-12-30 17:21 - 00007302 _____ C:\Users\Aaron\Desktop\ESET.txt
2015-12-29 21:58 - 2015-12-29 21:58 - 02870984 _____ (ESET) C:\Users\Aaron\Downloads\esetsmartinstaller_enu.exe
2015-12-29 21:58 - 2015-12-29 21:58 - 02870984 _____ (ESET) C:\Users\Aaron\Desktop\esetsmartinstaller_enu.exe
2015-12-29 21:58 - 2015-12-29 21:58 - 00000000 ____D C:\Program Files (x86)\ESET
2015-12-29 21:47 - 2016-01-09 15:19 - 00000000 ____D C:\AdwCleaner
2015-12-29 21:46 - 2015-12-29 21:46 - 01743360 _____ C:\Users\Aaron\Downloads\AdwCleaner.exe
2015-12-26 00:16 - 2016-01-09 15:15 - 00032096 _____ C:\Users\Aaron\Desktop\CheckResults.txt
2015-12-26 00:16 - 2015-12-26 00:16 - 01696144 _____ (Malwarebytes) C:\Users\Aaron\Downloads\mbam-check-2.3.0.0.exe
2015-12-26 00:16 - 2015-12-26 00:16 - 01696144 _____ (Malwarebytes) C:\Users\Aaron\Desktop\mbam-check-2.3.0.0.exe
2015-12-21 04:11 - 2015-12-21 04:11 - 00044607 _____ C:\Users\Aaron\Downloads\bootkit_remover.zip
2015-12-21 04:10 - 2015-12-21 04:10 - 00568832 _____ C:\Users\Aaron\Downloads\BTKR_RunBox.exe
2015-12-20 21:36 - 2015-12-20 21:36 - 00011374 _____ C:\Users\Aaron\Desktop\mbam-log-2015-12-20 (14-28-18).xml
2015-12-20 14:33 - 2015-12-20 14:33 - 00000290 _____ C:\WINDOWS\wininit.ini
2015-12-19 22:02 - 2015-12-26 00:44 - 00000000 ____D C:\Users\Aaron\AppData\Local\ElevatedDiagnostics
2015-12-19 21:57 - 2015-12-19 21:57 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\dvdcss
2015-12-19 21:55 - 2015-12-19 21:55 - 00000000 _____ C:\PDVDIPC.d2m
2015-12-16 02:20 - 2014-04-15 15:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-12-16 02:20 - 2014-04-15 15:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-12-15 22:45 - 2015-12-15 22:45 - 00000080 _____ C:\Users\Aaron\Desktop\Dungeons and Dragons OnlineT.lnk
2015-12-15 22:36 - 2015-12-15 22:36 - 02924704 _____ C:\Users\Aaron\Desktop\mbam-log-2015-12-15 (19-43-18).xml
2015-12-15 20:11 - 2015-12-29 21:52 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\Common
2015-12-15 20:02 - 2015-12-15 20:02 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results
2015-12-15 19:40 - 2015-12-15 19:40 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\Aaron\Downloads\iExplore64-3811.exe
2015-12-15 19:35 - 2015-12-15 19:36 - 22908888 _____ (Malwarebytes ) C:\Users\Aaron\Downloads\mbam-setup-org-2.2.0.1024.exe
2015-12-15 19:33 - 2015-12-15 19:40 - 00000000 ____D C:\Users\Aaron\Desktop\rkill
2015-12-15 19:32 - 2015-12-15 19:32 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Aaron\Downloads\iExplore.exe
2015-12-15 19:32 - 2015-12-15 19:32 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\Aaron\Downloads\iExplore64-2341.exe
2015-12-15 19:32 - 2015-12-15 19:32 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\Aaron\Downloads\iExplore64.exe
2015-12-15 19:27 - 2015-12-15 19:27 - 00007084 _____ C:\TDSSKiller.3.1.0.9_15.12.2015_19.27.15_log.txt
2015-12-15 19:25 - 2015-12-15 19:25 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-12-15 19:22 - 2015-12-15 19:25 - 00413042 _____ C:\TDSSKiller.3.1.0.9_15.12.2015_19.22.29_log.txt
2015-12-15 19:22 - 2015-12-15 19:22 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Aaron\Downloads\tdsskiller.exe
2015-12-15 18:27 - 2015-12-15 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-12-15 15:08 - 2015-12-15 15:08 - 02560512 _____ (winpcoptimizerbetatwo) C:\WINDOWS\Allpcoptimizer.exe
2015-12-15 15:08 - 2015-12-15 15:08 - 00155136 _____ C:\WINDOWS\Allpcoptimizer.pdb
2015-12-13 19:21 - 2015-12-15 20:45 - 00001024 _____ C:\.rnd
2015-12-13 08:52 - 2015-12-13 08:52 - 00003078 _____ C:\WINDOWS\System32\Tasks\{434D4D75-EB71-47E7-A130-3BD690D748C6}
2015-12-13 02:48 - 2015-12-13 02:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2015-12-13 02:33 - 2015-12-13 02:33 - 00000000 ____D C:\WINDOWS\system32\sebk
