Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zeus Variant


  • This topic is locked This topic is locked
13 replies to this topic

#1 DraperTheOrchidEater

DraperTheOrchidEater

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 23 January 2016 - 06:00 PM

   Hey there, I'm not sure if my issue even warrants any investigation, however, some time ago I was personally targeted by a few people that later managed to trick me into running an executable on my computer. At the time I was foolish enough to not use any antivirus software (I was also running Windows XP). The group told me that they have infected my computer with a variant of the Zeus trojan that couldn't be detected by any AV or anti-malware software. They later on also mentioned that they had infected all of my electronic devices including my phone, router, camera, and TV. (I find this hard to believe and they were probably just trying to scare me.) After that point I more or less freaked out and tried to install Avira, which I remember managed to do a scan (which came up clean) but the real-time protection wouldn't work. I also tried BitDefender and Comodo but those just refused to install. I ran Malwarebytes Anti-Malware, TDSSKiller, SUPER Anti-Spyware, and ESET Online Scanner, all of which came up clean. There weren't a lot of symptoms of an infection besides the fact that my computer started sending out huge amounts of traffic onto the internet at times and I had insane pings and such in games. It's also worth a note that my PC would turn on as fast as pretty much any other machine and sometimes it could take upwards of thirty minutes.

 

   Once all of this happened I just figured that my PC was rather old anyway and I built a new computer that I currently use to this day. However, I still have all of the same devices (besides my router) and I use the same GMail, Google Drive, Youtube, Steam, and social media accounts. On top of that, I made the stupid mistake of having the infected computer on the same network as my new computer. Although since that happened I did a clean install of Windows 10. (I was running Windows 8.1 before that.) When I did so I had trouble with installing Avira as the real-time protection would turn off at random and it refused to update itself. After a few reinstalls it looks like it works though. So far it's been a few months and I don't have any symptoms of malware. Malwarebytes comes up clean and so does Avira. Right now I'm just looking for piece of mind.   

 

EDIT: Sorry for this being incomplete, I managed to hit tab and post this before I was done writing. Silly me. Will update with more information. 

 

EDIT #2: Should be done now, sorry for the wall of text.


Edited by DraperTheOrchidEater, 23 January 2016 - 06:10 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:04 PM

Posted 26 January 2016 - 10:41 AM

Greetings DraperTheOrchidEater and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Let's take a quick peek at your computer. Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 DraperTheOrchidEater

DraperTheOrchidEater
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 26 January 2016 - 06:23 PM

Hi Gary, I'll have these steps completed and pasted into a reply tomorrow. And you can feel free to call me David. Thanks for helping out. :)



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:04 PM

Posted 26 January 2016 - 06:25 PM

:thumbsup2:


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 DraperTheOrchidEater

DraperTheOrchidEater
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 27 January 2016 - 01:29 PM

Both of the logs from FRST are below and Summary.nfo should be attached to this post in a .zip. :)

 

 

FRST.txt:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by David G (administrator) on NIGHTRUNNER (27-01-2016 13:03:47)
Running from C:\Users\David G\Desktop
Loaded Profiles: David G (Available Profiles: David G)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-11-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-12-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [803200 2015-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [522784 2015-11-16] (Autodesk Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3a6ab964-64a6-4d28-bac7-b9810c65727f}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3008767551-3500505656-2170896072-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
 
