Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan: Win32/Varpes.J!plock removed now I can't connect to the internet


  • This topic is locked This topic is locked
8 replies to this topic

#1 mattatx84

mattatx84

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 11 January 2016 - 09:46 AM

I have Windows 7 os. I got this virus when I downloaded a file from a bad source. I've followed steps from half a dozen websites and youtube videos and believe it and it's files are gone.

I keep getting pop ups saying my version of Windows is not genuine and it says in the bottom right corner "Windows 7 Build 7601 This copy of Windows is not genuine"

Now in Internet Properties my network and connections are gone. When I try to setup a new connection it says Error 651..

I've taken steps from another dozen videos and websites and when I follow through with then nothing happens except when I try to reset the ip in the cmd prompt using "netsh int ip reset reset.log" I get the following:

The following helper cannot be loaded: NETIOHLP.DLL.
The following helper cannot be loaded: NSHIPSEC.DLL.
The following command was not found: int ip reset reset.log.

Any help would be appreciated here's the frst scan

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-01-2015
Ran by Keith (administrator) on KEITH-PC (11-01-2016 08:05:28)
Running from C:\Users\Keith\Desktop
Loaded Profiles: Keith (Available Profiles: Keith)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files\amztab\amztab.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Akamai Technologies, Inc.) C:\Users\Keith\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Keith\AppData\Local\Akamai\netsession_win.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Autodesk Inc.) C:\Users\Keith\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Users\Keith\Desktop\AdwCleaner.exe

==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HP LaserJet Professional CM1410 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2010-08-24] (Hewlett-Packard Company)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [522784 2015-11-16] (Autodesk Inc.)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688 2015-11-25] (Adobe Systems Incorporated)

HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\Run: [3CX MyPhone3614110508.10.0.1.200] => C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3CX MyPhone.lnk

HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [1842384 2012-05-30] (Gadwin Systems, Inc)

HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\Run: [Dropbox Update] => C:\Users\Keith\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-21] (Dropbox, Inc.)

HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)

HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Keith\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)

HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\Run: [GoogleChromeAutoLaunch_BA7711CE75D6B6EF0D0EF9911E6DB184] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-10] (Google Inc.)

HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-10-23] (SUPERAntiSpyware)

HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\Run: [uTorrent] => C:\Users\Keith\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-11-20] (BitTorrent Inc.)

HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\MountPoints2: {e20591bf-ca24-11e3-95fc-806e6f6e6963} - E:\setup.exe

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()

ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [&DropboxExt1&] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [&DropboxExt2&] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [&DropboxExt3&] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [&DropboxExt4&] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [&DropboxExt5&] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [&DropboxExt6&] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [&DropboxExt7&] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [&DropboxExt8&] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-14]

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11]

ShortcutTarget: Dropbox.lnk -> C:\Users\Keith\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-11-01]

ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

GroupPolicy: Restriction - Chrome <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.100.1

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKU\S-1-5-21-97093875-1870295296-4248595639-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.live.com

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM -> OldSearch URL =

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-97093875-1870295296-4248595639-1000 -> DefaultScope {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =

FireFox:

========

FF ProfilePath: C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\3hj8o44j.default

FF DefaultSearchEngine: Default

FF SelectedSearchEngine: Default

FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//h?eq=U0EeCFZVBB8SRggTcwlaUQFIRBhCcAgKTA1JEQUOIQkKBxRFRQETJAgNVQ1BEQMFIk0FA18DB0VXfV9eFElXTwhwJVx1DksUc1BQNVVMEnEEQw==

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)

FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-11-25] (Adobe Systems)

FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-02-08] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-02-08] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-11-25] (Adobe Systems)

FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

FF Plugin HKU\S-1-5-21-97093875-1870295296-4248595639-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Keith\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-04-22] (Citrix Online)

FF Plugin HKU\S-1-5-21-97093875-1870295296-4248595639-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Keith\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-18] (Unity Technologies ApS)

FF Extension: Discover Treasure - C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\3hj8o44j.default\Extensions\{71b5bd3e-dcee-4a7a-809d-10fbc422a05d}.xpi [2015-10-31] [not signed]

FF Extension: See More Results Hub - C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\3hj8o44j.default\Extensions\{bf647da0-1a32-42fb-a7cb-f538273ea346}.xpi [2015-10-31] [not signed]

Chrome:

=======

CHR StartupUrls: Profile 1 -> &hxxp://discussion.academyart.edu/studentDashboards&,&hxxps://mail.google.com/mail/u/0/#inbox&

CHR Profile: C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]

CHR Extension: (Google Drive) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-21]

CHR Extension: (YouTube) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04]

CHR Extension: (Shield For Chrome ) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbaffjopmgmcijlkoafmgnaiciogpdel [2015-02-04]

CHR Extension: (Adblock Plus) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-21]

CHR Extension: (Google Search) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-31]

CHR Extension: (HTTPS Everywhere) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2015-08-29]

CHR Extension: (Reddit Enhancement Suite) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-08-29]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-26]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-29]

CHR Extension: (Gmail) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]

CHR Profile: C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Profile 1

CHR Extension: (Google Drive) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]

CHR Extension: (YouTube) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]

CHR Extension: (Google Search) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]

CHR Extension: (Reddit Enhancement Suite) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-09-05]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-29]

CHR Extension: (Gmail) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-29]

CHR HKLM\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1139744 2015-11-16] (Autodesk Inc.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)

R2 AmazingTab; C:\Program Files\amztab\amztab.exe [383488 2016-01-07] () [File not signed]

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)

R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [153600 2010-09-17] (Firebird Project) [File not signed]

R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [5624320 2010-09-17] (Firebird Project) [File not signed]

R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed]

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)

S3 mi-raysat_3dsmax2016_64; C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [86016 2011-09-14] () [File not signed]

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)

R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2683736 2014-08-19] ()

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [716480 2015-08-21] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)

R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)

S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [63528 2011-05-27] (SafeNet, Inc.)

R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-11-10] (Oracle Corporation)

R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [194976 2015-11-10] (Oracle Corporation)

R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

Attached Files


Edited by hamluis, 11 January 2016 - 10:24 AM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:13 AM

Posted 12 January 2016 - 02:36 PM

Hello 

mattatx84

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

Please delete any copy of FRST you have and do the following

 

1.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 mattatx84

mattatx84
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 14 January 2016 - 08:24 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Keith (administrator) on KEITH-PC (14-01-2016 07:17:22)
Running from C:\Users\Keith\Desktop
Loaded Profiles: Keith (Available Profiles: Keith)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files\amztab\amztab.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Akamai Technologies, Inc.) C:\Users\Keith\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Akamai Technologies, Inc.) C:\Users\Keith\AppData\Local\Akamai\netsession_win.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Autodesk Inc.) C:\Users\Keith\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWXDetector.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HP LaserJet Professional CM1410 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2010-08-24] (Hewlett-Packard Company)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [522784 2015-11-16] (Autodesk Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688 2015-11-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\Run: [3CX MyPhone3614110508.10.0.1.200] => C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3CX MyPhone.lnk
HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [1842384 2012-05-30] (Gadwin Systems, Inc)
HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\Run: [Dropbox Update] => C:\Users\Keith\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-21] (Dropbox, Inc.)
HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Keith\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\Run: [GoogleChromeAutoLaunch_BA7711CE75D6B6EF0D0EF9911E6DB184] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-10] (Google Inc.)
HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-10-23] (SUPERAntiSpyware)
HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\Run: [uTorrent] => C:\Users\Keith\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-11-20] (BitTorrent Inc.)
HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\MountPoints2: {e20591bf-ca24-11e3-95fc-806e6f6e6963} - E:\setup.exe
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-14]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\Keith\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-11-01]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-97093875-1870295296-4248595639-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.live.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> OldSearch URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-97093875-1870295296-4248595639-1000 -> DefaultScope {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =

FireFox:
========
FF ProfilePath: C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\3hj8o44j.default
FF DefaultSearchEngine: Default
FF SelectedSearchEngine: Default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//h?eq=U0EeCFZVBB8SRggTcwlaUQFIRBhCcAgKTA1JEQUOIQkKBxRFRQETJAgNVQ1BEQMFIk0FA18DB0VXfV9eFElXTwhwJVx1DksUc1BQNVVMEnEEQw==
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-11-25] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-02-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-02-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-11-25] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-97093875-1870295296-4248595639-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Keith\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-04-22] (Citrix Online)
FF Plugin HKU\S-1-5-21-97093875-1870295296-4248595639-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Keith\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-18] (Unity Technologies ApS)
FF Extension: Discover Treasure - C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\3hj8o44j.default\Extensions\{71b5bd3e-dcee-4a7a-809d-10fbc422a05d}.xpi [2015-10-31] [not signed]
FF Extension: See More Results Hub - C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\3hj8o44j.default\Extensions\{bf647da0-1a32-42fb-a7cb-f538273ea346}.xpi [2015-10-31] [not signed]