2015-12-13 02:18 - 2015-12-15 22:29 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\ContentCleaner
2015-12-13 01:52 - 2015-12-13 01:52 - 00000017 _____ C:\WINDOWS\SysWOW64\history.dat
2015-12-13 01:48 - 2016-01-04 00:59 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-13 01:42 - 2015-12-13 01:47 - 161199376 _____ (AVAST Software) C:\Users\Aaron\Downloads\avast_free_antivirus_setup.exe
2015-12-13 01:42 - 2015-12-13 01:42 - 00000000 ____D C:\Program Files (x86)\PC Optimizer
2015-12-13 01:41 - 2015-12-13 01:41 - 00004680 _____ C:\WINDOWS\SysWOW64\Roklyi.ini
2015-12-13 01:41 - 2015-12-13 01:41 - 00002400 _____ C:\WINDOWS\SysWOW64\RoklyiOff.ini
2015-12-13 01:41 - 2015-12-13 01:41 - 00002400 _____ C:\WINDOWS\system32\RoklyiOff.ini
2015-12-13 01:40 - 2015-12-15 22:41 - 00000000 ____D C:\Users\Aaron\AppData\LocalLow\Company
2015-12-13 01:40 - 2015-12-13 01:41 - 00000000 ____D C:\Users\Aaron\AppData\Local\Tempfolder
2015-12-13 01:40 - 2015-12-13 01:40 - 00003336 _____ C:\WINDOWS\System32\Tasks\Hieusloa
2015-12-13 01:19 - 2015-12-13 01:19 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\Opera Software
2015-12-13 01:19 - 2015-12-13 01:19 - 00000000 ____D C:\Users\Aaron\AppData\Local\Opera Software
2015-12-13 01:16 - 2015-12-15 22:57 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-13 01:14 - 2015-12-13 01:13 - 00000929 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-12-13 01:12 - 2015-12-13 01:12 - 00002560 _____ C:\Users\Aaron\AppData\Local\uninstall.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-09 18:05 - 2013-08-22 05:36 - 00000000 ____D C:\Windows
2016-01-09 18:00 - 2014-10-28 08:57 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-09 17:14 - 2015-01-25 22:46 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-09 15:18 - 2014-06-15 16:00 - 00003942 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6E45C89F-5B2D-43C1-8696-9C1FE9107EFE}
2016-01-09 15:12 - 2015-06-13 22:56 - 00000000 ____D C:\Users\Aaron\AppData\Local\MyComGames
2016-01-09 15:12 - 2015-01-25 22:46 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-09 15:12 - 2014-06-15 12:20 - 00000000 ___DO C:\Users\Aaron\OneDrive
2016-01-09 15:11 - 2014-07-31 13:16 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-09 15:11 - 2014-07-02 16:36 - 00000873 ___SH C:\WINDOWS\SysWOW64\mmf.sys
2016-01-09 15:11 - 2013-08-22 06:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-09 14:24 - 2014-05-20 21:00 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2590220172-2461181982-2144838109-1001
2016-01-09 14:23 - 2013-08-22 05:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-09 14:23 - 2012-07-26 00:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-01-09 14:20 - 2013-11-04 18:00 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-09 14:17 - 2015-01-25 20:17 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-09 13:57 - 2014-05-20 20:59 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-01-04 13:20 - 2014-11-09 01:24 - 00000000 ____D C:\Users\Aaron\Desktop\Disk Images
2016-01-04 02:23 - 2014-06-14 13:10 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\.minecraft
2016-01-04 02:14 - 2014-06-18 09:11 - 01342464 ___SH C:\Users\Aaron\Desktop\Thumbs.db
2016-01-04 01:33 - 2013-08-22 06:44 - 00555800 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-04 00:58 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\Inf
2016-01-04 00:29 - 2013-08-22 05:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-03 22:08 - 2014-06-10 18:15 - 04734232 _____ () C:\Users\Aaron\Desktop\TechnicLauncher.exe
2016-01-03 19:47 - 2013-08-20 08:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-03 16:10 - 2014-07-02 17:06 - 00000000 ____D C:\Users\Aaron\AppData\Local\Glyph
2015-12-30 02:28 - 2012-07-25 23:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-29 21:52 - 2014-05-31 21:19 - 00000000 ____D C:\Users\Aaron\AppData\LocalLow\Yahoo!