FireFox:
========
FF ProfilePath: C:\Users\David G\AppData\Roaming\Mozilla\Firefox\Profiles\hSG7xsWK.default
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\David G\AppData\Roaming\Mozilla\Firefox\Profiles\hSG7xsWK.default\Extensions\abs@avira.com [2015-10-12] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\David G\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\David G\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\David G\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-20]
CHR Extension: (YouTube) - C:\Users\David G\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-12]
CHR Extension: (uBlock Origin) - C:\Users\David G\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-01-11]
CHR Extension: (Google Search) - C:\Users\David G\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-12]
CHR Extension: (Gmail) - C:\Users\David G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1139744 2015-11-16] (Autodesk Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [948392 2015-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2015-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2015-12-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1418560 2015-12-09] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2015-10-12] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [251160 2015-12-08] (Avira Operations GmbH & Co. KG)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-11-05] (NVIDIA Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-11-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-11-05] (NVIDIA Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2015-10-12] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2015-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2015-12-09] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-11-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-10-12] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-11-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-11-05] (NVIDIA Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-10-15] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-27 13:03 - 2016-01-27 13:03 - 00011557 _____ C:\Users\David G\Desktop\FRST.txt
2016-01-27 13:03 - 2016-01-27 13:03 - 00000000 ____D C:\FRST
2016-01-27 13:02 - 2016-01-27 13:03 - 02370560 _____ (Farbar) C:\Users\David G\Desktop\FRST64.exe
2016-01-17 19:01 - 2016-01-17 19:01 - 00051327 _____ C:\Users\David G\Downloads\DSMfix.zip
2016-01-17 19:00 - 2016-01-17 19:00 - 00087861 _____ C:\Users\David G\Downloads\Main-840-1.zip
2016-01-17 17:37 - 2016-01-17 17:37 - 00000000 ____D C:\Users\David G\Documents\NBGI
2016-01-17 17:36 - 2016-01-17 17:36 - 00000000 ____D C:\Users\David G\AppData\Local\NBGI
2016-01-17 16:43 - 2016-01-17 16:43 - 01358858 _____ C:\Users\David G\Downloads\Dark Souls - High-Res UI and Subtitles-21-1-211.rar
2016-01-17 16:40 - 2016-01-17 16:40 - 23890459 _____ C:\Users\David G\Downloads\High-Res Texture 1-1-5-194-.zip
2016-01-17 16:39 - 2016-01-17 16:39 - 00050183 _____ C:\Users\David G\Downloads\dsmfix09-28-.zip
2016-01-17 16:38 - 2016-01-17 16:41 - 220303477 _____ C:\Users\David G\Downloads\Dark Souls HD Texture pack -446-3-0Lite.7z
2016-01-17 16:38 - 2016-01-17 16:38 - 09826550 _____ C:\Users\David G\Downloads\Dark Souls Flora Overhaul v05-56-.7z
2016-01-17 15:50 - 2016-01-17 15:50 - 00392093 _____ C:\Users\David G\Downloads\DSFix 2.4-19-2-4.zip
2016-01-15 19:11 - 2016-01-15 19:11 - 00000000 ____D C:\Users\David G\AppData\Local\Microsoft_Corporation
2016-01-14 18:18 - 2016-01-04 21:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-14 18:18 - 2016-01-04 21:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-14 18:18 - 2016-01-04 21:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-14 18:18 - 2016-01-04 21:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-14 18:18 - 2016-01-04 21:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-14 18:18 - 2016-01-04 21:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-14 18:18 - 2016-01-04 21:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-14 18:18 - 2016-01-04 21:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-14 18:18 - 2016-01-04 21:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-14 18:18 - 2016-01-04 21:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-14 18:18 - 2016-01-04 21:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-14 18:18 - 2016-01-04 21:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-14 18:18 - 2016-01-04 21:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-14 18:18 - 2016-01-04 21:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-14 18:18 - 2016-01-04 21:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-14 18:18 - 2016-01-04 21:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-14 18:18 - 2016-01-04 21:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-14 18:18 - 2016-01-04 21:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-14 18:18 - 2016-01-04 21:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-14 18:18 - 2016-01-04 21:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-14 18:18 - 2016-01-04 21:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-14 18:18 - 2016-01-04 21:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-14 18:18 - 2016-01-04 21:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-14 18:18 - 2016-01-04 21:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-14 18:18 - 2016-01-04 21:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-14 18:18 - 2016-01-04 21:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-14 18:18 - 2016-01-04 21:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-14 18:18 - 2016-01-04 21:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-14 18:18 - 2016-01-04 21:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-14 18:18 - 2016-01-04 21:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-14 18:18 - 2016-01-04 21:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-14 18:18 - 2016-01-04 21:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-14 18:18 - 2016-01-04 21:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-14 18:18 - 2016-01-04 21:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-14 18:18 - 2016-01-04 21:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-14 18:18 - 2016-01-04 20:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-14 