Chrome:
=======
CHR StartupUrls: Profile 1 -> "hxxp://discussion.academyart.edu/studentDashboards","hxxps://mail.google.com/mail/u/0/#inbox"
CHR Profile: C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-21]
CHR Extension: (YouTube) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04]
CHR Extension: (Shield For Chrome ) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbaffjopmgmcijlkoafmgnaiciogpdel [2015-02-04]
CHR Extension: (Adblock Plus) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-21]
CHR Extension: (Google Search) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-31]
CHR Extension: (HTTPS Everywhere) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2015-08-29]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-08-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-29]
CHR Extension: (Gmail) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Profile: C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-09-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-29]
CHR Extension: (Gmail) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-29]
CHR HKLM\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1139744 2015-11-16] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
R2 AmazingTab; C:\Program Files\amztab\amztab.exe [383488 2016-01-07] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [153600 2010-09-17] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [5624320 2010-09-17] (Firebird Project) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
S3 mi-raysat_3dsmax2016_64; C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [86016 2011-09-14] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2683736 2014-08-19] ()
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [716480 2015-08-21] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [63528 2011-05-27] (SafeNet, Inc.)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-11-10] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [194976 2015-11-10] (Oracle Corporation)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-14 07:17 - 2016-01-14 07:17 - 00026529 _____ C:\Users\Keith\Desktop\FRST.txt
2016-01-14 07:16 - 2016-01-14 07:15 - 02370560 ____N (Farbar) C:\Users\Keith\Desktop\FRST64.exe
2016-01-11 07:44 - 2016-01-11 07:47 - 00000000 ____D C:\Program Files (x86)\Removewat 2.2.7
2016-01-11 02:51 - 2016-01-11 02:51 - 00000000 ____D C:\Program Files\HitmanPro
2016-01-11 02:43 - 2016-01-11 02:49 - 00000000 _____ C:\Users\Keith\network.txt
2016-01-11 01:31 - 2016-01-11 07:54 - 00000000 ____D C:\AdwCleaner
2016-01-11 01:30 - 2016-01-11 01:30 - 22908888 ____N (Malwarebytes ) C:\Users\Keith\Desktop\mbam-setup-2.2.0.1024.exe
2016-01-11 01:30 - 2016-01-11 01:24 - 01749504 ____N C:\Users\Keith\Desktop\AdwCleaner.exe
2016-01-11 01:29 - 2016-01-11 01:27 - 11337112 ____N (SurfRight B.V.) C:\Users\Keith\Desktop\HitmanPro_x64.exe
2016-01-11 01:04 - 2016-01-11 01:07 - 00139264 ____N (Microsoft Corporation) C:\Users\Keith\Desktop\dnsapi.dll
2016-01-10 05:51 - 2016-01-14 07:17 - 00000000 ____D C:\FRST
2016-01-08 00:23 - 2016-01-08 00:35 - 00175672 _____ C:\Windows\ntbtlog.txt
2016-01-07 23:48 - 2016-01-07 23:48 - 00001689 _____ C:\ProgramData\tempimage.bmp
2016-01-07 04:48 - 2016-01-07 04:56 - 00004704 _____ C:\Windows\SysWOW64\Ebameeecoj.ini
2016-01-07 04:48 - 2016-01-07 04:56 - 00002416 _____ C:\Windows\SysWOW64\EbameeecojOff.ini
2016-01-07 04:48 - 2016-01-07 04:56 - 00002416 _____ C:\Windows\system32\EbameeecojOff.ini
2016-01-07 04:48 - 2016-01-07 04:48 - 00000000 ____D C:\Windows\system32\jop
2016-01-07 04:48 - 2016-01-07 04:48 - 00000000 ____D C:\Users\Keith\AppData\Roaming\IidupsOno
2016-01-07 04:48 - 2016-01-07 04:48 - 00000000 ____D C:\Users\Keith\AppData\Local\Tempfolder
2016-01-07 04:48 - 2016-01-07 04:16 - 00768360 _____ C:\Windows\system32\Ebameeecoj64.dll
2016-01-07 04:48 - 2016-01-07 04:16 - 00289128 _____ C:\Windows\SysWOW64\Ebameeecoj.dll
2016-01-07 04:46 - 2016-01-07 04:46 - 00003342 _____ C:\Windows\System32\Tasks\Xahinip
2016-01-07 04:46 - 2016-01-07 04:46 - 00000000 ____D C:\Users\Keith\AppData\LocalLow\Company
2016-01-07 04:46 - 2016-01-07 04:46 - 00000000 ____D C:\uninst
2016-01-07 04:44 - 2016-01-07 04:44 - 00000000 ____D C:\Users\Keith\AppData\Local\Comodo
2016-01-07 04:44 - 2016-01-07 04:44 - 00000000 ____D C:\ProgramData\Comodo Browser
2016-01-07 04:44 - 2016-01-07 04:44 - 00000000 ____D C:\Program Files\amztab
2016-01-07 04:43 - 2016-01-07 04:43 - 00000000 ____D C:\ProgramData\DivX
2016-01-05 03:37 - 2016-01-05 03:37 - 03577020 _____ C:\Users\Keith\Downloads\Critical_Chance-flat.stl
2016-01-05 03:36 - 2016-01-05 03:36 - 04710358 _____ C:\Users\Keith\Downloads\PIP_BOY_3KM4_V1.stl
2016-01-05 03:36 - 2016-01-05 03:36 - 00381384 _____ C:\Users\Keith\Downloads\SniperPin.stl
2016-01-05 03:35 - 2016-01-05 03:35 - 01740430 _____ C:\Users\Keith\Downloads\deathclaw_repaired.obj
2016-01-05 03:35 - 2016-01-05 03:35 - 01025534 _____ C:\Users\Keith\Downloads\deathclaw.stl
2016-01-05 03:34 - 2016-01-05 03:34 - 06907184 _____ C:\Users\Keith\Downloads\codsworth-2.stl
2016-01-05 03:34 - 2016-01-05 03:34 - 06084484 _____ C:\Users\Keith\Downloads\codsworth_bottom.stl
2016-01-05 03:34 - 2016-01-05 03:34 - 00833484 _____ C:\Users\Keith\Downloads\codsworth_top.stl
2016-01-05 03:34 - 2016-01-05 03:34 - 00714449 _____ C:\Users\Keith\Downloads\10mm_repaired.obj
2016-01-05 03:34 - 2016-01-05 03:34 - 00462634 _____ C:\Users\Keith\Downloads\10mm_repaired.stl
2016-01-05 03:33 - 2016-01-05 03:33 - 00113284 _____ C:\Users\Keith\Downloads\Big_Guns_-_Bobblehead (1).stl
2016-01-05 03:33 - 2016-01-05 03:33 - 00107134 _____ C:\Users\Keith\Downloads\Small_Guns-_Bobblehead.stl
2016-01-05 03:33 - 2016-01-05 03:33 - 00107034 _____ C:\Users\Keith\Downloads\Unarmed_-_Bobblehead.stl
2016-01-05 03:33 - 2016-01-05 03:33 - 00107034 _____ C:\Users\Keith\Downloads\Speech_-_Bobblehead.stl
2016-01-05 03:33 - 2016-01-05 03:33 - 00107034 _____ C:\Users\Keith\Downloads\Sneak_-_Bobblehead.stl
2016-01-05 03:33 - 2016-01-05 03:33 - 00107034 _____ C:\Users\Keith\Downloads\Enduance_-_Bobblehead.stl
2016-01-05 03:33 - 2016-01-05 03:33 - 00107034 _____ C:\Users\Keith\Downloads\Agility_-_Bobblehead.stl
2016-01-05 03:32 - 2016-01-05 03:32 - 00113284 _____ C:\Users\Keith\Downloads\Charisma_-_Bobblehead.stl
2016-01-05 03:32 - 2016-01-05 03:32 - 00113284 _____ C:\Users\Keith\Downloads\Big_Guns_-_Bobblehead.stl
2016-01-05 03:32 - 2016-01-05 03:32 - 00102234 _____ C:\Users\Keith\Downloads\Barter_-_Bobblehead.stl
2016-01-05 03:30 - 2016-01-05 03:30 - 08997357 _____ C:\Users\Keith\Downloads\PowerArmorT60b-F4.STL
2016-01-05 03:30 - 2016-01-05 03:30 - 00781807 _____ C:\Users\Keith\Downloads\T60B-helmet.STL
2016-01-05 03:26 - 2016-01-05 03:27 - 54221384 _____ C:\Users\Keith\Downloads\Protectron_Action_Figure_STL.STL
2015-12-30 17:10 - 2016-01-07 04:55 - 00000000 ____D C:\Program Files (x86)\Xpadder
2015-12-30 17:10 - 2015-12-30 17:10 - 00000991 _____ C:\Users\Public\Desktop\Xpadder.lnk
2015-12-30 17:10 - 2015-12-30 17:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xpadder
2015-12-30 17:05 - 2016-01-01 22:47 - 00000000 ____D C:\Users\Keith\Desktop\Xpadder
2015-12-30 17:05 - 2015-12-30 17:34 - 00000000 ____D C:\Users\Keith\Desktop\Combat Mode
2015-12-30 16:31 - 2015-12-30 16:31 - 00013708 _____ C:\Users\Keith\Downloads\DS4Windows - Shortcut (2).lnk
2015-12-30 16:30 - 2015-12-30 16:30 - 00013708 _____ C:\Users\Keith\Downloads\DS4Windows - Shortcut.lnk
2015-12-29 17:23 - 2015-12-29 17:23 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-12-29 17:23 - 2015-05-27 14:51 - 00156160 _____ C:\Windows\system32\FW1FontWrapper_x64.dll
2015-12-29 17:22 - 2015-12-29 17:22 - 00002178 _____ C:\Users\Public\Desktop\Skin Tool.lnk
2015-12-29 17:22 - 2015-12-29 17:22 - 00002109 _____ C:\Users\Public\Desktop\EVGA PrecisionX 16.lnk
2015-12-29 17:22 - 2015-12-29 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EVGA
2015-12-29 17:22 - 2015-12-29 17:22 - 00000000 ____D C:\Program Files (x86)\EVGA
2015-12-29 17:20 - 2015-12-29 17:20 - 33637029 _____ C:\Users\Keith\Downloads\EVGA_PrecisionX_16_Setup_v5.3.10.zip
2015-12-28 20:22 - 2015-12-28 20:22 - 05271256 _____ (Husdawg, LLC) C:\Users\Keith\Downloads\Detection.exe
2015-12-26 20:52 - 2014-02-08 10:18 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-12-26 20:51 - 2014-02-08 12:34 - 31432480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-12-26 20:51 - 2014-02-08 12:34 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-12-26 20:51 - 2014-02-08 12:34 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-12-26 20:51 - 2014-02-08 12:34 - 18257576 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-12-26 20:51 - 2014-02-08 12:34 - 17715784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-12-26 20:51 - 2014-02-08 12:34 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-12-26 20:51 - 2014-02-08 12:34 - 15740232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-12-26 20:51 - 2014-02-08 12:34 - 14669032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-12-26 20:51 - 2014-02-08 12:34 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-12-26 20:51 - 2014-02-08 12:34 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-12-26 20:51 - 2014-02-08 12:34 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-12-26 20:51 - 2014-02-08 12:34 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-12-26 20:51 - 2014-02-08 12:34 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-12-26 20:51 - 2014-02-08 12:34 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-12-26 20:51 - 2014-02-08 12:34 - 03090184 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-12-26 20:51 - 2014-02-08 12:34 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-12-26 20:51 - 2014-02-08 12:34 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2015-12-26 20:51 - 2014-02-08 12:34 - 02713728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-12-26 20:51 - 2014-02-08 12:34 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2015-12-26 20:51 - 2014-02-08 12:34 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-12-26 20:51 - 2014-02-08 12:34 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-12-26 20:51 - 2014-02-08 12:34 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-12-26 20:51 - 2014-02-08 12:34 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-12-26 17:16 - 2015-12-27 22:46 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Ventrilo
2015-12-26 17:16 - 2015-12-26 17:16 - 00000913 _____ C:\Users\Keith\Desktop\Ventrilo.lnk
2015-12-26 17:16 - 2015-12-26 17:16 - 00000262 _____ C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2015-12-26 17:16 - 2015-12-26 17:16 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
2015-12-26 17:16 - 2015-12-26 17:16 - 00000000 ____D C:\Program Files\Ventrilo
2015-12-26 17:15 - 2015-12-26 17:15 - 04135696 _____ C:\Users\Keith\Downloads\ventrilo-3.0.8-Windows-x64.exe
2015-12-26 14:45 - 2015-12-26 20:53 - 00000000 ____D C:\Users\Keith\AppData\Local\NVIDIA Corporation
2015-12-26 14:44 - 2015-12-29 01:37 - 00000000 ____D C:\Users\Keith\AppData\Local\NVIDIA
2015-12-26 14:44 - 2014-02-05 03:31 - 01048152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-12-26 14:44 - 2014-02-05 03:30 - 01179576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-12-26 14:43 - 2015-12-26 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-12-26 14:43 - 2015-12-26 20:53 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-12-26 14:43 - 2015-12-26 14:43 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-12-26 14:41 - 2014-02-08 12:34 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll
2015-12-26 14:41 - 2014-02-08 12:34 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll
2015-12-26 14:38 - 2013-12-27 12:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-12-26 14:37 - 2013-12-27 12:42 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-12-26 14:37 - 2013-12-27 12:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-12-21 18:24 - 2016-01-01 21:23 - 00000000 ____D C:\Users\Keith\AppData\Roaming\DS4Windows
2015-12-21 18:24 - 2015-12-18 23:41 - 00573952 _____ () C:\Users\Keith\Downloads\DS4Updater.exe
2015-12-21 18:24 - 2015-12-18 23:07 - 03214848 _____ () C:\Users\Keith\Downloads\DS4Windows.exe
2015-12-21 18:18 - 2015-12-21 18:18 - 00926490 _____ C:\Users\Keith\Downloads\JoyToKey_en (1).zip
2015-12-21 18:17 - 2015-12-21 18:17 - 00926490 _____ C:\Users\Keith\Downloads\JoyToKey_en.zip
2015-12-21 18:14 - 2015-12-21 18:14 - 00001811 _____ C:\Users\Keith\Desktop\DS4Windows - Shortcut.lnk
2015-12-18 04:41 - 2015-12-18 04:41 - 00000222 _____ C:\Users\Keith\Desktop\The Binding of Isaac Rebirth.url
2015-12-18 03:15 - 2015-12-18 03:15 - 00024252 _____ C:\Users\Keith\Desktop\12647233304734519162.webp
2015-12-15 22:00 - 2015-12-30 17:35 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2015-12-15 22:00 - 2015-12-15 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2015-12-15 21:59 - 2015-12-15 23:04 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Guild Wars 2