2015-12-29 21:52 - 2014-05-31 21:17 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-12-28 19:00 - 2014-10-28 08:57 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-27 00:05 - 2014-05-27 14:24 - 00000000 ____D C:\Users\Aaron\AppData\Local\Akamai
2015-12-26 20:48 - 2014-05-31 18:48 - 00000000 ____D C:\Users\Aaron\Documents\RIFT
2015-12-26 12:39 - 2015-10-18 00:36 - 00002600 _____ C:\Users\Aaron\Downloads\BordL2+28Tr-LNG_v1.7.xx.zip
2015-12-26 00:48 - 2015-03-15 12:49 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-26 00:48 - 2015-03-15 12:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-26 00:40 - 2015-06-13 23:27 - 00000114 _____ C:\Users\Aaron\Desktop\Allods (EN).url
2015-12-26 00:40 - 2015-06-13 23:27 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Allods (EN)
2015-12-21 04:44 - 2014-07-04 21:17 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\vlc
2015-12-20 22:17 - 2013-08-20 09:11 - 00000000 ____D C:\ProgramData\McAfee
2015-12-20 22:02 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\rescache
2015-12-20 21:39 - 2015-07-21 16:52 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-20 21:39 - 2014-05-20 20:55 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-12-20 21:39 - 2014-03-18 01:45 - 00000000 ____D C:\WINDOWS\SKB
2015-12-20 21:36 - 2015-11-02 21:12 - 00000000 ____D C:\Users\Aaron\Desktop\promo pics
2015-12-20 21:36 - 2015-05-24 16:00 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-12-20 21:36 - 2015-05-24 16:00 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-12-20 14:31 - 2014-08-04 19:33 - 00000000 ____D C:\Users\HomeGroupUser$
2015-12-20 14:31 - 2014-08-04 19:33 - 00000000 ____D C:\Users\Guest
2015-12-20 14:31 - 2014-08-04 19:33 - 00000000 ____D C:\Users\Administrator
2015-12-20 14:31 - 2012-07-25 21:37 - 00000000 ____D C:\Users\Default.migrated
2015-12-16 13:52 - 2015-01-25 22:46 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-15 22:46 - 2015-11-27 20:21 - 00000763 _____ C:\Users\Public\Desktop\Game of Thrones - A Telltale Games Series.lnk
2015-12-15 22:46 - 2015-10-29 20:18 - 00000605 _____ C:\Users\Public\Desktop\Minecraft Story Mode - A Telltale Games Series.lnk
2015-12-15 22:46 - 2015-10-29 20:18 - 00000605 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Story Mode - A Telltale Games Series.lnk
2015-12-15 22:46 - 2015-10-04 22:15 - 00000726 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4.lnk
2015-12-15 22:46 - 2015-10-03 23:43 - 00000623 _____ C:\Users\Public\Desktop\Sacred Gold.lnk
2015-12-15 22:46 - 2015-07-26 11:49 - 00000405 _____ C:\Users\Public\Desktop\WWE 2K15.lnk
2015-12-15 22:46 - 2015-07-26 11:49 - 00000405 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WWE 2K15.lnk
2015-12-15 22:46 - 2015-06-30 13:00 - 00000656 _____ C:\Users\Public\Desktop\Star Trek Online.lnk
2015-12-15 22:46 - 2015-06-17 19:06 - 00000724 _____ C:\Users\Public\Desktop\This War of Mine.lnk
2015-12-15 22:46 - 2015-01-25 20:25 - 00001230 _____ C:\Users\Public\Desktop\Theme Hospital.lnk
2015-12-15 22:46 - 2015-01-25 20:16 - 00000641 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-15 22:46 - 2014-12-18 15:33 - 00001011 _____ C:\Users\Public\Desktop\Dragon Age Inquisition.lnk
2015-12-15 22:46 - 2014-11-14 23:09 - 00002154 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-12-15 22:46 - 2014-10-28 08:57 - 00001985 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-12-15 22:46 - 2014-09-19 11:59 - 00000579 _____ C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online.lnk