18:18 - 2016-01-04 20:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-14 18:18 - 2016-01-04 20:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-14 18:18 - 2016-01-04 20:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-14 18:18 - 2016-01-04 20:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-14 18:18 - 2016-01-04 20:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-14 18:18 - 2016-01-04 20:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-14 18:18 - 2016-01-04 20:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-14 18:18 - 2016-01-04 20:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-14 18:18 - 2016-01-04 20:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-14 18:18 - 2016-01-04 20:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-14 18:18 - 2016-01-04 20:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-14 18:18 - 2016-01-04 20:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-14 18:18 - 2016-01-04 20:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-14 18:18 - 2016-01-04 20:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-14 18:18 - 2016-01-04 20:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-14 18:18 - 2016-01-04 20:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-14 18:18 - 2016-01-04 20:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-14 18:18 - 2016-01-04 20:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-14 18:18 - 2016-01-04 20:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-14 18:18 - 2016-01-04 20:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-14 18:18 - 2016-01-04 20:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-14 18:18 - 2016-01-04 20:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-14 18:18 - 2016-01-04 20:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-14 18:18 - 2016-01-04 20:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-14 18:18 - 2016-01-04 20:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-14 18:18 - 2016-01-04 20:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-14 18:18 - 2016-01-04 20:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-14 18:18 - 2016-01-04 20:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-14 18:18 - 2016-01-04 20:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-14 18:18 - 2016-01-04 20:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-14 18:18 - 2016-01-04 20:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-14 18:18 - 2016-01-04 20:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-14 18:18 - 2016-01-04 20:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-14 18:18 - 2016-01-04 20:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-14 18:18 - 2016-01-04 20:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-14 18:18 - 2016-01-04 20:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-14 18:18 - 2016-01-04 20:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-14 18:18 - 2016-01-04 20:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-14 18:18 - 2016-01-04 20:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-14 18:18 - 2016-01-04 20:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-14 18:18 - 2016-01-04 20:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-14 18:18 - 2016-01-04 20:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-14 18:18 - 2016-01-04 20:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-14 18:18 - 2016-01-04 20:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-14 18:18 - 2016-01-04 20:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-14 18:18 - 2016-01-04 20:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-14 18:18 - 2016-01-04 20:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-14 18:18 - 2016-01-04 20:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-14 18:18 - 2016-01-04 20:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-14 18:18 - 2016-01-04 20:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-14 18:18 - 2016-01-04 20:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-14 18:18 - 2015-11-13 00:57 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsReporting.dll
2016-01-14 18:18 - 2015-11-13 00:55 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsMonitor.dll
2016-01-14 18:18 - 2015-11-13 00:54 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsCapture.dll
2016-01-14 18:18 - 2015-11-13 00:53 - 01073664 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsOfflineAnalysis.dll
2016-01-14 18:18 - 2015-11-13 00:53 - 00727552 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsExperiment.dll
2016-01-14 18:18 - 2015-11-13 00:52 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCap.exe
2016-01-14 18:18 - 2015-11-13 00:51 - 08574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCaptureReplay.dll
2016-01-14 18:18 - 2015-11-13 00:50 - 05562880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsRemoteEngine.exe
2016-01-14 18:18 - 2015-11-13 00:31 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsReporting.dll
2016-01-14 18:18 - 2015-11-13 00:29 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsMonitor.dll
2016-01-14 18:18 - 2015-11-13 00:29 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsCapture.dll
2016-01-14 18:18 - 2015-11-13 00:28 - 00763904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsOfflineAnalysis.dll
2016-01-14 18:18 - 2015-11-13 00:28 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsExperiment.dll
2016-01-14 18:18 - 2015-11-13 00:26 - 00655360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCap.exe
2016-01-14 18:18 - 2015-11-13 00:25 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsRemoteEngine.exe
2016-01-14 18:18 - 2015-11-13 00:23 - 06584320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCaptureReplay.dll
2016-01-02 18:00 - 2016-01-02 18:00 - 00000000 ____D C:\Users\David G\AppData\Local\Fallout4