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-14 07:16 - 2015-07-21 15:37 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-97093875-1870295296-4248595639-1000Core.job
2016-01-14 07:09 - 2015-07-21 15:37 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-97093875-1870295296-4248595639-1000UA.job
2016-01-14 07:09 - 2014-04-25 12:29 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-14 07:09 - 2009-07-13 22:45 - 00024496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-14 07:09 - 2009-07-13 22:45 - 00024496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-14 07:08 - 2014-04-22 14:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-12 10:50 - 2014-04-22 09:32 - 00000000 ____D C:\Users\Keith\AppData\Local\Adobe
2016-01-12 10:44 - 2009-07-13 23:13 - 00785858 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-12 10:44 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-01-12 10:40 - 2015-08-29 23:18 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-12 10:40 - 2014-04-25 12:29 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-12 10:40 - 2014-04-22 15:58 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-12 10:40 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-11 18:03 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\tracing
2016-01-11 08:13 - 2009-07-13 21:20 - 00000000 ____D C:\Windows
2016-01-11 08:03 - 2015-09-22 10:18 - 00000000 ____D C:\Users\Keith\Desktop\Matt's Stuff
2016-01-11 07:54 - 2014-08-26 14:25 - 00002198 _____ C:\Windows\epplauncher.mif
2016-01-11 03:27 - 2015-11-06 13:31 - 00000000 ____D C:\Users\Keith\AppData\Roaming\vlc
2016-01-11 02:43 - 2014-04-22 07:42 - 00000000 ____D C:\Users\Keith
2016-01-11 02:40 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\LiveKernelReports
2016-01-10 05:04 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-08 00:43 - 2015-08-29 23:19 - 00000000 ____D C:\Users\Keith\AppData\Local\Steam
2016-01-07 23:39 - 2015-09-07 02:27 - 00000000 ____D C:\Users\Keith\Documents\My Games
2016-01-07 04:55 - 2015-11-20 09:40 - 00000000 ____D C:\Users\Keith\AppData\Roaming\uTorrent
2016-01-07 04:48 - 2015-08-29 23:26 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-04 02:22 - 2015-05-22 06:48 - 00000000 ____D C:\Users\Keith\AppData\Local\File Viewer
2016-01-04 02:14 - 2015-11-20 09:41 - 00000000 ____D C:\Users\Keith\AppData\LocalLow\uTorrent
2016-01-04 02:14 - 2015-09-02 16:18 - 00000000 ___RD C:\Users\Keith\Creative Cloud Files
2016-01-04 02:14 - 2015-09-02 15:41 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-01-04 02:14 - 2014-09-25 09:32 - 00000000 ___RD C:\Users\Keith\Dropbox
2016-01-04 02:14 - 2014-09-25 09:30 - 00000000 ____D C:\Users\Keith\AppData\Roaming\Dropbox
2015-12-28 23:02 - 2014-04-22 14:37 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-28 23:02 - 2014-04-22 14:37 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-28 23:02 - 2014-04-22 14:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-28 15:39 - 2015-08-30 22:26 - 00000000 ____D C:\Program Files (x86)\Autodesk
2015-12-28 15:39 - 2015-08-30 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-12-28 15:38 - 2015-11-01 10:11 - 00000000 ____D C:\Program Files\Wondershare
2015-12-28 15:35 - 2014-04-23 12:05 - 00000000 ____D C:\Program Files (x86)\HP
2015-12-28 15:33 - 2014-04-25 12:29 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-28 14:40 - 2015-08-30 21:32 - 00000000 ____D C:\ProgramData\Unity
2015-12-27 07:46 - 2015-06-27 09:58 - 00000000 ____D C:\Users\Keith\AppData\Local\ElevatedDiagnostics
2015-12-26 20:52 - 2009-07-23 11:36 - 00000000 ____D C:\temp
2015-12-26 20:51 - 2014-04-22 15:57 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-12-26 14:49 - 2014-04-22 15:58 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-12-21 18:10 - 2014-04-22 12:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-18 03:00 - 2015-04-06 02:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-18 03:00 - 2015-04-06 02:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-18 02:04 - 2015-08-30 21:04 - 00000000 ____D C:\Users\Keith\AppData\Local\Akamai
2015-12-16 16:34 - 2015-11-22 23:50 - 00000000 ____D C:\Users\Keith\Documents\Unreal Projects
2015-12-16 16:05 - 2015-08-30 21:59 - 00000000 ____D C:\Program Files\Autodesk
2015-12-15 20:58 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Public\Libraries

