Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

slow browser, pop ups. other issues.


  • This topic is locked This topic is locked
12 replies to this topic

#1 stonewilled

stonewilled

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 28 January 2016 - 11:54 PM

Hello, I am having some issues with my laptop.  It has Windows 10 and I think I have a virus.  I have tried running malware bytes but it did not fix the problems.  I Am sorry for incorrect formatting. My browser was so bad it was all I could do to initiate this forum.



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:51 PM

Posted 29 January 2016 - 10:45 AM

Hello 

stonewilled

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

2.

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

 

3.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 stonewilled

stonewilled
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 01 February 2016 - 12:20 AM

# AdwCleaner v5.032 - Logfile created 31/01/2016 at 20:23:48
# Updated 31/01/2016 by Xplode
# Database : 2016-01-31.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : William - WILLIAM
# Running from : C:\Users\William\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\TweakBit
[-] Folder Deleted : C:\Users\William\AppData\Roaming\Interstat

***** [ Files ] *****

[-] File Deleted : C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\ib245ale.default\searchplugins\search.xml

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKCU\Software\Interstat
[-] Key Deleted : HKLM\SOFTWARE\SecureWeb
[-] Key Deleted : HKLM\SOFTWARE\SecureWebChannel
[!] Key Not Deleted : HKU\S-1-5-21-464151272-1660440405-727124041-1002\Software\Interstat
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-464151272-1660440405-727124041-1002\Software\LinkSwift
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
[-] Value Deleted : HKU\S-1-5-21-464151272-1660440405-727124041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Interstat]
[-] Value Deleted : HKU\S-1-5-21-464151272-1660440405-727124041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [NextLive]

***** [ Web browsers ] *****

[-] [C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : psearch
[-] [C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxps://search.protectedio.com/?u=9f3fe08122c36405a1dc819c3d91f555&c=p1&src=hp&inst=1453179587
[-] [C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=9f3fe08122c36405a1dc819c3d91f555&c=p1&src=srch&inst=1453179587

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2551 bytes] ##########
 



#4 stonewilled

stonewilled
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 01 February 2016 - 12:21 PM

Emsisoft Emergency Kit - Version 11.0
Last update: 1/31/2016 11:31:49 PM
User account: WILLIAM\William

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    2/1/2016 11:03:23 AM
Value: HKEY_USERS\S-1-5-21-464151272-1660440405-727124041-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
C:\Users\William\AppData\Local\Temp\13E6.tmp.exe     detected: Trojan.GenericKD.2988320 (B
C:\Users\William\AppData\Local\Temp\26CD.tmp.exe     detected: Trojan.GenericKD.2988320 (B
C:\Users\William\AppData\Local\Temp\281C.tmp.exe     detected: Trojan.GenericKD.2988320 (B
C:\Users\William\AppData\Local\Temp\A508.tmp.exe     detected: Trojan.GenericKD.2988320 (B
C:\Users\William\AppData\Local\Temp\AA69.tmp.exe     detected: Trojan.GenericKD.2988320 (B
C:\Users\William\AppData\Local\Temp\B79E.tmp.exe     detected: Trojan.GenericKD.2988320 (B
C:\Users\William\AppData\Local\Temp\GPUpd56A863200.exe     detected: Trojan.GenericKD.3013007 (B)
C:\Users\William\AppData\Roaming\Network Cleaner\Network Cleaner.exe     detected: Trojan.GenericKD.2988320 (B)

Scanned    102159
Found    9

Scan end:    2/1/2016 11:18:20 AM
Scan time:    0:14:57

C:\Users\William\AppData\Roaming\Network Cleaner\Network Cleaner.exe     Trojan.GenericKD.2988320 (B)
C:\Users\William\AppData\Local\Temp\GPUpd56A863200.exe     Trojan.GenericKD.3013007 (B)
C:\Users\William\AppData\Local\Temp\B79E.tmp.exe     Trojan.GenericKD.2988320 (B)
C:\Users\William\AppData\Local\Temp\AA69.tmp.exe     Trojan.GenericKD.2988320 (B)
C:\Users\William\AppData\Local\Temp\A508.tmp.exe     Trojan.GenericKD.2988320 (B)
C:\Users\William\AppData\Local\Temp\281C.tmp.exe     Trojan.GenericKD.2988320 (B)
C:\Users\William\AppData\Local\Temp\26CD.tmp.exe     Trojan.GenericKD.2988320 (B)
C:\Users\William\AppData\Local\Temp\13E6.tmp.exe     Trojan.GenericKD.2988320 (B)
Value: HKEY_USERS\S-1-5-21-464151272-1660440405-727124041-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     Setting.DisableRegistryTools (A)

Quarantined    9
 



#5 stonewilled

stonewilled
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 01 February 2016 - 12:28 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by William (administrator) on WILLIAM (01-02-2016 11:25:08)
Running from C:\Users\William\Downloads
Loaded Profiles: William (Available Profiles: William)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Akamai Technologies, Inc.) C:\Users\William\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\William\AppData\Local\Akamai\netsession_win.exe


Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by William (2016-02-01 11:26:35)
Running from C:\Users\William\Downloads
Windows 10 Home (X64) (2015-12-18 18:42:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-464151272-1660440405-727124041-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-464151272-1660440405-727124041-503 - Limited - Disabled)
Guest (S-1-5-21-464151272-1660440405-727124041-501 - Limited - Disabled)
William (S-1-5-21-464151272-1660440405-727124041-1002 - Administrator - Enabled) => C:\Users\William