2016-01-02 17:55 - 2016-01-02 17:55 - 00002210 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2016-01-02 17:54 - 2015-12-16 11:59 - 42976888 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 37608568 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 31098488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 24923768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 21131424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 20672376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 17568432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 17164160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 17123736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 17104016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 02560816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 02214192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 01915512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436143.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 01564976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436143.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 00938104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 00872056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 00786688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 00735024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 00681592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 00632336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 00541000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 00445728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 00416560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 00378784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 00376440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 00370992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 00339760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 00316960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 00175368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 00153208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 00151184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-01-02 17:54 - 2015-12-16 11:59 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-01-02 17:54 - 2015-12-16 09:54 - 00523384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-01-02 17:54 - 2015-12-16 09:54 - 00075056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-01-02 17:54 - 2015-12-16 09:19 - 00103216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-12-31 19:56 - 2016-01-01 21:17 - 00000000 ____D C:\Users\David G\Documents\The Witcher 3
2015-12-29 20:38 - 2015-12-29 20:37 - 00042881 _____ C:\Users\David G\Documents\Local State
2015-12-29 15:05 - 2015-12-29 15:05 - 00000000 ____D C:\Users\David G\AppData\Local\UnrealHeaderTool
2015-12-29 14:16 - 2015-12-29 14:16 - 00000000 ____D C:\Users\David G\Documents\Artist quick start
2015-12-28 19:37 - 2015-12-30 19:12 - 00000000 ____D C:\Users\David G\Documents\Unreal Projects
2015-12-28 19:37 - 2015-12-28 19:37 - 00000000 ____D C:\Users\David G\AppData\Roaming\Unreal Engine
2015-12-28 19:04 - 2015-12-29 16:42 - 00000000 ____D C:\Program Files (x86)\Epic Games
2015-12-28 19:04 - 2015-12-29 15:57 - 00000000 ____D C:\Users\David G\AppData\Local\UnrealEngine
2015-12-28 19:04 - 2015-12-28 19:05 - 00002612 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2015-12-28 19:04 - 2015-12-28 19:05 - 00002600 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2015-12-28 19:04 - 2015-12-28 19:04 - 00000000 ____D C:\Users\David G\AppData\Local\UnrealEngineLauncher
2015-12-28 19:04 - 2015-12-28 19:04 - 00000000 ____D C:\Users\David G\AppData\Local\EpicGamesLauncher
2015-12-28 19:04 - 2015-12-28 19:04 - 00000000 ____D C:\ProgramData\Epic
2015-12-28 15:16 - 2015-12-28 15:16 - 00000000 ____D C:\Users\David G\AppData\LocalLow\Temp
2015-12-28 15:14 - 2015-12-28 15:14 - 00000000 ____D C:\Users\David G\AppData\Roaming\NuGet
2015-12-28 15:11 - 2015-12-28 16:08 - 00000000 ____D C:\Users\David G\Documents\David's code stuff
2015-12-28 15:09 - 2015-12-31 15:57 - 00000000 ____D C:\Users\David G\Desktop\This is a folder
2015-12-28 15:08 - 2015-12-28 15:09 - 00000000 ____D C:\Users\David G\Documents\David's junk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-27 13:03 - 2015-10-30 01:28 - 00000000 ____D C:\Windows
2016-01-27 12:48 - 2015-10-12 18:37 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-27 12:35 - 2015-10-12 18:21 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-01-27 12:23 - 2015-10-12 18:37 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-27 12:14 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-27 12:14 - 2015-10-12 16:04 - 00929278 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-27 12:07 - 2015-12-12 12:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-27 12:07 - 2015-12-12 12:01 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-27 12:07 - 2015-10-30 01:28 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2016-01-26 21:51 - 2015-10-12 18:20 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-26 20:01 - 2015-12-25 21:21 - 00000000 ____D C:\Users\David G\AppData\Local\ElevatedDiagnostics
2016-01-25 17:03 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-24 16:46 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-20 20:48 - 2015-10-19 17:34 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-15 18:23 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-14 21:14 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-14 18:33 - 2015-10-12 16:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-14 18:32 - 2015-10-12 16:46 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-14 17:29 - 2015-10-12 16:39 - 00001207 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-01-14 17:29 - 2015-10-12 16:39 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-14 17:29 - 2015-10-12 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-01-13 17:49 - 2015-10-12 18:37 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-02 20:40 - 2015-10-30 02:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 20:40 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 18:00 - 2015-11-28 15:34 - 00000000 ____D C:\Users\David G\Documents\My Games
2016-01-02 17:55 - 2015-12-12 12:01 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-01-02 17:55 - 2015-11-15 10:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-12-31 22:23 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2015-12-29 14:23 - 2015-12-20 15:54 - 00000000 ____D C:\Users\David G\Documents\maya
2015-12-28 19:13 - 2015-12-25 18:38 - 00000000 ____D C:\Program Files (x86)\GtkSharp
2015-12-28 18:38 - 2015-12-25 18:41 - 00000000 ____D C:\ProgramData\Unity
2015-12-28 15:16 - 2015-12-25 19:02 - 00000000 ____D C:\Users\David G\Documents\Visual Studio 2015
 