==================== Files in the root of some directories =======

2015-11-20 07:46 - 2015-11-29 04:43 - 0000033 _____ () C:\Users\Keith\AppData\Roaming\AdobeWLCMCache.dat
2015-09-12 06:03 - 2015-09-12 06:03 - 0000112 _____ () C:\Users\Keith\AppData\Roaming\JP2K CS6 Prefs
2015-01-05 13:05 - 2015-01-05 13:05 - 0000062 _____ () C:\Users\Keith\AppData\Roaming\WB.CFG
2015-11-22 13:03 - 2015-11-22 14:05 - 0001456 _____ () C:\Users\Keith\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-11-22 17:30 - 2015-11-22 17:30 - 0000797 _____ () C:\Users\Keith\AppData\Local\recently-used.xbel
2015-06-02 13:55 - 2015-06-02 13:55 - 0000000 _____ () C:\Users\Keith\AppData\Local\S_293290272bounds.txt
2015-06-02 13:59 - 2015-06-02 13:59 - 0000000 _____ () C:\Users\Keith\AppData\Local\S_296909680bounds.txt
2016-01-07 23:48 - 2016-01-07 23:48 - 0001689 _____ () C:\ProgramData\tempimage.bmp

Some files in TEMP:
====================
C:\Users\Keith\AppData\Local\Temp\ose00000.exe
C:\Users\Keith\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-10 04:52

==================== End of FRST.txt ============================

#4 mattatx84

mattatx84
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 14 January 2016 - 08:25 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Keith (2016-01-14 07:17:46)
Running from C:\Users\Keith\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-04-22 13:42:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-97093875-1870295296-4248595639-500 - Administrator - Disabled)
Guest (S-1-5-21-97093875-1870295296-4248595639-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-97093875-1870295296-4248595639-1002 - Limited - Enabled)
Keith (S-1-5-21-97093875-1870295296-4248595639-1000 - Administrator - Enabled) => C:\Users\Keith