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-464151272-1660440405-727124041-1002\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-464151272-1660440405-727124041-1002\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.3.142.61507 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.3.142.61507 - Alcor Micro Corp.) Hidden
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version:  - Creative Assembly)
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-464151272-1660440405-727124041-1002\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
ASUS Fan Filter Checker (HKLM-x32\...\{2B0E8920-47D0-4F4D-BE03-76397409B837}) (Version: 1.0.0001 - ASUS)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.3 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.018 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0002 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
Bad Rats (HKLM-x32\...\Steam App 34900) (Version:  - Invent4 Entertainment)
Baldur's Gate: Enhanced Edition (HKLM-x32\...\Steam App 228280) (Version:  - Beamdog)
Bitcoin Core (64-bit) (HKU\S-1-5-21-464151272-1660440405-727124041-1002\...\Bitcoin Core (64-bit)) (Version: 0.9.2 - Bitcoin Core project)
Brothers - A Tale of Two Sons (HKLM-x32\...\Steam App 225080) (Version:  - Starbreeze Studios AB)
Canon MP600 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Cisco AnyConnect VPN Client (HKLM-x32\...\{28AAE6A5-B887-4E19-B06C-E367F3C43EDB}) (Version: 2.3.0185 - Cisco Systems, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Depth (HKLM-x32\...\Steam App 274940) (Version:  - Digital Confectioners)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version:  - Square Enix)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Gauntlet™  (HKLM-x32\...\Steam App 258970) (Version:  - Arrowhead Game Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life: Blue Shift (HKLM-x32\...\Steam App 130) (Version:  - Gearbox Software)
Half-Life: Opposing Force (HKLM-x32\...\Steam App 50) (Version:  - Gearbox Software)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel® Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{6965F2F4-1CD2-4F42-A8EF-9EF433F9AA72}) (Version: 4.0.4 - HTC)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Jurassic Park: The Game (HKLM-x32\...\Steam App 201830) (Version:  - Telltale Games)
K-Lite Codec Pack 9.9.5 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Logitech Gaming Software 8.45 (HKLM\...\Logitech Gaming Software) (Version: 8.45.88 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
METAL GEAR SOLID V: GROUND ZEROES (HKLM-x32\...\Steam App 311340) (Version:  - Kojima Productions)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
NVIDIA 3D Vision Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 359.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Ori and the Blind Forest (HKLM-x32\...\Steam App 261570) (Version:  - Moon Studios GmbH)
ORION: Prelude (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
Outlast (HKLM-x32\...\Steam App 238320) (Version:  - Red Barrels)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Portal Stories: Mel (HKLM-x32\...\Steam App 317400) (Version:  - Prism Studios)
Primal Carnage: Extinction (HKLM-x32\...\Steam App 321360) (Version:  - Circle Five Studios)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.4-1.0.12889.86 - raidcall.com)
Rapture3D 2.3.26 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Respondus LockDown Browser 2 (HKLM-x32\...\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}) (Version: 2.00.0000 - Respondus)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15022.8 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15022.8 - Samsung Electronics Co., Ltd.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-464151272-1660440405-727124041-1002\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version:  - Raven Software)
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version:  - BioWare)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stranded Deep (HKLM-x32\...\Steam App 313120) (Version:  - Beam Team Games)
Team Fortress Classic (HKLM-x32\...\Steam App 20) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.44109 - TeamViewer)
TEdit 3 (HKLM-x32\...\{2DA51958-95C0-4755-A993-79FC137E7DB8}) (Version: 3.5.14060.0 - BinaryConstruct)
TEdit 3 (HKLM-x32\...\{F015942F-C1BD-4297-A8A4-C0B8D42B39C5}) (Version: 3.4.13358.0 - BinaryConstruct)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Fall (HKLM-x32\...\Steam App 290770) (Version:  - Over The Moon)
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
theHunter: Primal (HKLM-x32\...\Steam App 322920) (Version:  - Expansive Worlds)
Tomb Raider: Underworld (HKLM-x32\...\Steam App 8140) (Version:  - Crystal Dynamics)
Tracker system installation (HKLM-x32\...\ST6UNST #1) (Version:  - )
Ultima Online Renaissance  5.0.8.3 (HKLM\...\{85204665-3317-4953-BDB8-3BB60C75C130}) (Version: 5.0.8.3 - www.uorenaissance.com)
Ultima Online Second Age 5.0.8.3 (HKLM-x32\...\Ultima Online Second Age) (Version: 5.0.8.3 - UO Second Age)
UO Auto-Map 9.0.0 (HKLM-x32\...\UO Auto-Map) (Version: 9.0.0 - UOAM)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.5.0 - Flagship Industries, Inc.)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
VVVVVV (HKLM-x32\...\Steam App 70300) (Version:  - )
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
XChat 2 (remove only) (HKLM-x32\...\xchat) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-464151272-1660440405-727124041-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A56D50A-5D87-4AB2-B6FA-9C6AA3402E9B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {11E5BB97-007C-43FC-B581-AAB48C071C62} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {12032929-B763-4928-A82B-E2A489EB3693} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {12ED816E-A238-46B7-8109-75E5475BD047} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {14F5F4E5-BA55-4497-AAA6-8857715A7BE4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2BF7B84E-2413-4A9D-8E93-D8BE30F5D9C8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {376705F7-868F-44DC-8B52-4B8FF46DB7EB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-19] (Adobe Systems Incorporated)
Task: {3BCDED79-4295-4FBA-98FA-E2363D2B7694} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {3EE70D86-E818-420F-96B8-1BDA8110B1F2} - System32\Tasks\Video Software Uninstaller => C:\Program Files (x86)\Video Software\VideoSoftware.exe [2016-01-16] (Secure Updater) <==== ATTENTION
Task: {432D75A2-F92D-4039-8DA4-7AC653751684} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-12] (Microsoft Corporation)