==================== Files in the root of some directories =======
 
2015-11-14 20:23 - 2015-11-14 20:23 - 0007601 _____ () C:\Users\David G\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\David G\AppData\Local\Temp\AcDeltree.exe
C:\Users\David G\AppData\Local\Temp\avgnt.exe
C:\Users\David G\AppData\Local\Temp\npp.6.8.8.Installer.exe
C:\Users\David G\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\David G\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\David G\AppData\Local\Temp\nvStInst.exe
C:\Users\David G\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-21 20:32
 
==================== End of FRST.txt ============================
 
 
Addition.txt:
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by David G (2016-01-27 13:04:06)
Running from C:\Users\David G\Desktop
Windows 10 Home (X64) (2015-12-12 17:05:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3008767551-3500505656-2170896072-500 - Administrator - Disabled)
David G (S-1-5-21-3008767551-3500505656-2170896072-1001 - Administrator - Enabled) => C:\Users\David G
DefaultAccount (S-1-5-21-3008767551-3500505656-2170896072-503 - Limited - Disabled)
Guest (S-1-5-21-3008767551-3500505656-2170896072-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{903D0F33-D3CF-48D6-967D-84004089428A}) (Version: 4.0.51203.1 - Microsoft Corporation)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.9 - Autodesk)
Autodesk DirectConnect 2016 64-bit (HKLM\...\Autodesk DirectConnect 2016 64-bit) (Version: 10.0.98.0 - Autodesk)
Autodesk DirectConnect 2016 64-bit (Version: 10.0.98.0 - Autodesk) Hidden
Autodesk Maya 2016 (HKLM\...\Autodesk Maya 2016) (Version: 16.0.1312.0 - Autodesk)
Autodesk Maya 2016 (Version: 16.0.1312.0 - Autodesk) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{eac7da46-2097-4dd4-80a6-8b67cbb2b23f}) (Version: 1.1.53.13962 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.53.13962 - Avira Operations GmbH & Co. KG) Hidden
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
Dotfuscator and Analytics Community Edition 5.19.0 (x32 Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
Epic Games Launcher (HKLM-x32\...\{9002F83C-DA49-411E-9CF0-111CB3979F9C}) (Version: 1.1.50.0 - Epic Games, Inc.)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes Anti-Exploit version 1.8.1.1045 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1045 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Update 1 (HKLM-x32\...\{5642384f-2a89-46d3-acd5-bfe8bf6e8b2f}) (Version: 14.0.24720.0 - Microsoft Corporation)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.24723 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Skyrim Creation Kit (HKLM-x32\...\Steam App 202480) (Version:  - bgs.bethsoft.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.24712 - Microsoft Corporation) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
The Witcher 3: Wild Hunt (HKLM-x32\...\Steam App 292030) (Version:  - CD PROJEKT RED)
UE4 Prerequisites (x64) (HKLM-x32\...\{b46d36bc-2438-471e-abe8-1fbbd51754ee}) (Version: 1.0.10.0 - Epic Games, Inc.)
UE4 Prerequisites (x64) (Version: 1.0.10.0 - Epic Games, Inc.) Hidden
Universal CRT Extension SDK (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2015 Update 1 (KB3022398) (HKLM-x32\...\{fcaa9dba-9438-48b6-ad91-4e9b4cc7084a}) (Version: 14.0.24720 - Microsoft Corporation)
VS Update core components (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3008767551-3500505656-2170896072-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\B (the data entry has 28 more characters).
CustomCLSID: HKU\S-1-5-21-3008767551-3500505656-2170896072-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\David G\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3008767551-3500505656-2170896072-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\B (the data entry has 28 more characters).
CustomCLSID: HKU\S-1-5-21-3008767551-3500505656-2170896072-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\B (the data entry has 28 more characters).
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {931BE99A-8183-4839-BD51-85F7ED8C7117} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-12] (Google Inc.)
Task: {B163817D-5F97-45D8-A95F-96907E532545} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-14] (Microsoft Corporation)
Task: {B3F21E3C-6ADF-4B87-A91E-F7F952EECBBF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-12] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-12-12 12:01 - 2015-10-12 16:42 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-12 12:01 - 2015-12-16 09:54 - 00126256 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-12 14:58 - 2015-12-12 14:58 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-12 14:58 - 2015-12-12 14:58 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-04-15 15:13 - 2015-04-15 15:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-12-18 16:42 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 16:42 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-14 18:18 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-14 18:18 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-14 18:18 - 2016-01-04 20:24 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-14 18:18 - 2016-01-04 20:26 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-20 15:51 - 2015-11-16 21:33 - 00055328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2015-12-20 15:51 - 2015-11-16 21:33 - 00103968 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2015-12-12 12:01 - 2016-01-27 12:07 - 00034304 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2015-12-12 12:01 - 2015-10-12 16:42 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-11-15 10:19 - 2015-11-05 12:00 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-01-13 17:49 - 2016-01-12 11:35 - 01590088 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libglesv2.dll