2015-12-15 22:46 - 2014-09-18 21:34 - 00001398 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-12-15 22:46 - 2014-09-18 18:58 - 00000503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baldur's Gate II Enhanced Edition.lnk
2015-12-15 22:46 - 2014-09-18 11:23 - 00000476 _____ C:\Users\Public\Desktop\XSplit Gamecaster.lnk
2015-12-15 22:46 - 2014-09-05 21:13 - 00000837 _____ C:\Users\Public\Desktop\Divinity Dragon Commander.lnk
2015-12-15 22:46 - 2014-08-24 20:24 - 00000771 _____ C:\Users\Public\Desktop\Kingdoms of Amalur Reckoning.lnk
2015-12-15 22:46 - 2014-08-24 06:03 - 00000887 _____ C:\Users\Public\Desktop\Battlefield 3.lnk
2015-12-15 22:46 - 2014-08-23 17:08 - 00000536 _____ C:\Users\Public\Desktop\Origin.lnk
2015-12-15 22:46 - 2014-08-15 11:40 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-12-15 22:46 - 2014-08-15 11:40 - 00002040 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-12-15 22:46 - 2014-08-08 16:42 - 00002066 _____ C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
2015-12-15 22:46 - 2014-08-06 14:31 - 00000634 _____ C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2.lnk
2015-12-15 22:46 - 2014-08-04 19:49 - 00000437 _____ C:\Users\Public\Desktop\Entropia Universe.lnk
2015-12-15 22:46 - 2014-08-04 12:15 - 00001435 _____ C:\Users\Public\Desktop\Onigiri_US.lnk
2015-12-15 22:46 - 2014-08-03 14:51 - 00000950 _____ C:\Users\Public\Desktop\Vindictus.lnk
2015-12-15 22:46 - 2014-08-01 12:45 - 00000660 _____ C:\Users\Public\Desktop\Star Wars Battlefront II.lnk
2015-12-15 22:46 - 2014-07-04 21:14 - 00000504 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-12-15 22:46 - 2014-06-15 12:16 - 00001429 _____ C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-15 22:46 - 2014-06-15 11:58 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-15 22:46 - 2014-06-15 11:53 - 00000445 _____ C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-12-15 22:46 - 2014-06-15 11:53 - 00000443 _____ C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-12-15 22:46 - 2014-06-15 11:47 - 00002240 _____ C:\Users\Public\Desktop\AudioWizard.lnk
2015-12-15 22:46 - 2014-06-13 21:03 - 00001955 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2015-12-15 22:46 - 2014-06-10 17:51 - 00000656 _____ C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2015-12-15 22:46 - 2014-06-01 18:43 - 00000519 _____ C:\Users\Public\Desktop\Guild Wars 2.lnk
2015-12-15 22:46 - 2014-05-27 14:23 - 00001392 _____ C:\Users\Public\Desktop\Aeria Ignite.lnk
2015-12-15 22:46 - 2014-05-27 12:14 - 00000568 _____ C:\Users\Public\Desktop\Arc.lnk
2015-12-15 22:46 - 2014-05-23 17:36 - 00000567 _____ C:\Users\Public\Desktop\Vuze.lnk
2015-12-15 22:46 - 2014-05-23 17:36 - 00000567 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-12-15 22:46 - 2014-05-23 16:06 - 00001208 _____ C:\Users\Public\Desktop\The Secret World.lnk
2015-12-15 22:46 - 2014-05-21 13:10 - 00000968 _____ C:\Users\Public\Desktop\Steam.lnk
2015-12-15 22:46 - 2014-05-20 18:57 - 00001151 _____ C:\Users\Public\Desktop\Battle.net.lnk
2015-12-15 22:46 - 2013-11-04 18:07 - 00002207 _____ C:\Users\Public\Desktop\ASUSDVD.lnk
2015-12-15 22:46 - 2013-11-04 18:05 - 00001248 _____ C:\Users\Public\Desktop\ASUS MX Suite.lnk
2015-12-15 22:46 - 2013-08-20 09:21 - 00001364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-12-15 22:46 - 2013-08-20 09:21 - 00001295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-12-15 22:46 - 2013-08-20 09:10 - 00001650 _____ C:\Users\Public\Desktop\Why ASUS PC.lnk
2015-12-15 22:46 - 2013-08-20 09:07 - 00002040 _____ C:\Users\Public\Desktop\AI Suite II.lnk