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Out of date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Out of date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
3CX MyPhone (HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\3614110508.10.0.1.200) (Version: - 10.0.1.200)
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.5.1 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.4.1.181 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\ILST_19_1_1) (Version: 19.1.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.1.0.122 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.0.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Apotheon Arena (HKLM-x32\...\Steam App 417890) (Version: - Alientrap)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Autodesk 3ds Max 2016 (HKLM\...\Autodesk 3ds Max 2016) (Version: 18.0.873.0 - Autodesk)
Autodesk 3ds Max 2016 (Version: 18.0.873.0 - Autodesk) Hidden
Autodesk 3ds Max 2016 Populate Data (HKLM\...\{57E92DED-DC7C-41E5-B9E1-76D83BD2EABE}) (Version: 18.0.0.0 - Autodesk)
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.19 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.9 - Autodesk)
Autodesk Backburner 2016 (HKLM-x32\...\{8C5F38D2-9EFE-49A4-B3F5-BF3210FED168}) (Version: 16.0.0.0 - Autodesk)
Autodesk Civil View for 3ds Max 2016 64-bit (HKLM\...\{1C4FFAF0-6DBB-4F7A-A386-46747D060826}) (Version: 18.0.0.0 - Autodesk)
Autodesk DirectConnect 2016 64-bit (HKLM\...\Autodesk DirectConnect 2016 64-bit) (Version: 10.0.110.1 - Autodesk)
Autodesk DirectConnect 2016 64-bit (Version: 10.0.110.1 - Autodesk) Hidden
Autodesk Inventor Server Engine for 3ds Max 2016 (HKLM\...\{9167CA34-4E58-49E3-8892-3C439739D2D3}) (Version: 18.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.19 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.19 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2016 (HKLM-x32\...\{415A5A54-325E-4815-9940-62A889CA3877}) (Version: 6.3.0.19 - Autodesk)
Autodesk Maya 2016 (HKLM\...\Autodesk Maya 2016) (Version: 16.0.1312.0 - Autodesk)
Autodesk Maya 2016 (Version: 16.0.1312.0 - Autodesk) Hidden
Autodesk MotionBuilder 2016 (HKLM\...\Autodesk MotionBuilder 2016) (Version: 16.0.0.17 - Autodesk)
Autodesk MotionBuilder 2016 (Version: 16.0.0.17 - Autodesk) Hidden
Autodesk Mudbox 2016 (HKLM\...\Autodesk Mudbox 2016) (Version: 10.0.0.166 - Autodesk)
Autodesk Mudbox 2016 (Version: 10.0.0.166 - Autodesk) Hidden
Autodesk ReCap 2016 (HKLM\...\Autodesk ReCap 2016) (Version: 1.5.0.33 - Autodesk)
Autodesk ReCap 2016 (Version: 1.5.0.33 - Autodesk) Hidden
Autodesk Revit Interoperability for 3ds Max 2016 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2016) (Version: 16.0.421.0 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2016 (Version: 16.0.421.0 - Autodesk) Hidden
Autodesk Suite Exclusives 2016 (HKLM\...\{D0F82C64-3E66-4B12-B12C-3F79C0F731C1}) (Version: 3.0.0.0 - Autodesk)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\CopyTrans Suite) (Version: 4.004 - WindSolutions)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version: - FromSoftware)
Dassault Systemes Software VC9 Prerequisites x86-x64 (HKLM\...\{F2F2DEA7-36AB-4E13-907C-D8BDE775EF97}) (Version: 9.1.2 - Dassault Systemes)
Dropbox (HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Epic Games Launcher (HKLM-x32\...\{16969EF2-23EA-4BD9-B085-4952D95E8A7D}) (Version: 1.1.48.0 - Epic Games, Inc.)
EVGA PrecisionX 16 (HKLM-x32\...\{425A0AAA-B049-4356-A81E-E089BC5AE934}) (Version: 5.3.10 - EVGA Corporation)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version: - Q, Timeslip)
File Identifier (HKLM-x32\...\{C257E434-E8F1-4E06-A616-598E4933553E}_is1) (Version: 1.0.8 - Sharpened Productions)
File Viewer Lite (HKLM-x32\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 1.3.2 - Sharpened Productions)
Firebird 2.5.0.26074 (x64) (HKLM\...\FBDBServer_2_5_x64_is1) (Version: 2.5.0.26074 - Firebird Project)
Firebird/InterBase® ODBC driver 2.0.1.152 (HKLM\...\Firebird ODBC Driver_is1) (Version: 2.0.1.152 - Firebird Project)
Gadwin PrintScreen (HKLM-x32\...\Gadwin PrintScreen) (Version: 4.7 - Gadwin Systems, Inc.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Apps Migration For Microsoft Outlook® 4.0.25.0 (HKLM-x32\...\{9D77F017-F6ED-4C4A-B684-A023B67406C7}) (Version: 4.0.25.0 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToAssist Customer 2.0.0.637 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.0.0.637 - Citrix Online)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
GWizard (HKLM-x32\...\GWizard.10BF72DB3E21DFA5E488DD435BD80808DFD917E3.1) (Version: 2.41 - CNCCookbook, Inc.)
GWizard (x32 Version: 2.41 - CNCCookbook, Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
H-Hour: World's Elite (HKLM-x32\...\Steam App 293220) (Version: - SOF Studios Ltd)
HP LaserJet Professional CM1410 Series (HKLM-x32\...\{0EF0EA0D-F945-4958-85CC-60FF1E86D216}) (Version: - Hewlett-Packard)
HP LJ CM1410 MFP Series HP Scan (HKLM-x32\...\{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}) (Version: 1.0.302.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPLaserJetHelp_LearnCenter (HKLM-x32\...\{C9C16E4B-4FDD-4A31-8B8F-EC402082407A}) (Version: 1.03.0000 - Hewlett-Packard)
HPLJUT (x32 Version: 1.00.0012 - HP) Hidden
hppCM1410LaserJetService (x32 Version: 001.008.00477 - Hewlett-Packard) Hidden
hppFaxDrvCM1410 (x32 Version: 003.000.00001 - Hewlett-Packard) Hidden
hppFaxUtilityCM1410 (x32 Version: 000.002.00001 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 002.015.00599 - Hewlett-Packard) Hidden
hppSendFaxCM1410 (x32 Version: 003.000.00001 - Hewlett-Packard) Hidden
hppTLBXFXCM1410 (x32 Version: 001.012.00948 - Hewlett-Packard) Hidden
hpzTLBXFX (x32 Version: 006.015.01163 - Hewlett-Packard) Hidden
InputMapper (HKLM-x32\...\{1A44056A-C7D8-4561-BC43-A0AA7D7AAA64}) (Version: 1.5.31.0 - DSDCS)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Marketsplash Shortcuts (HKLM-x32\...\{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}) (Version: 1.0.0.9 - Hewlett-Packard)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{EBFC96E5-4409-426E-88B7-650ADB342E78}) (Version: 8.0.50727.42 - The Firebird Project)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 334.89 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 334.89 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation)
NVIDIA nView 141.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.00 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
NVIDIA WMI 2.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.18.0 - NVIDIA Corporation)
Oracle VM VirtualBox 5.0.10 (HKLM\...\{F6E922CF-068D-4AFC-8DBF-4636B84AF0A5}) (Version: 5.0.10 - Oracle Corporation)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.3 beta r2461 - )
Relic Hunters Zero (HKLM-x32\...\Steam App 382490) (Version: - Rogue Snail)
Sentinel System Driver Installer 7.5.7 (HKLM-x32\...\{B281C7D1-C088-40E0-86EA-B2D9D7E0810A}) (Version: 7.5.7 - SafeNet, Inc.)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Shockwave Player (HKLM-x32\...\{930439A1-B49E-4A54-A499-31BDC1A91DE5}) (Version: 8.5.1.436 - Macromedia, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1208 - SUPERAntiSpyware.com)
System Requirements Lab Detection (HKLM-x32\...\{55606010-FA1A-4751-A8A6-1D7E096A5F27}) (Version: 6.1.6.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
the static speaks my name (HKLM-x32\...\Steam App 387860) (Version: - Jesse Barksdale)
Time Machine VR Demo (HKLM-x32\...\Steam App 397610) (Version: - Minority Media Inc.)
Twine 2.0.8 (remove only) (HKLM-x32\...\Twine2) (Version: - )
UE4 Prerequisites (x64) (HKLM-x32\...\{31b49e1e-03f8-4a04-8faa-f6476d8fad02}) (Version: 1.0.10.0 - Epic Games, Inc.)
UE4 Prerequisites (x64) (Version: 1.0.10.0 - Epic Games, Inc.) Hidden
Unity (HKLM-x32\...\Unity) (Version: 5.1.3f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\UnityWebPlayer) (Version: 5.1.3f1 - Unity Technologies ApS)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Viridi (HKLM-x32\...\Steam App 375950) (Version: - Ice Water Games)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.14-1 - Wacom Technology Corp.)
Warhammer 40,000: Regicide (HKLM-x32\...\Steam App 322910) (Version: - Hammerfall Publishing)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinRAR 5.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Xpadder version 5.7 (HKLM-x32\...\{0DCE54A9-7256-4132-9D4E-1A64AE35E9B1}_is1) (Version: 5.7 - Xpadder, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-97093875-1870295296-4248595639-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Keith\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-97093875-1870295296-4248595639-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\B (the data entry has 28 more characters).
CustomCLSID: HKU\S-1-5-21-97093875-1870295296-4248595639-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\B (the data entry has 28 more characters).
CustomCLSID: HKU\S-1-5-21-97093875-1870295296-4248595639-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\B (the data entry has 28 more characters).
CustomCLSID: HKU\S-1-5-21-97093875-1870295296-4248595639-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-97093875-1870295296-4248595639-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-97093875-1870295296-4248595639-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-97093875-1870295296-4248595639-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-97093875-1870295296-4248595639-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-97093875-1870295296-4248595639-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-97093875-1870295296-4248595639-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-97093875-1870295296-4248595639-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-97093875-1870295296-4248595639-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-97093875-1870295296-4248595639-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-97093875-1870295296-4248595639-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Keith\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0878192E-2ACD-4F05-A648-F3FCCEC7D827} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {0990D04B-915F-4CBB-9030-998B30E17D2F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-97093875-1870295296-4248595639-1000UA => C:\Users\Keith\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-21] (Dropbox, Inc.)
Task: {20C1F9B1-A804-4C2D-9728-214CDC780177} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {21199FA4-6B4C-413E-AEE6-B504B034F9A6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {2B631D45-A371-46DF-B2E6-9B5DA98A50CB} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {61BD45AD-0860-4BB6-A4B1-C41DD2629786} - System32\Tasks\AdobeAAMUpdater-1.0-Keith-PC-Keith => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-10-30] (Adobe Systems Incorporated)
Task: {941FDF01-37B3-4CD3-8D5A-A4CA87DF5F33} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A047141C-1D4B-4CC2-A909-B52CA772CB21} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-28] (Adobe Systems Incorporated)
Task: {B695BD4D-A1A5-4944-8CDD-7FAD4F493CB2} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-97093875-1870295296-4248595639-1000Core => C:\Users\Keith\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-21] (Dropbox, Inc.)
Task: {B84F370E-F2BF-45CA-AAEA-707B408A9952} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D67BCEC7-C69E-4B4D-8902-4B2ED2713D90} - System32\Tasks\Xahinip => C:\PROGRA~1\GROOVE~1\Jivhucfo.bat
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E3BA48D8-9510-4C8C-BEED-CA556A471102} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-97093875-1870295296-4248595639-1000Core.job => C:\Users\Keith\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-97093875-1870295296-4248595639-1000UA.job => C:\Users\Keith\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-04-22 15:58 - 2014-08-19 21:15 - 02683736 _____ () C:\Windows\system32\nvwmi64.exe
2014-04-22 15:58 - 2014-02-08 11:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-01-07 03:15 - 2016-01-07 03:15 - 00383488 _____ () C:\Program Files\amztab\amztab.exe
2015-11-14 04:23 - 2015-11-14 04:23 - 00553120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-15 07:15 - 2015-08-15 07:15 - 00036544 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2015-08-15 07:15 - 2015-08-15 07:15 - 00829632 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2015-08-15 07:13 - 2015-08-15 07:13 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\RecycleManager.dll
2015-08-15 07:14 - 2015-08-15 07:14 - 00022528 _____ () C:\Program Files\Rainmeter\Plugins\InputText.dll
2015-09-03 14:59 - 2015-08-21 12:33 - 01347264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2015-11-14 04:22 - 2015-11-14 04:22 - 31401120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-10-13 04:45 - 2015-10-13 04:45 - 00306960 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2015-08-30 22:35 - 2015-11-16 20:33 - 00055328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2015-08-30 22:35 - 2015-11-16 20:33 - 00103968 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2015-08-29 23:19 - 2015-11-10 13:55 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-12-21 18:12 - 2015-07-03 10:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-12-21 18:12 - 2015-07-03 10:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-12-21 18:12 - 2015-07-03 10:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-08-29 23:19 - 2015-12-14 14:01 - 02547280 _____ () C:\Program Files (x86)\Steam\video.dll