Task: {4EC18CF5-D895-4A7F-92C9-2C76049E09A2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5008F7C5-2B92-4C05-9529-4B63497D03AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {536581E5-DF0A-4BBE-85B5-4828174BF827} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {57A4A9D7-28C8-4229-B6B3-7E3920FD4B39} - System32\Tasks\{6CC29938-6423-4389-955C-F13E0BAF2120} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.107/en/abandoninstall?page=tsProgressBar
Task: {6364E666-A946-4187-8258-347462CCFC9A} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)
Task: {69AA1F92-ADAD-4D11-A85E-83FA60930544} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7262B40C-95B7-4552-A660-C60DACA92DE8} - System32\Tasks\{771C4627-B53C-41A8-AD03-22FB40EBB928} => pcalua.exe -a C:\Users\William\Desktop\sanborn\Tracker32.exe -d C:\Users\William\Desktop\sanborn
Task: {765527FC-070E-4121-B4BB-B4E3D227DAA4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7C776046-D8A5-4799-8E96-E2907492A074} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {84624BE2-E7C9-456B-948A-774513E40AFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {90BCC4B4-EF2F-4347-82AB-CF73BD3A7DBA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {948F0200-4506-419B-A2D7-E2E60D05D15C} - System32\Tasks\Network Cleaner => C:\Users\William\AppData\Roaming\Network Cleaner\Network Cleaner.exe <==== ATTENTION
Task: {961774F4-E4CE-4A80-AFE7-A6516F92512A} - System32\Tasks\ASUS Patch for VIA Audio => C:\Windows\system32\AsPatchViaAudio.exe [2012-11-07] (ASUSTek Computer INC.)
Task: {B4C0193B-620E-422D-83B2-59429A3288EC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {CBA1F1B7-64B2-410C-B062-9326327360C3} - \Megasoft Security Uninstaller -> No File <==== ATTENTION
Task: {D93645DB-AC3B-49BC-8233-578DA408356D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EFCDD695-11B7-4BE8-A75C-234A641171DB} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {F18FAE3F-A0E5-4C27-B86A-9D9680BB3547} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-04] (ASUS)
Task: {F8D55BBC-3A93-40AC-B9F7-1989ED2A07DA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-20 16:44 - 2015-11-24 13:32 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-20 16:33 - 2015-12-08 19:52 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2012-10-08 16:04 - 2012-10-08 16:04 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-12-18 14:05 - 2015-12-18 14:05 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2012-08-04 11:34 - 2012-08-04 11:34 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2015-12-18 14:05 - 2015-12-18 14:05 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-12-19 09:38 - 2015-12-06 22:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-19 09:38 - 2015-12-06 22:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-19 09:38 - 2015-12-06 22:00 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-01-12 21:35 - 2016-01-04 19:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 21:35 - 2016-01-04 19:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-27 19:49 - 2016-01-15 23:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-27 19:49 - 2016-01-15 23:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-16 04:02 - 2015-10-16 04:02 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-10-22 03:55 - 2011-09-19 11:40 - 00466944 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
2016-01-22 03:03 - 2016-01-22 03:03 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-20 16:33 - 2015-12-08 19:53 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2012-06-07 15:12 - 2012-06-07 15:12 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2016-01-22 03:03 - 2016-01-22 03:03 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 03:03 - 2016-01-22 03:04 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-464151272-1660440405-727124041-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\William\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\9avh6.jpeg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "LOLRecorder.lnk"
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
HKU\S-1-5-21-464151272-1660440405-727124041-1002\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-464151272-1660440405-727124041-1002\...\StartupApproved\Run: => "AmazonMP3DownloaderHelper"
HKU\S-1-5-21-464151272-1660440405-727124041-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-464151272-1660440405-727124041-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-464151272-1660440405-727124041-1002\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5B8E45D4-5111-4FDD-84E7-00E5BFC5AE9A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{23135E7F-4CE7-4740-B9BA-F3EF2B349787}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3362EB16-E2B0-48C3-9A9E-7D6E755FFA36}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{F283B346-B743-4F86-BFAE-575C0AAF32A7}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{47EB4471-3BC9-49C4-B4E7-1D6E621457B4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{241D701E-4226-41C1-BA0D-360209958E6A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{5F974563-8E72-40FE-846D-277442AAFE06}C:\program files\uoam\uoam_auto.exe] => (Allow) C:\program files\uoam\uoam_auto.exe
FirewallRules: [TCP Query User{F9C90A26-FDE1-4D88-A9AE-A414C030DE27}C:\program files\uoam\uoam_auto.exe] => (Allow) C:\program files\uoam\uoam_auto.exe
FirewallRules: [UDP Query User{C976F782-A8D3-4F14-A964-5E6B5D0C6F2C}C:\users\william\desktop\uor\client.exe] => (Allow) C:\users\william\desktop\uor\client.exe
FirewallRules: [TCP Query User{9C03E18E-605F-439B-895F-8AA9E6555783}C:\users\william\desktop\uor\client.exe] => (Allow) C:\users\william\desktop\uor\client.exe
FirewallRules: [{36CD6F97-6BD9-4E25-8565-4CF786F89ED0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe
FirewallRules: [{6BDBE58C-B65A-4FCF-BC13-186AD3BEDCCA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe
FirewallRules: [{8B1A2583-11AC-4682-85AF-153B341FE37C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe
FirewallRules: [{EFF31262-643E-4A92-8F89-5B832353A79A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe
FirewallRules: [UDP Query User{64ED19F2-62F4-40EA-91C1-6CD6CB7582BE}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [TCP Query User{91509EAB-17BC-4963-BE20-CBBE12C3FF4B}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [{1EAF447D-3C48-4087-99A0-6FD0CA37A73A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{C53540D3-7E81-4738-A1F1-4DA0EA448F3A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [UDP Query User{5C0D8478-7AC2-462D-BE62-3664A0ADAEDE}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{4DD25F22-94CA-44B7-AF20-0CFE88B991D1}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{097C1D38-4463-44CC-913A-3E66FBE2485D}C:\programdata\battle.net\agent\agent.2045\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.2045\agent.exe