2016-01-13 17:49 - 2016-01-12 11:35 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 06:04 - 2015-07-10 06:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3008767551-3500505656-2170896072-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\David G\Pictures\tundra_base_330_by_tryingtofly-d99rusn.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKU\S-1-5-21-3008767551-3500505656-2170896072-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E74FD28F-A31F-4BA8-AA13-5AC543456523}] => (Allow) E:\Games\steamapps\common\Skyrim\CreationKit.exe
FirewallRules: [{58A677C0-8FC6-46C0-8528-1CA723CF42A7}] => (Allow) E:\Games\steamapps\common\Skyrim\CreationKit.exe
FirewallRules: [{BD58F300-CAA6-4208-B7E0-05F8E31FEC99}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AA823C4E-A260-427D-A4DE-1BD36F7D6760}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{45A1A65E-9AF8-4BC3-9E31-CB7FCFE74F80}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{40E816AB-12D7-4CB4-A2FF-D2BC19F62659}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{DE94EA00-D27B-4618-8968-6B7A952D11FC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2D206D5B-6972-45BE-A0A9-5A71BB6D8219}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5B2FEEAD-9772-46E8-B43B-B9EA6DD8C4F4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7DED24B4-7B51-4F9C-8519-0E757523D8C2}] => (Allow) E:\Games\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{E6FFF3D0-FE96-4489-BEFC-A7693221A48A}] => (Allow) E:\Games\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{98D165F7-EF51-447F-9166-BF22E3B5E119}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5BD56157-F6A5-47BC-B27D-864D5B177A5A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CBA5CE5A-2080-47BF-A24A-A1296BF4E7D1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E0D7088F-0D6B-470A-BC20-E80B5EF42E91}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{27A83977-0604-48D8-BF4A-5CA25AD76DDF}C:\users\david g\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\david g\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{49CA487B-A313-4713-9633-3777EB32BA92}C:\users\david g\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\david g\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{EECF425F-4C57-4561-8AAC-46DBA5542802}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{099B8907-543D-4DE3-A495-10E04CE08719}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [{BB0A0CB5-DC55-47A3-B7A9-F8269AC1474B}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{43549214-1400-49D9-8E2F-373428CDF2F0}C:\program files (x86)\epic games\4.10\engine\binaries\win64\ue4editor.exe] => (Block) C:\program files (x86)\epic games\4.10\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{8B3362B2-639E-46B5-B240-3F59AD4B7123}C:\program files (x86)\epic games\4.10\engine\binaries\win64\ue4editor.exe] => (Block) C:\program files (x86)\epic games\4.10\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{68526838-79EA-4CAB-AE35-27A280A3377F}C:\program files (x86)\epic games\4.10\engine\binaries\dotnet\swarmagent.exe] => (Block) C:\program files (x86)\epic games\4.10\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [UDP Query User{90E95D45-6EDC-4F46-BCCF-7012ABE15B0D}C:\program files (x86)\epic games\4.10\engine\binaries\dotnet\swarmagent.exe] => (Block) C:\program files (x86)\epic games\4.10\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [{63B3F363-1F8B-46D8-B795-9BB59FF249A3}] => (Allow) E:\Games\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{B47228BE-2090-46FB-BB24-193C3DA7F34E}] => (Allow) E:\Games\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{59E45293-F264-47AA-A80B-04E110740CE4}] => (Allow) E:\Games\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{2FFC0FDB-3529-4E25-95EA-9CEAEE48AD01}] => (Allow) E:\Games\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{F763D74F-F1D8-4257-B687-C18B70819099}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AB35AD89-D7CB-425D-9037-1FD75B087DFF}] => (Allow) E:\Games\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{C4801E5F-252B-4E41-93EB-FA07C95875BF}] => (Allow) E:\Games\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{DCA1F918-6DEE-4A2C-91BE-295C362A776E}] => (Allow) E:\Games\steamapps\common\half-life 2\hl2.exe
FirewallRules: [{8682EF78-93E3-42F4-BCF4-4502ACCB7A71}] => (Allow) E:\Games\steamapps\common\half-life 2\hl2.exe
 