2015-08-29 23:19 - 2015-09-23 18:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-08-29 23:19 - 2015-09-23 18:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-08-29 23:19 - 2015-09-23 18:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-08-29 23:19 - 2015-09-23 18:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-08-29 23:19 - 2015-09-23 18:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-08-29 23:19 - 2015-12-14 14:01 - 00804432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-11-16 17:43 - 2015-11-16 17:43 - 40523440 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2015-11-16 17:43 - 2015-11-16 17:43 - 01365680 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libglesv2.dll
2015-11-16 17:43 - 2015-11-16 17:43 - 00219312 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libegl.dll
2016-01-12 10:40 - 2015-11-16 20:33 - 00103968 _____ () C:\Users\Keith\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll
2015-08-29 23:19 - 2015-11-16 18:31 - 47846176 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-11-25 19:35 - 2015-11-25 19:35 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2015-11-25 19:35 - 2015-11-25 19:35 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2015-11-25 19:35 - 2015-11-25 19:35 - 00121344 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2015-11-25 19:35 - 2015-11-25 19:35 - 00129536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2015-11-25 13:22 - 2015-11-25 13:22 - 00089264 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\native\ProxyResolverWin7.dll
2015-11-25 19:35 - 2015-11-25 19:35 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2015-10-13 04:46 - 2015-10-13 04:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-15 15:27 - 2015-05-15 15:27 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\citrixonline.com -> hxxps://download.citrixonline.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2016-01-07 04:52 - 00001003 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-97093875-1870295296-4248595639-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{630D142A-1DEB-4842-90E5-1F7C14874DA9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FEA6BA30-71BD-4FF0-A6FF-409B5B6DA9A4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{6F8873DA-3AD1-431E-8469-429DA172F86E}C:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe
FirewallRules: [UDP Query User{6A3A17C8-B914-4AA3-A5E5-BB1A1DBF196F}C:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe
FirewallRules: [TCP Query User{0D5675FF-575B-448C-8CF3-7BF465F1F732}C:\program files (x86)\microsoft silverlight\sllauncher.exe] => (Block) C:\program files (x86)\microsoft silverlight\sllauncher.exe
FirewallRules: [UDP Query User{ACD27406-DBB3-4A90-9AC4-37C4429B0CD7}C:\program files (x86)\microsoft silverlight\sllauncher.exe] => (Block) C:\program files (x86)\microsoft silverlight\sllauncher.exe
FirewallRules: [{304C5289-C264-457D-A089-E5CE996EE580}] => (Allow) C:\Users\Keith\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C002C4AF-66E1-4A17-9EEA-4B54A52CE0EF}] => (Allow) C:\Users\Keith\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{40C61610-829E-4AB2-ABEC-6EC758C4B659}C:\users\keith\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\keith\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{B53E1414-4821-4417-905F-D4999513F593}C:\users\keith\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\keith\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{5F12A5BC-3DDA-4F87-90E1-5683D1C0FF06}C:\program files (x86)\microsoft silverlight\sllauncher.exe] => (Allow) C:\program files (x86)\microsoft silverlight\sllauncher.exe
FirewallRules: [UDP Query User{263C2E82-5718-4F9E-92B3-B51871D7EEC1}C:\program files (x86)\microsoft silverlight\sllauncher.exe] => (Allow) C:\program files (x86)\microsoft silverlight\sllauncher.exe
FirewallRules: [TCP Query User{AD0D40B3-D644-4665-B739-C87F4397BB94}C:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe
FirewallRules: [UDP Query User{9DAFA1B5-7848-4AC9-9525-9EFBEAB5FF35}C:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe
FirewallRules: [{B537C699-CB4B-4730-A421-A36DC7B2AB94}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9BFA3D98-7DEF-490A-8EFF-BA8E0E0459AB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{AD752872-DE37-468E-A9B5-DB33C56A01C0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{2EED139E-A03E-4048-BD9A-4184D19D2A73}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{69B007BB-8A37-4184-8574-8C0B43133E33}C:\users\keith\appdata\local\programs\grabcad\grabcaddesktopclient\grabcaddesktopclient.exe] => (Allow) C:\users\keith\appdata\local\programs\grabcad\grabcaddesktopclient\grabcaddesktopclient.exe
FirewallRules: [UDP Query User{7A8E3456-502B-403F-8CEB-A3EBCEEA7147}C:\users\keith\appdata\local\programs\grabcad\grabcaddesktopclient\grabcaddesktopclient.exe] => (Allow) C:\users\keith\appdata\local\programs\grabcad\grabcaddesktopclient\grabcaddesktopclient.exe
FirewallRules: [{B18B55C8-1D89-463B-9AA0-1CB2343F5457}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3708A8A8-DA44-468F-A4EE-50EC68424B5B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4F9C5D2A-7491-4AFF-BEC1-B6F5AAEFC2BB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F3B39E4B-3C0D-4A4C-9941-A1B388A76335}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AE01CABF-5EE8-4033-8892-D8A0D58B3758}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{04AA8A85-D70B-4D26-BCB8-0DCA047FEB8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{5772E56C-00C2-41F7-A3F4-BDD73CDD1202}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H-Hour Worlds Elite\HHourGame\Binaries\Win64\HHourGame.exe
FirewallRules: [{2CC5D50D-B9E4-4B29-8652-9DC3725DAC2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H-Hour Worlds Elite\HHourGame\Binaries\Win64\HHourGame.exe
FirewallRules: [TCP Query User{95CA3712-35BD-466B-A902-E622E18E81A9}C:\users\keith\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\keith\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{79246E2F-DE5C-4116-AAD0-DB3911A77745}C:\users\keith\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\keith\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{3B1E6170-BB0D-4236-B5E7-8C30AE76136D}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{6AA97C7A-A78E-4379-8016-5804D04CBDCB}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [{19F0B464-84D5-4801-B576-F0D227C2DC25}] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [{E29DC09A-8953-4989-9F72-19E2F4059F5B}] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [{702DE817-D126-4F2E-961B-993B36645FF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viridi\Viridi.exe
FirewallRules: [{0C552013-0051-4406-BB69-9D7D2F258DF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viridi\Viridi.exe
FirewallRules: [{2FC901A2-CA3F-4B04-BC7A-B6928F9C6F64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Relic Hunters Zero\RelicHuntersZero.exe
FirewallRules: [{C2CBB9FA-6402-4273-858F-320342568FE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Relic Hunters Zero\RelicHuntersZero.exe
FirewallRules: [{754149B1-BD16-4361-80A9-E4766674FA2C}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe
FirewallRules: [{E5E9F3AE-0FF2-4327-92D7-68CF105B8291}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe
FirewallRules: [{5E025889-6AAD-4A37-95A0-9415AD028FBD}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64.exe
FirewallRules: [{D3A20C17-1E71-4866-87FF-8EE39FAAAC04}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64.exe
FirewallRules: [{F9097DF0-A54B-498A-8006-FE7EFEB104B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the static speaks my name\thestatic_win.exe
FirewallRules: [{9A829A35-89D0-457C-A51B-FC2B899D5557}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the static speaks my name\thestatic_win.exe
FirewallRules: [{262451C4-FB88-40AA-9354-BFA1FF567F5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{667207AC-BAAF-4D06-93D3-DB2802988B73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{DB684634-504B-459A-8110-006191945CE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Time Machine VR Demo\Nautilus.exe
FirewallRules: [{5C50A8F1-634D-4377-8A1D-E169634DA41C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Time Machine VR Demo\Nautilus.exe
FirewallRules: [TCP Query User{3D27D3D8-B4E3-47EA-8332-67EF3412C03F}C:\program files (x86)\steam\steamapps\common\time machine vr demo\nautilus\binaries\win64\nautilus.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\time machine vr demo\nautilus\binaries\win64\nautilus.exe
FirewallRules: [UDP Query User{5C8E10C3-DA88-4973-B8B4-3BB9CEE7F7C7}C:\program files (x86)\steam\steamapps\common\time machine vr demo\nautilus\binaries\win64\nautilus.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\time machine vr demo\nautilus\binaries\win64\nautilus.exe
FirewallRules: [{294B3EFE-0CA4-4C82-9578-80AE00E634F7}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{C3EB9E82-0D65-4169-B5EF-F7F5E35D7928}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{9C0C2DF9-569F-4855-973D-7C5FCD760C0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A0A7828A-5DCE-4498-9201-D89B9AA59E9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2344E15F-C759-4BF4-8F88-25609B840AC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{B4E59A5F-F55B-43E9-8FD2-0C97C7F23829}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{90FF2F00-D440-4FC8-AF0C-D091571A62E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{A54BE270-F84C-4C4C-BF39-7B1214B0840A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{66E3F236-E507-459E-A51F-6530451B9191}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warhammer 40,000 Regicide\Warhammer 40K Regicide.exe
FirewallRules: [{2289980A-F399-4447-8129-1CC27BB2A42F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warhammer 40,000 Regicide\Warhammer 40K Regicide.exe
FirewallRules: [TCP Query User{FD75CE86-498A-4C56-A2FB-77D1AA8FA5EE}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{65968812-9955-4A28-A2A9-AF9E8DD699B9}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{6226A1CB-3E03-43CE-95F9-B63A71130A8B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{33958420-9DCE-4759-B14F-B88CC1ADAFDD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E1726B45-8B4C-4347-B383-D3B620C7C041}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{177862D0-ECFF-4D14-A35D-445379D9EB1A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1765DB2B-49B1-4069-8FF5-C1F046BE7C42}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{EEF26ECE-FF26-4241-BEDD-2438D94CD399}] => (Allow) C:\Users\Keith\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2114E046-47EC-4395-BEED-707D3D1DFC05}] => (Allow) C:\Users\Keith\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E6D38574-2869-4D2C-8B16-426E6695CBB0}] => (Allow) C:\Users\Keith\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{408A7204-BEDC-42D4-916D-27582538B219}] => (Allow) C:\Users\Keith\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ACF03726-664E-4833-B9E7-D7DC5BF55F03}] => (Allow) C:\Users\Keith\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{08751BA7-FAAF-4F05-BCBB-60406B883A30}] => (Allow) C:\Users\Keith\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{BEB1D6F5-15D5-46AB-8817-C76AF06B41FA}C:\program files (x86)\epic games\4.10\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files (x86)\epic games\4.10\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{A4E4FEFD-F2A3-4600-825A-4208135DD934}C:\program files (x86)\epic games\4.10\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files (x86)\epic games\4.10\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{EEFFF503-8885-465B-B75E-B2DDBCED4DED}C:\program files\epic games\shadowcomplexremastered\binaries\win32\shadowcomplex-win32-egl.exe] => (Allow) C:\program files\epic games\shadowcomplexremastered\binaries\win32\shadowcomplex-win32-egl.exe
FirewallRules: [UDP Query User{0919D0CA-F026-43C7-ADAA-67B9A1ED7592}C:\program files\epic games\shadowcomplexremastered\binaries\win32\shadowcomplex-win32-egl.exe] => (Allow) C:\program files\epic games\shadowcomplexremastered\binaries\win32\shadowcomplex-win32-egl.exe
FirewallRules: [{CC5168D4-A3CD-4A16-B3FB-A061C5AC0D6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Apotheon Arena\ApotheonArena.exe
FirewallRules: [{24A0B7E0-67D6-4192-BDE7-636DDE735365}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Apotheon Arena\ApotheonArena.exe
FirewallRules: [{894A95F2-21D5-45EE-8581-802FA43FF5D9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6140DCD8-6B68-49CD-99F1-98EE09FC498F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{14934351-00DF-4A6A-A0FA-CD990CDBEBF8}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{31578DB7-F569-4B2B-B37E-06CE0F2C6916}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{36D913FB-FE78-43B5-9055-99CDEA54AD35}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{317440A5-8390-4A5D-8D71-737128657DCF}C:\users\keith\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\keith\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{D958EE9C-96B2-415F-9A49-4E4F4D84C4D6}C:\users\keith\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\keith\appdata\local\akamai\netsession_win.exe
FirewallRules: [{C3AD04EA-13AA-4F9D-B5CD-BD08A613CB32}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4E0B2084-1E5A-4B66-91B2-0EED50D03E67}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8BEA0065-9206-4579-8C5E-79C0B82CA64A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{444453E5-814B-4F6D-9FA1-7F878926DF23}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{AE32F91D-12E1-4507-AC6C-723801AF27CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DBB98543-6F6F-48CB-B4B0-D4224156FC2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{91DDD29B-8F90-4AEA-A08B-AD0D00C9A745}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{F00F0AF6-C699-4930-8936-FB8675A16CD5}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe

==================== Restore Points =========================

12-01-2016 11:06:00 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/14/2016 07:11:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvBackend.exe, version: 11.10.13.1, time stamp: 0x52f202d0
Faulting module name: NvBackend.exe, version: 11.10.13.1, time stamp: 0x52f202d0
Exception code: 0xc0000005
Fault offset: 0x0005f06b
Faulting process id: 0x1b3c
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3

Error: (01/14/2016 07:11:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvBackend.exe, version: 11.10.13.1, time stamp: 0x52f202d0
Faulting module name: NvBackend.exe, version: 11.10.13.1, time stamp: 0x52f202d0
Exception code: 0xc0000005
Fault offset: 0x0005f06b
Faulting process id: 0x1588
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3

Error: (01/12/2016 11:55:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvBackend.exe, version: 11.10.13.1, time stamp: 0x52f202d0
Faulting module name: NvBackend.exe, version: 11.10.13.1, time stamp: 0x52f202d0
Exception code: 0xc0000005
Fault offset: 0x0005f06b
Faulting process id: 0x468
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3

Error: (01/12/2016 11:25:36 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80040154

Error: (01/12/2016 10:40:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvBackend.exe, version: 11.10.13.1, time stamp: 0x52f202d0
Faulting module name: NvBackend.exe, version: 11.10.13.1, time stamp: 0x52f202d0
Exception code: 0xc0000005
Fault offset: 0x0005f06b
Faulting process id: 0x9cc
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3

Error: (01/12/2016 10:40:11 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070002.

Error: (01/11/2016 07:19:56 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80040154

Error: (01/11/2016 06:19:56 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80040154

Error: (01/11/2016 05:19:56 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80040154

Error: (01/11/2016 04:19:56 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80040154


System errors:
=============
Error: (01/14/2016 07:17:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%5

Error: (01/14/2016 07:17:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error:
%%5

Error: (01/14/2016 07:17:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%5

Error: (01/14/2016 07:17:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error:
%%5

Error: (01/14/2016 07:15:53 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}

Error: (01/14/2016 07:15:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%5

Error: (01/14/2016 07:15:41 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error:
%%5

Error: (01/14/2016 07:15:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1062

Error: (01/14/2016 07:15:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%5

Error: (01/14/2016 07:15:23 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error:
%%5


==================== Memory info ===========================

Processor: Intel® Xeon® CPU W3503 @ 2.40GHz
Percentage of memory in use: 22%
Total physical RAM: 10237.55 MB
Available physical RAM: 7913.09 MB
Total Virtual: 19105.54 MB
Available Virtual: 16810.26 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:5.21 GB) NTFS
Drive d: (Data) (Fixed) (Total:298.05 GB) (Free:0 GB) NTFS
Drive e: (XP_PRO_SP3) (CDROM) (Total:0.58 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C6537555)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:13 AM

Posted 15 January 2016 - 08:15 AM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

2.

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Extract the ZIP archive and double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

[/*]

 

 

3.

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 mattatx84

mattatx84
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 17 January 2016 - 08:53 AM

Sorry I did not get back sooner I was out of town..