FirewallRules: [TCP Query User{BC2FCCB4-B6A3-47A6-8FD1-A4EE9FE079BE}C:\programdata\battle.net\agent\agent.2045\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.2045\agent.exe
FirewallRules: [{225387A6-4FCD-4380-8FC7-CD606B4619D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{3CAAD440-4538-463C-8D0D-B0D156B19480}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{B2C94027-DB9A-4D93-A325-B83685BAC42C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{46A82E93-3ED7-4A58-ACA9-8744C4C3D3CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [UDP Query User{14F8E3E1-B78C-4368-A91E-CCB86059415A}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [TCP Query User{AA29EBE0-7569-40F2-AC20-615441F1AA05}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [UDP Query User{C0EB7A60-BB37-46D2-BDD9-821FCDAC0D12}C:\programdata\battle.net\agent\agent.2045\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.2045\agent.exe
FirewallRules: [TCP Query User{5D2D9586-72BF-48C1-800F-2AEA7994B6A9}C:\programdata\battle.net\agent\agent.2045\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.2045\agent.exe
FirewallRules: [UDP Query User{541E63E8-F343-48F6-95B2-662F71469664}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{74508837-BD07-4506-97BD-082107DD128E}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{44FE7241-FDC6-4067-B092-935D94F38806}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{C2D08D93-8267-4EA4-B377-F459B36EC30C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{189587D1-E310-4826-90EE-4127F9A31D56}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{C5511084-CF0D-4CA8-83ED-AF2AB0F2B158}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{DDDB5168-1955-4F42-A1F7-9C59342363AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{C32B2A1E-2701-4CBA-8FDF-C5CE31C2F36F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [UDP Query User{9B366E89-6D7A-4F76-B344-63128844B79D}C:\users\william\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\william\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{AC57B414-602E-474D-BF06-35651F59327B}C:\users\william\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\william\appdata\local\akamai\netsession_win.exe
FirewallRules: [{CF69E0DE-25B5-4115-B6A6-1052C7D67620}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{4E9C6111-0774-4017-9EF1-5A0965F2363E}C:\program files (x86)\xchat\xchat.exe] => (Allow) C:\program files (x86)\xchat\xchat.exe
FirewallRules: [TCP Query User{7119D2C6-2B2C-48EA-8AB3-94B341B65A37}C:\program files (x86)\xchat\xchat.exe] => (Allow) C:\program files (x86)\xchat\xchat.exe
FirewallRules: [UDP Query User{B2943514-5D97-4A87-9F30-353F01963BE9}C:\users\william\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\william\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{C41E1419-3298-4548-AEC3-6C305A6B4AD2}C:\users\william\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\william\appdata\local\akamai\netsession_win.exe
FirewallRules: [{086293E4-C55B-4D1B-8A9C-68C7DC716620}] => (Allow) C:\Users\William\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [UDP Query User{9B96C576-C666-45C0-9CBE-B123C0FF230B}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [TCP Query User{2B480CF5-FF1A-4C27-8160-A1681EF58F93}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [UDP Query User{9E134A69-C9B5-4148-B990-09416582B07E}C:\users\william\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\william\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A98B7F88-2839-489E-8CD6-F11A2F569709}C:\users\william\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\william\appdata\roaming\spotify\spotify.exe
FirewallRules: [{7AFF0EB1-8E35-4FDC-A21B-BEF6790E23FC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{81A7C28D-700D-428B-BBBC-6A46E2ECD458}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{EDDA3044-64A0-43D2-8928-82EB67FFB35F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\vvvvvv\VVVVVV.exe
FirewallRules: [{432FD7B4-09CB-435A-95AB-8F0544406908}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\vvvvvv\VVVVVV.exe
FirewallRules: [UDP Query User{71F4E215-8415-47B4-9689-7CCD1C975C84}C:\program files (x86)\ultima online\client.exe] => (Allow) C:\program files (x86)\ultima online\client.exe
FirewallRules: [TCP Query User{34085775-C100-4348-A093-28FB3C5F0BBB}C:\program files (x86)\ultima online\client.exe] => (Allow) C:\program files (x86)\ultima online\client.exe
FirewallRules: [{1AE3B423-ADF4-445A-BA8D-DCE82E7F4DDE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Space 2\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{5158B06B-D662-4B3A-A97B-6CA8BEA725EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Space 2\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{B9BDF0EC-1445-49D7-BDE1-11B6C2C09B4B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BD1F08CF-FDFD-48F4-8FBD-D9F7944180BA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{0E1EA977-9A5D-426B-8A4D-F2EEA667D8D4}C:\program files (x86)\ultima online\client.exe] => (Allow) C:\program files (x86)\ultima online\client.exe
FirewallRules: [TCP Query User{396F320E-67A2-451B-B44F-A01119819B85}C:\program files (x86)\ultima online\client.exe] => (Allow) C:\program files (x86)\ultima online\client.exe
FirewallRules: [{64B846CF-4F0C-4FBC-8A38-B1EBD560659B}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{D9F7C579-E661-4E53-9A46-8E0B23D149B2}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{C4F17D1C-7EEF-44B0-A3F7-1D7031972279}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{5A356A10-EF02-4760-AAE4-B61BCF6F5941}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [UDP Query User{6CA1B568-FB45-41AA-A6FB-3A291542BB08}C:\users\william\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\william\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{8974D91B-B1BA-407A-857F-2AF5E40E7992}C:\users\william\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\william\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A0282C7A-2B0D-42A8-A129-D07977FFC66B}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{7A8EBB9C-AB6F-4DDA-B08F-7BF0C9DAF648}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{C889EFB1-3BC7-4811-894D-4EED4906131B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{12F8352E-96FE-4E1F-BE4A-2E9D77351654}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{16C19031-3428-425E-A0D0-67ED67446933}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{56234404-6239-43B1-941B-8A0323F9DDB3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{F29E207D-B2C6-4BE0-9A1D-453D184E93D8}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{8D17492E-4348-403C-8EB8-532B76E6BDA8}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{978E289C-F24D-4CED-84BE-6BDA8A55E1F2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{3C886AB8-7EBC-4D43-B9FA-8351394B33DC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [TCP Query User{92AC29A5-7CA7-4674-A4FE-C68D64B816EA}C:\users\william\desktop\uor\client.exe] => (Block) C:\users\william\desktop\uor\client.exe