==================== Restore Points =========================
 
25-01-2016 17:58:22 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/26/2016 08:00:58 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (01/25/2016 05:58:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (01/25/2016 05:20:45 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (01/24/2016 01:44:12 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (01/23/2016 12:28:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (01/21/2016 09:58:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (01/20/2016 09:05:10 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (01/19/2016 08:43:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (01/18/2016 07:23:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (01/17/2016 05:36:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
 
System errors:
=============
Error: (01/27/2016 12:55:53 PM) (Source: DCOM) (EventID: 10016) (User: NIGHTRUNNER)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}NIGHTRUNNERDavid GS-1-5-21-3008767551-3500505656-2170896072-1001LocalHost (Using LRPC)Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194
 
Error: (01/27/2016 12:53:54 PM) (Source: DCOM) (EventID: 10016) (User: NIGHTRUNNER)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}NIGHTRUNNERDavid GS-1-5-21-3008767551-3500505656-2170896072-1001LocalHost (Using LRPC)Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194
 
Error: (01/27/2016 12:15:41 PM) (Source: DCOM) (EventID: 10010) (User: NIGHTRUNNER)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (01/27/2016 12:15:41 PM) (Source: DCOM) (EventID: 10010) (User: NIGHTRUNNER)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (01/27/2016 12:15:41 PM) (Source: DCOM) (EventID: 10010) (User: NIGHTRUNNER)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (01/27/2016 12:15:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_3008f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/27/2016 12:15:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/27/2016 12:05:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/26/2016 10:20:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_3921b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/26/2016 10:20:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
 