 

Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Keith (2016-01-17 03:46:29) Run:3
Running from C:\Users\Keith\Desktop
Loaded Profiles: Keith (Available Profiles: Keith)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
R2 AmazingTab; C:\Program Files\amztab\amztab.exe [383488 2016-01-07] () [File not signed]
C:\Program Files\amztab
FF Extension: Discover Treasure - C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\3hj8o44j.default\Extensions\{71b5bd3e-dcee-4a7a-809d-10fbc422a05d}.xpi [2015-10-31] [not signed]
FF Extension: See More Results Hub - C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\3hj8o44j.default\Extensions\{bf647da0-1a32-42fb-a7cb-f538273ea346}.xpi [2015-10-31] [not signed]
HKU\S-1-5-21-97093875-1870295296-4248595639-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.live.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> OldSearch URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-97093875-1870295296-4248595639-1000 -> DefaultScope {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
HOSTS:
HKU\S-1-5-21-97093875-1870295296-4248595639-1000\...\Run: [uTorrent] => C:\Users\Keith\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-11-20] (BitTorrent Inc.)
C:\Users\Keith\AppData\Local\Temp\ose00000.exe
C:\Users\Keith\AppData\Local\Temp\sqlite3.dll
Task: {D67BCEC7-C69E-4B4D-8902-4B2ED2713D90} - System32\Tasks\Xahinip => C:\PROGRA~1\GROOVE~1\Jivhucfo.bat
*****************
 
AmazingTab => Unable to stop service.
AmazingTab => service removed successfully
C:\Program Files\amztab => moved successfully
C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\3hj8o44j.default\Extensions\{71b5bd3e-dcee-4a7a-809d-10fbc422a05d}.xpi => moved successfully
C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\3hj8o44j.default\Extensions\{bf647da0-1a32-42fb-a7cb-f538273ea346}.xpi => moved successfully
HKU\S-1-5-21-97093875-1870295296-4248595639-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch" => key removed successfully
HKCR\CLSID\OldSearch => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-97093875-1870295296-4248595639-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
HKU\S-1-5-21-97093875-1870295296-4248595639-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value removed successfully
C:\Users\Keith\AppData\Local\Temp\ose00000.exe => moved successfully
C:\Users\Keith\AppData\Local\Temp\sqlite3.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D67BCEC7-C69E-4B4D-8902-4B2ED2713D90}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D67BCEC7-C69E-4B4D-8902-4B2ED2713D90}" => key removed successfully
C:\Windows\System32\Tasks\Xahinip => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Xahinip" => key removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 03:46:43 ====
 
 
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2016.01.17.01
  rootkit: v2016.01.09.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18124
Keith :: KEITH-PC [administrator]
 
1/17/2016 4:06:34 AM
mbar-log-2016-01-17 (04-06-34).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 417108
Time elapsed: 16 minute(s), 38 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKU\S-1-5-21-97093875-1870295296-4248595639-1000\SOFTWARE\cylandin (Adware.Hicosmea) -> Delete on reboot. [6f464feb4c4deb4b606df5377b89e21e]
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 2
C:\Program Files (x86)\Removewat 2.2.7 (Trojan.Downloader) -> Delete on reboot. [5362d7639405c472080f190ddd272cd4]
C:\uninst (Adware.LaSuperba) -> Delete on reboot. [803579c1a3f6a29428b47a65c53f53ad]
 
Files Detected: 8
C:\Users\Keith\AppData\Roaming\IidupsOno\Nosmow.exe (Adware.PennyBee) -> Delete on reboot. [0ea742f85b3ea195786fd8f304fdd828]
C:\Program Files (x86)\Removewat 2.2.7\install.bat (Trojan.Downloader) -> Delete on reboot. [5362d7639405c472080f190ddd272cd4]
C:\Program Files (x86)\Removewat 2.2.7\ContentDirectory.xml (Trojan.Downloader) -> Delete on reboot. [5362d7639405c472080f190ddd272cd4]
C:\Program Files (x86)\Removewat 2.2.7\Removewat Final__9774_il214181.exe (Trojan.Downloader) -> Delete on reboot. [5362d7639405c472080f190ddd272cd4]
C:\Program Files (x86)\Removewat 2.2.7\Removewat.exe (Trojan.Downloader) -> Delete on reboot. [5362d7639405c472080f190ddd272cd4]
C:\Program Files (x86)\Removewat 2.2.7\setup_wm.exe (Trojan.Downloader) -> Delete on reboot. [5362d7639405c472080f190ddd272cd4]
C:\Program Files (x86)\Removewat 2.2.7\sqmapi.dll (Trojan.Downloader) -> Delete on reboot. [5362d7639405c472080f190ddd272cd4]
C:\uninst\uninstall.html (Adware.LaSuperba) -> Delete on reboot. [803579c1a3f6a29428b47a65c53f53ad]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.63.10586.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 4.722000 GHz
Memory total: 34323861504, free: 31575797760
 
Downloaded database version: v2016.01.17.01
Downloaded database version: v2016.01.09.01
Downloaded database version: v2016.01.14.01
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18124
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.400000 GHz
Memory total: 12882337792, free: 10851057664
 
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     01/17/2016 04:06:24
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp6.sys
\SystemRoot\system32\DRIVERS\VBoxNetLwf.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\drivers\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\b57nd60a.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\ScpVBus.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStorV.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\Sentinel64.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\WinUsb.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\normaliz.dll
\Windows\System32\sechost.dll
\Windows\System32\shell32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\nsi.dll
\Windows\System32\ole32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\iertutil.dll
\Windows\System32\oleaut32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\Wldap32.dll
\Windows\System32\gdi32.dll
\Windows\System32\usp10.dll
\Windows\System32\msctf.dll
\Windows\System32\wininet.dll
\Windows\System32\imagehlp.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\setupapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\imm32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\lpk.dll
\Windows\System32\difxapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\user32.dll
\Windows\System32\psapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2016.01.17.01
  rootkit: v2016.01.09.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800b323450, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b324040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b323450, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800a6a6050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStorV\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C6537555
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 488187904
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 250059350016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800b324790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b325040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b324790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800a633050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStorV\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A42D04A3
 
Partition information:
 
    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 80262
    Partition is not bootable
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 81920  Numsec = 625058480
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Done!
Infected: C:\Users\Keith\AppData\Roaming\IidupsOno\Nosmow.exe --> [Adware.PennyBee]
Infected: C:\Program Files (x86)\Removewat 2.2.7\install.bat --> [Trojan.Downloader]
Infected: C:\Program Files (x86)\Removewat 2.2.7 --> [Trojan.Downloader]
Infected: C:\Program Files (x86)\Removewat 2.2.7\ContentDirectory.xml --> [Trojan.Downloader]
Infected: C:\Program Files (x86)\Removewat 2.2.7\Removewat Final__9774_il214181.exe --> [Trojan.Downloader]
Infected: C:\Program Files (x86)\Removewat 2.2.7\Removewat.exe --> [Trojan.Downloader]
Infected: C:\Program Files (x86)\Removewat 2.2.7\setup_wm.exe --> [Trojan.Downloader]
Infected: C:\Program Files (x86)\Removewat 2.2.7\sqmapi.dll --> [Trojan.Downloader]
Infected: HKU\S-1-5-21-97093875-1870295296-4248595639-1000\SOFTWARE\cylandin --> [Adware.Hicosmea]
Infected: C:\uninst\uninstall.html --> [Adware.LaSuperba]
Infected: C:\uninst --> [Adware.LaSuperba]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
 
 
Farbar Service Scanner Version: 03-01-2016
Ran by Keith (administrator) on 17-01-2016 at 07:46:12
Running from "C:\Users\Keith\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
 
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
 
 
Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
 
 


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:13 AM

Posted 17 January 2016 - 08:22 PM

Tweaking.com - Windows Repair All-In-One

- Download Windows Repair All-In-One from here.

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that here.
- Right click on QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

 Note: Third-party firewalls might ask if you want to allow Windows Repair to connect to the internet. Allow it if asked.

- A window will appear. Click Step 2.
2f8o60N.png

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.
Ymy7crZ.png

- Go to Step 4, then click Do It.
zDtdN75.png

- Go to Step 5. Under System Restore click Create.
f7lEe1N.png

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
PGv2vtD.png

- By default Windows Repair All-In-One will create a Log folder in its folder on the Desktop. Please post the contents of the log in your next reply.

 

Hows the machine running after running this tool?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:13 AM

Posted 19 January 2016 - 10:39 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:13 AM

Posted 21 January 2016 - 09:51 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users