FirewallRules: [UDP Query User{D1EDF8F8-198A-4382-8835-248234D8EB42}C:\users\william\desktop\uor\client.exe] => (Block) C:\users\william\desktop\uor\client.exe
FirewallRules: [{8DC1C8C1-769D-45B5-98AD-982462A6A149}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\JurassicPark\JurassicPark100.exe
FirewallRules: [{79B9F6C6-2BF7-48C5-B9EC-AFE4B94941FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\JurassicPark\JurassicPark100.exe
FirewallRules: [{84A89CBD-09B7-492C-BB85-569794BCD5D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{F46B4E8E-D48D-48D3-A419-3D7C9978AA78}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{645331E6-82AD-43A5-9742-23B4D42FBD9B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{88EED4E8-B0C4-4693-84BD-0C06FD9D30C0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{B652FC86-0676-497C-A2F0-8165A20EC622}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider Underworld\tru.exe
FirewallRules: [{E011A2F6-5C53-4DE8-8DD6-205FED473187}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider Underworld\tru.exe
FirewallRules: [TCP Query User{1C479694-1B10-414C-AB99-F4C9AA76B6ED}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{5B528EDC-CBC8-4AA8-85BE-ED7E5C13C726}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [TCP Query User{29E324BF-822C-4D98-80BB-E820B614DF80}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{C0E0F3C4-93F4-4C89-9358-6B18DBE1C24A}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [{13C65663-BC24-42CD-8A93-FCC2862D6D38}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{3ABE22A9-1CE9-4D31-B67F-D7B406D71EDD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{78DBE8C1-CB69-41DA-BC21-9478A32634D4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{58443D51-7705-4EB9-8572-2EE1BFBA1FD9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{B591570B-407E-4BF9-87DC-84392521716B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{065E4A16-E505-4F43-8D9A-19CB4C87F717}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4251A479-CF4A-45CC-8804-6994511DBCEF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{381E505B-6CBE-465A-A16F-0072ADC2C7D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{DCF69BF2-F75E-49A9-B92B-BAFA993C966C}D:\bitcoin\bitcoin-qt.exe] => (Allow) D:\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{FEEC16B0-316E-4F75-B516-9D8D297FBC09}D:\bitcoin\bitcoin-qt.exe] => (Allow) D:\bitcoin\bitcoin-qt.exe
FirewallRules: [{3D8E6FB2-2A4E-47F7-81FB-6B4A53559E8D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gauntlet\binaries\gauntlet.exe
FirewallRules: [{A48369E9-C07C-4E5B-B54A-8C484B067F0F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gauntlet\binaries\gauntlet.exe
FirewallRules: [{0597DD44-1AC5-45FA-9DFD-6D428EEDE250}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{FEF8584A-126C-4DB5-A26F-81226D004088}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [TCP Query User{5437F9E3-373C-47F8-9A78-A067CAE24BF4}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Block) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{31CC6B27-8FD1-4958-B24D-7F795327655B}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Block) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{80235D4F-ACFF-4351-BDC2-1D669A434572}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{FAABEC6A-B672-4ED4-8AC9-2BECC7D59A87}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [{B859C917-E05B-4635-8BDA-69E7450D7DA5}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [{BE53E6A0-6662-4652-BF8F-ED38AEFAF603}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [TCP Query User{F9E7478B-23B3-432C-B54C-3615E6AB41CC}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{C61B15C0-9853-4BE1-8BCA-3C1E60A03CCA}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{97E6C6A6-0DCC-415D-A36D-F281F4F3832A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{115F1067-AB4E-4AF8-B876-37FB74AAD23B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1BD09353-FE40-48AD-B4EC-196AC258B138}] => (Allow) C:\Users\William\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8EE5CCED-76BE-46ED-8BF7-A21B5252266B}] => (Allow) C:\Users\William\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7CCCA8EE-5531-4E7A-84BF-B838724746FE}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Jedi Academy\GameData\jasp.exe
FirewallRules: [{37E925F2-2A2B-4E62-8AF7-8A39199F22CE}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Jedi Academy\GameData\jasp.exe
FirewallRules: [{BBC8F7AD-CF8A-4A03-A64F-9EB2945CF4B3}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Jedi Academy\GameData\jamp.exe
FirewallRules: [{A2AD7463-0FC1-489B-94BD-570F8BDB1157}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Jedi Academy\GameData\jamp.exe
FirewallRules: [{962DE676-74FA-4052-B36D-C42EBA8EDDF5}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\swkotor\swkotor.exe
FirewallRules: [{D2AD3DB5-029E-41BF-BC3C-FD8EC553A8A2}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\swkotor\swkotor.exe
FirewallRules: [{8AFB9692-029C-4818-B54E-CF4E2832261D}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{99C03DB5-C159-4D41-8A18-A23686C4CC74}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [TCP Query User{12329774-2772-4C8F-AAC3-205337EC5F9C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{BBC226DF-BD62-4DBD-A3F7-73199A52CB6E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{8063F2E1-8C97-432D-94EE-0065E68ADDD8}D:\will's stuff\steamlibrary\steamapps\common\thehunterprimal\game\thehunterprimal.exe] => (Block) D:\will's stuff\steamlibrary\steamapps\common\thehunterprimal\game\thehunterprimal.exe
FirewallRules: [UDP Query User{F4954B1C-401F-4E71-87A7-6E616C2203F8}D:\will's stuff\steamlibrary\steamapps\common\thehunterprimal\game\thehunterprimal.exe] => (Block) D:\will's stuff\steamlibrary\steamapps\common\thehunterprimal\game\thehunterprimal.exe
FirewallRules: [{56B98595-1818-4D48-BD4D-22A5488BF208}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C83C2A15-F7BE-4B7C-BC6F-5FD2EE15824A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{23F86E97-B2F7-4A59-8D93-1EDF8A06B7A8}D:\will's stuff\steamlibrary\steamapps\common\thehunterprimal\game\thehunterprimal.exe] => (Allow) D:\will's stuff\steamlibrary\steamapps\common\thehunterprimal\game\thehunterprimal.exe