CodeIntegrity:
===================================
  Date: 2016-01-16 18:17:28.546
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-15 18:18:29.128
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-31 13:45:51.137
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-25 21:11:52.651
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-20 16:28:58.423
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-20 15:46:55.726
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-19 20:23:08.666
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-19 16:50:14.794
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-13 14:40:58.782
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-12 12:04:02.830
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4930K CPU @ 3.40GHz
Percentage of memory in use: 7%
Total physical RAM: 32707.73 MB
Available physical RAM: 30252.68 MB
Total Virtual: 37571.73 MB
Available Virtual: 34834.07 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:223.02 GB) (Free:151.75 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:1863.01 GB) (Free:1862.78 GB) NTFS
Drive e: (Local Disk) (Fixed) (Total:111.79 GB) (Free:21.84 GB) NTFS
Drive f: (Local Disk) (Fixed) (Total:1863.01 GB) (Free:1862.78 GB) NTFS
Drive g: (Local Disk) (Fixed) (Total:931.51 GB) (Free:928.64 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 5D91BE64)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 223.6 GB) (Disk ID: 5D91BDB3)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 3726 GB) (Disk ID: 7BC7A7A0)
 
Partition: GPT.
 
========================================================
Disk: 3 (Size: 931.5 GB) (Disk ID: 4B5B5858)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:04 PM

Posted 27 January 2016 - 02:15 PM

Greetings David and thanks for the information.

Are you having Windows Update issues and/or unable to run regedit?

I would like to follow up on one file. Please do this.

===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\Users\David G\AppData\Local\Temp\xmlUpdater.exe

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Windows Update/regedit issues?
  • Virustotal link

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 DraperTheOrchidEater

DraperTheOrchidEater
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 27 January 2016 - 02:38 PM

You'd have to follow up on what you mean by Windows Update issues. As far as I know Windows downloads and installs updates and I haven't seen or had any problems with that. I just ran regedit and it seems to be working.

 

Here's the Virustotal link: https://www.virustotal.com/en/file/15de06246baae220effc2124ff192bf8a1ee2c82b6d19bed2dd41d6e693be0ed/analysis/1453923204/ 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:04 PM

Posted 27 January 2016 - 03:04 PM

There are a number of errors reported in your System Summary report for both Windows Update and regedit. If they are working properly we won't worry about it.

The file is clean and so is your computer. Do you have any other questions or concerns?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 DraperTheOrchidEater

DraperTheOrchidEater
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 27 January 2016 - 03:21 PM

So I shouldn't be concerned about anything? This really did give me a good scare. :P

 

If not, thanks a lot for all of the help. I'm assuming that I can just remove FRST from my desktop and that's it in terms of cleanup. Is that correct?

 

EDIT: I'd just like to ask, was all of this a load of lies to scare me or something perhaps? I know that you're only looking at my new computer but was there ever anything to worry about? Is it possible that my old computer was actually infected? 


Edited by DraperTheOrchidEater, 27 January 2016 - 03:38 PM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:04 PM

Posted 27 January 2016 - 03:46 PM

It is hard to tell without reviewing a log or attempting to evaluate outgoing traffic. It is common for people to try to scare computer users by telling them there computer is compromised in order to separate them from some of your money one way or another.

Yes, you can delete FRST. Here is some information for you to consider going forward.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a brief period of time in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 DraperTheOrchidEater

DraperTheOrchidEater
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 27 January 2016 - 04:04 PM

Just to be sure, deleting FRST64.exe on my desktop and the C:\FRST folder is all I need to do, right? I'm not missing some sort of uninstall button or anything?

 

And once again, thanks for all of the help Gary.  :grinner:



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:04 PM

Posted 27 January 2016 - 04:09 PM

You are quite welcome. Yes, just delete the icon and folder and that's it.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 DraperTheOrchidEater

DraperTheOrchidEater
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 27 January 2016 - 04:13 PM

I guess that's it. I'll make sure to look through those links when I've got the time. Thank you! 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:04 PM

Posted 28 January 2016 - 03:35 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users