2015-12-15 22:45 - 2015-11-28 23:57 - 00000953 _____ C:\Users\Aaron\Desktop\Injustice - Gods Among Us. Ultimate Edition.lnk
2015-12-15 22:45 - 2015-11-12 22:48 - 00000691 _____ C:\Users\Aaron\Desktop\Fallout 4.lnk
2015-12-15 22:45 - 2015-10-31 23:52 - 00000579 _____ C:\Users\Aaron\Desktop\DC Universe Online.lnk
2015-12-15 22:45 - 2015-10-11 18:10 - 00000678 _____ C:\Users\Aaron\Desktop\The Witcher.lnk
2015-12-15 22:45 - 2015-06-13 22:56 - 00002062 _____ C:\Users\Aaron\Desktop\My.com Games.lnk
2015-12-15 22:45 - 2015-06-07 19:59 - 00000506 _____ C:\Users\Aaron\Desktop\Terrordrome The Game.lnk
2015-12-15 22:45 - 2015-05-24 21:09 - 00000642 _____ C:\Users\Aaron\Desktop\Far Cry 4.lnk
2015-12-15 22:45 - 2014-09-23 10:57 - 00002378 _____ C:\Users\Aaron\Desktop\Warframe.lnk
2015-12-15 22:45 - 2014-09-18 19:05 - 00001108 _____ C:\Users\Aaron\Desktop\Baldur.exe - Shortcut.lnk
2015-12-15 22:45 - 2014-08-08 16:42 - 00002060 _____ C:\Users\Aaron\Desktop\RuneScape.lnk
2015-12-15 22:45 - 2014-08-04 19:33 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-12-15 22:45 - 2014-07-28 20:52 - 00000729 _____ C:\Users\Aaron\Desktop\Borderlands 2 - Game Of The Year Edition.lnk
2015-12-15 22:45 - 2014-07-28 20:21 - 00000831 _____ C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Heretic - Shadow of the Serpent Riders.lnk
2015-12-15 22:45 - 2014-07-28 20:09 - 00000725 _____ C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Hexen - Beyond Heretic.lnk
2015-12-15 22:45 - 2014-07-28 19:40 - 00000879 _____ C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Hexen - Deathkings of the Dark Citadel.lnk
2015-12-15 22:45 - 2014-07-02 17:06 - 00000359 _____ C:\Users\Aaron\Desktop\Glyph.lnk
2015-12-15 22:45 - 2014-05-31 18:43 - 00000527 _____ C:\Users\Aaron\Desktop\RIFT.lnk
2015-12-15 22:45 - 2014-05-27 17:51 - 00000814 _____ C:\Users\Aaron\Desktop\Eden Eternal.lnk
2015-12-15 22:45 - 2014-05-27 17:46 - 00000854 _____ C:\Users\Aaron\Desktop\Ragnarok Online 2.lnk
2015-12-15 22:45 - 2014-05-27 15:29 - 00000825 _____ C:\Users\Aaron\Desktop\ScarletBlade.lnk
2015-12-15 22:45 - 2014-05-27 14:53 - 00000814 _____ C:\Users\Aaron\Desktop\Aura Kingdom.lnk
2015-12-15 22:41 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\vpnplugins
2015-12-15 19:42 - 2015-01-25 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-15 18:37 - 2013-08-22 07:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-15 18:35 - 2014-05-31 20:54 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-15 18:27 - 2015-11-17 21:46 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-12-13 19:04 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-13 02:33 - 2015-03-05 14:55 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-12-13 02:33 - 2015-03-05 14:54 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-12-13 02:04 - 2013-11-04 18:01 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-12-13 01:37 - 2014-06-15 11:53 - 00000000 ____D C:\Users\Aaron
2015-12-13 01:09 - 2014-07-06 20:15 - 00250880 ___SH C:\Users\Aaron\Downloads\Thumbs.db
2015-12-11 18:54 - 2014-05-20 23:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-11 18:54 - 2014-05-20 23:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-10 22:56 - 2014-05-23 17:36 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\Azureus
 
==================== Files in the root of some directories =======
 
2015-12-13 01:12 - 2015-12-13 01:12 - 0002560 _____ () C:\Users\Aaron\AppData\Local\uninstall.exe
 
Some files in TEMP:
====================
C:\Users\Aaron\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Aaron\AppData\Local\Temp\avgnt.exe
C:\Users\Aaron\AppData\Local\Temp\bdfilters.dll
C:\Users\Aaron\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Aaron\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Aaron\AppData\Local\Temp\NGMDll.dll
C:\Users\Aaron\AppData\Local\Temp\NGMResource.dll
C:\Users\Aaron\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Aaron\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Aaron\AppData\Local\Temp\SIntf16.dll
C:\Users\Aaron\AppData\Local\Temp\SIntf32.dll
C:\Users\Aaron\AppData\Local\Temp\SIntfNT.dll
C:\Users\Aaron\AppData\Local\Temp\SRLDetectionLibrary3732709342887050108.dll
C:\Users\Aaron\AppData\Local\Temp\unicows.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-04 14:00
 
==================== End of FRST.txt ============================

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:35 PM

Posted 10 January 2016 - 10:59 AM




Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
FF Extension: BItuSaver - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\u20goij3.default\Extensions\3@mwO.com [2015-01-25] [not signed]
FF Extension: BuyNNsave - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\u20goij3.default\Extensions\epZLzEYQa@2K.com [2014-12-14] [not signed]
FF Extension: BuuyNsave - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\u20goij3.default\Extensions\F@N1CvsmYXMw.net [2014-12-14] [not signed]
FF Extension: DeaalExPrESs - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\u20goij3.default\Extensions\m@M.co.uk [2014-12-22] [not signed]
FF Extension: YioutubeADBlockkE - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\u20goij3.default\Extensions\Qb@l.org [2014-12-14] [not signed]
FF Extension: FiondBestoDeal - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\u20goij3.default\Extensions\QmAtzeq@7q7.com [2014-12-28] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
S2 Tyklebp; "C:\Users\Aaron\AppData\Roaming\AqylvLynhi\Fovsilt.exe" -cms [X]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
Task: {01C19353-BA01-461D-9DDB-ECA0055C1C38} - System32\Tasks\Hieusloa => C:\PROGRA~1\SHOPPE~1\Dehpa.bat
Task: {11357AC3-87DD-4D73-801E-4F95620B33EC} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION
Task: {94BE3EB5-CF34-49BF-AD5C-82F7EB20FF5B} - \Seventh -> No File <==== ATTENTION
Task: {CBD6CADE-04FC-4A9E-BF63-304E7B2A1778} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
Task: {EC76A0C1-D2AC-42A5-AC46-2A48240265AB} - \DailyPCClean Schedule -> No File <==== ATTENTION
C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\u20goij3.default\Extensions\3@mwO.com
C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\u20goij3.default\Extensions\epZLzEYQa@2K.com
C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\u20goij3.default\Extensions\F@N1CvsmYXMw.net
C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\u20goij3.default\Extensions\m@M.co.uk
C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\u20goij3.default\Extensions\Qb@l.org
C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\u20goij3.default\Extensions\QmAtzeq@7q7.com
C:\PROGRA~1\SHOPPE~1

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Control Panel > Programs and Features applet.
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)

Please let me know of any remaining issues.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:35 PM

Posted 16 January 2016 - 09:28 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users