FirewallRules: [UDP Query User{D428B728-137D-45FF-BE92-B013E64A22B0}D:\will's stuff\steamlibrary\steamapps\common\thehunterprimal\game\thehunterprimal.exe] => (Allow) D:\will's stuff\steamlibrary\steamapps\common\thehunterprimal\game\thehunterprimal.exe
FirewallRules: [{494F09F5-6898-4512-BA33-3FC815AF363D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bad Rats\Rats.exe
FirewallRules: [{933867C0-C89E-4A08-AAAD-8EC1FC074C97}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bad Rats\Rats.exe
FirewallRules: [{040EE04F-6548-4FC9-A898-A45177F647E3}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\theHunterPrimal\launcher\launcher.exe
FirewallRules: [{8E4A719A-21E0-4A2F-93CE-D7CED229834E}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\theHunterPrimal\launcher\launcher.exe
FirewallRules: [{9335A277-23F7-45A9-95ED-F4ABFAA6D1F5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{995A5089-2611-4D64-B1F6-F964A09C9181}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{D88C3C4B-79CA-45E8-8787-91010D1589F6}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{A086A1C4-B00E-4835-919D-11F48C2C89CE}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [TCP Query User{E3E2C37A-E35E-4746-A21B-15CE7FB8E070}D:\will's stuff\steamlibrary\steamapps\common\dayz\dayz.exe] => (Allow) D:\will's stuff\steamlibrary\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{C40087D5-AF71-4848-847F-77F28149F8B5}D:\will's stuff\steamlibrary\steamapps\common\dayz\dayz.exe] => (Allow) D:\will's stuff\steamlibrary\steamapps\common\dayz\dayz.exe
FirewallRules: [{B4B3BB22-184D-494B-B3BA-81AD2FA5E6A8}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{B2039F0D-05E8-4CE9-B5D9-31E1F4AAD175}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{7BEA8F0C-D163-461D-AAA2-5D757FCBDACA}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{92B9E094-10FE-4B7F-8460-95395B3461F0}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{304C0013-E0FE-4A97-BDD0-C60694228544}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\TheFall\TheFall.exe
FirewallRules: [{71659AE6-450F-4316-A5C8-5CC2FECE1B43}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\TheFall\TheFall.exe
FirewallRules: [{C526EC9E-E437-4688-8775-1EA4ADD04412}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{6E62EF34-3403-4C21-86E6-B69BF5F4B16F}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{4DC866CA-1B2A-437D-B8DB-D5919A10C93F}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{E16D4D5B-98C2-418B-AD54-BE54A653DD2E}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{F7132309-0E6F-4F01-A971-D4B9E2274FB4}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe
FirewallRules: [{F999CA26-D4BB-4258-A695-862196430888}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe
FirewallRules: [{3DF3B7FA-79FA-4F3A-85CE-8EE2780417A1}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{EF639B87-4E71-4968-B87E-224854986426}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{4C77B9D6-F3B9-4E99-B14C-1852B415CF1E}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{A928283B-64E9-4FD6-BE88-3A7AC4915CB4}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{AF7D2083-FC9E-45EC-96DE-B259BA7D296F}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Ori\ori.exe
FirewallRules: [{01109CBC-9949-4135-A347-AEE27C041606}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Ori\ori.exe
FirewallRules: [TCP Query User{06A64833-C799-46C9-8B4F-AA4A0469AFDD}D:\will's stuff\steamlibrary\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) D:\will's stuff\steamlibrary\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{38DCBBBC-078B-4CF5-A0D1-7E5E9BF16EF9}D:\will's stuff\steamlibrary\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) D:\will's stuff\steamlibrary\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [{5DAF7252-1811-49F8-B194-07E75F6B0CDC}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{171B0C1D-DB44-421B-854F-40160FC1CE7A}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{D2CFBC50-9CE5-47A4-98F5-6B8BEF5C6147}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{6EFE0EFA-1795-4DDE-8A1B-7C8E49C1E8A3}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{FBB5E5E8-F991-4DC2-8DB9-A72696AF4155}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Primal Carnage Extinction\Binaries\Win64\PrimalCarnageGame.exe
FirewallRules: [{905364D6-EDF8-4128-BCC2-B88BB91D25BA}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\Primal Carnage Extinction\Binaries\Win64\PrimalCarnageGame.exe
FirewallRules: [{810F3CBF-3BB4-4E6E-9E4D-6FB143F17DB4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0A705191-74BE-424C-9FB4-A57A82EB6038}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0A1C67CD-F6D5-422A-AFA6-CBA175599375}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B54E08F2-8AE2-4299-9BB9-D397A55AAF1F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5E3C3DDF-B7A5-4B06-9390-A46402B17A3D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{8C80B943-F04C-41EF-9FAB-5A96C29EE235}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{799D444B-69BA-4329-9EE9-172EE3E47F6D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A817F567-C9F8-4112-8C6D-EDADBECF8AC8}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{ADC29B21-9CEF-4E74-B84E-FDA4120A5A19}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{AD0A365A-6954-483E-B012-4B31A0856CD3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{17B15A36-CD2C-4088-B6FE-BA4C0C7364C2}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{08241A9F-8167-4E93-A12B-2210E05DE914}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{CA9C789D-DD9F-4762-9B51-252FBC7A319E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{27A4F57C-0309-473C-925E-8E9B520206C4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{08C931DC-035B-454F-8F5F-871B4100FB25}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{9EC9B698-74E2-4CCB-9EB4-18BE34F9DD9F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A918A8E9-AFEC-4AA3-BB13-E971564F1EBB}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{08830DA5-F3B3-4334-8AF8-1B29961540DF}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{44B854FB-E141-49BE-BE74-62F32E96ABDB}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\theHunterPrimal\launcher\launcher.exe
FirewallRules: [{55635239-435E-4813-A15E-8C67590A9065}] => (Allow) D:\Will's Stuff\SteamLibrary\steamapps\common\theHunterPrimal\launcher\launcher.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\xchat\xchat.exe] => Enabled:XChat IRC Client

==================== Restore Points =========================

12-01-2016 22:26:52 Windows Update
20-01-2016 01:40:11 Scheduled Checkpoint
27-01-2016 01:41:45 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/28/2016 08:54:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LCore.exe, version: 8.45.88.0, time stamp: 0x512ec5bd
Faulting module name: LCore.exe, version: 8.45.88.0, time stamp: 0x512ec5bd
Exception code: 0xc0000005
Fault offset: 0x00000000002484c8
Faulting process id: 0x1490
Faulting application start time: 0xLCore.exe0
Faulting application path: LCore.exe1
Faulting module path: LCore.exe2
Report Id: LCore.exe3
Faulting package full name: LCore.exe4
Faulting package-relative application ID: LCore.exe5

Error: (01/28/2016 01:18:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Terraria.exe, version: 1.3.0.7, time stamp: 0x55c8fafb
Faulting module name: KERNELBASE.dll, version: 10.0.10586.0, time stamp: 0x5632da1c
Exception code: 0xe0434352
Fault offset: 0x000bd8a8
Faulting process id: 0x1918
Faulting application start time: 0xTerraria.exe0
Faulting application path: Terraria.exe1
Faulting module path: Terraria.exe2
Report Id: Terraria.exe3
Faulting package full name: Terraria.exe4
Faulting package-relative application ID: Terraria.exe5

Error: (01/28/2016 01:18:43 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Terraria.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at Terraria.Program.LaunchGame(System.String[])
   at Terraria.WindowsLaunch.Main(System.String[])

Error: (01/28/2016 01:17:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Terraria.exe, version: 1.3.0.7, time stamp: 0x55c8fafb
Faulting module name: KERNELBASE.dll, version: 10.0.10586.0, time stamp: 0x5632da1c
Exception code: 0xe0434352
Fault offset: 0x000bd8a8
Faulting process id: 0x2780
Faulting application start time: 0xTerraria.exe0
Faulting application path: Terraria.exe1
Faulting module path: Terraria.exe2
Report Id: Terraria.exe3
Faulting package full name: Terraria.exe4
Faulting package-relative application ID: Terraria.exe5

Error: (01/28/2016 01:17:46 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Terraria.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at Terraria.Program.LaunchGame(System.String[])
   at Terraria.WindowsLaunch.Main(System.String[])

Error: (01/28/2016 01:17:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Terraria.exe, version: 1.3.0.7, time stamp: 0x55c8fafb
Faulting module name: KERNELBASE.dll, version: 10.0.10586.0, time stamp: 0x5632da1c
Exception code: 0xe0434352
Fault offset: 0x000bd8a8
Faulting process id: 0x226c
Faulting application start time: 0xTerraria.exe0
Faulting application path: Terraria.exe1
Faulting module path: Terraria.exe2
Report Id: Terraria.exe3
Faulting package full name: Terraria.exe4
Faulting package-relative application ID: Terraria.exe5

Error: (01/28/2016 01:17:35 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Terraria.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at Terraria.Program.LaunchGame(System.String[])
   at Terraria.WindowsLaunch.Main(System.String[])

Error: (01/28/2016 01:16:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Terraria.exe, version: 1.3.0.7, time stamp: 0x55c8fafb
Faulting module name: KERNELBASE.dll, version: 10.0.10586.0, time stamp: 0x5632da1c
Exception code: 0xe0434352
Fault offset: 0x000bd8a8
Faulting process id: 0x1fdc
Faulting application start time: 0xTerraria.exe0
Faulting application path: Terraria.exe1
Faulting module path: Terraria.exe2
Report Id: Terraria.exe3
Faulting package full name: Terraria.exe4
Faulting package-relative application ID: Terraria.exe5

Error: (01/28/2016 01:16:43 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Terraria.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at Terraria.Program.LaunchGame(System.String[])
   at Terraria.WindowsLaunch.Main(System.String[])

Error: (01/28/2016 01:15:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Terraria.exe, version: 1.3.0.7, time stamp: 0x55c8fafb
Faulting module name: KERNELBASE.dll, version: 10.0.10586.0, time stamp: 0x5632da1c
Exception code: 0xe0434352
Fault offset: 0x000bd8a8
Faulting process id: 0x26ec
Faulting application start time: 0xTerraria.exe0
Faulting application path: Terraria.exe1
Faulting module path: Terraria.exe2
Report Id: Terraria.exe3
Faulting package full name: Terraria.exe4
Faulting package-relative application ID: Terraria.exe5


System errors:
=============
Error: (02/01/2016 12:25:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/31/2016 11:21:59 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (01/31/2016 08:27:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Management and Security Application User Notification Service service failed to start due to the following error:
%%1053

Error: (01/31/2016 08:27:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the UNS service to connect.

Error: (01/31/2016 08:27:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (01/31/2016 08:25:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The jhi_service service failed to start due to the following error:
%%1053

Error: (01/31/2016 08:25:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the jhi_service service to connect.

Error: (01/31/2016 08:24:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (01/31/2016 08:24:17 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/31/2016 08:24:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_739ef9 service to connect.


CodeIntegrity:
===================================
  Date: 2016-02-01 00:09:01.354
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-31 19:45:04.616
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-28 15:21:35.331
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-14 03:35:55.845
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-10 04:19:47.671
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-09 00:44:42.495
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-07 23:44:41.949
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-30 19:07:47.274
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-26 14:17:41.776
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-26 13:17:14.397
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 31%
Total physical RAM: 8144.97 MB
Available physical RAM: 5563.46 MB
Total Virtual: 9424.97 MB
Available Virtual: 6439.18 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.11 GB) (Free:75.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:398.17 GB) (Free:3.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: B19F8D36)

Partition: GPT.

==================== End of Addition.txt ============================



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:51 PM

Posted 02 February 2016 - 10:02 AM

Only part of your FRST.txt is showing in your reply. Please repost the contents of your FRST.txt which should be located on your desktop.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 stonewilled

stonewilled
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 04 February 2016 - 02:27 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by William (administrator) on WILLIAM (01-02-2016 11:25:08)
Running from C:\Users\William\Downloads
Loaded Profiles: William (Available Profiles: William)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Akamai Technologies, Inc.) C:\Users\William\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\William\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-07-01] (Alcor Micro Corp.)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [90832 2012-06-07] (ASUS)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7468784 2013-02-27] (Logitech Inc.)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5301880 2012-11-30] (VIA)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5301880 2012-11-30] (VIA)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [466944 2011-09-19] ()
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-464151272-1660440405-727124041-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-464151272-1660440405-727124041-1002\...\Run: [Spotify Web Helper] => C:\Users\William\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2016-01-10] (Spotify Ltd)
HKU\S-1-5-21-464151272-1660440405-727124041-1002\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\William\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-04-05] ()
HKU\S-1-5-21-464151272-1660440405-727124041-1002\...\Run: [Akamai NetSession Interface] => C:\Users\William\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-464151272-1660440405-727124041-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-464151272-1660440405-727124041-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-464151272-1660440405-727124041-1002\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-464151272-1660440405-727124041-1002\...\Policies\Explorer: [NoLogOff] 0
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64\FileSyncShell64.dll [2015-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64\FileSyncShell64.dll [2015-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64\FileSyncShell64.dll [2015-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll [2015-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll [2015-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll [2015-12-19] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-10-22]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{252dc763-63e6-4264-be8e-838f43eb36c1}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{95c649b5-1e85-421d-9e90-f642b24a2fed}: [DhcpNameServer] 208.180.42.68 208.180.42.100

Internet Explorer:
==================
HKU\S-1-5-21-464151272-1660440405-727124041-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
SearchScopes: HKU\S-1-5-21-464151272-1660440405-727124041-1002 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-09] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-09] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\ib245ale.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?u=9f3fe08122c36405a1dc819c3d91f555&c=p1&src=hp&inst=1453352387
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-09] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\William\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-03-10] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-464151272-1660440405-727124041-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\William\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-04-15] (Amazon.com, Inc.)
FF Extension: Adblock Plus - C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\ib245ale.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-20]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Users\William\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Profile: C:\Users\William\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-27]
CHR Extension: (Google Drive) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
CHR Extension: (YouTube) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (Google Search) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-20]
CHR Extension: (Google Docs Offline) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-20]
CHR Extension: (Skype) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-03]
CHR Extension: (Gmail) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1257504 2015-12-04] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 FanChkService; C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [45696 2012-01-20] (ASUSTek Computer Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-08] (NVIDIA Corporation)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4630352 2015-05-21] (SafeNet Inc.)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2015-12-30] (Hi-Rez Studios) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-08] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-08] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] () [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 akshasp; C:\Windows\system32\DRIVERS\akshasp.sys [69208 2015-05-21] (SafeNet Inc.)
S3 akshhl; C:\Windows\system32\DRIVERS\akshhl.sys [72664 2015-05-21] (SafeNet Inc.)
S3 aksusb; C:\Windows\system32\DRIVERS\aksusb.sys [312344 2015-05-21] (SafeNet Inc.)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4325544 2015-06-26] (Qualcomm Atheros Communications, Inc.)
R4 epp; C:\EEK\bin64\epp.sys [123992 2015-10-23] (Emsisoft Ltd)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [340336 2015-05-21] (SafeNet Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-12-20] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-01 11:25 - 2016-02-01 11:25 - 00025636 _____ C:\Users\William\Downloads\FRST.txt
2016-02-01 11:24 - 2016-02-01 11:25 - 00000000 ____D C:\FRST
2016-02-01 11:22 - 2016-02-01 11:24 - 02370560 _____ (Farbar) C:\Users\William\Downloads\FRST64.exe
2016-01-31 23:21 - 2016-02-01 11:21 - 00000000 ____D C:\EEK
2016-01-31 23:20 - 2016-01-31 23:21 - 211385968 _____ C:\Users\William\Downloads\EmsisoftEmergencyKit.exe
2016-01-31 20:15 - 2016-01-31 20:23 - 00000000 ____D C:\AdwCleaner
2016-01-31 20:14 - 2016-01-31 20:15 - 01508352 _____ C:\Users\William\Downloads\AdwCleaner.exe
2016-01-31 20:13 - 2016-01-31 20:13 - 00000000 ___HD C:\OneDriveTemp
2016-01-28 06:14 - 2016-01-28 06:14 - 00000000 ____D C:\Users\William\Documents\League of Legends
2016-01-27 19:50 - 2016-01-16 00:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-27 19:50 - 2016-01-16 00:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-27 19:50 - 2016-01-15 23:44 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-27 19:50 - 2016-01-15 23:24 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-27 19:49 - 2016-01-16 00:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-27 19:49 - 2016-01-16 00:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-27 19:49 - 2016-01-16 00:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-27 19:49 - 2016-01-16 00:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-27 19:49 - 2016-01-16 00:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-27 19:49 - 2016-01-16 00:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-27 19:49 - 2016-01-16 00:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-27 19:49 - 2016-01-16 00:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-27 19:49 - 2016-01-16 00:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-27 19:49 - 2016-01-16 00:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-27 19:49 - 2016-01-16 00:21 - 22572624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-01-27 19:49 - 2016-01-16 00:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-27 19:49 - 2016-01-16 00:20 - 06600904 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-01-27 19:49 - 2016-01-16 00:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-27 19:49 - 2016-01-16 00:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-27 19:49 - 2016-01-16 00:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-27 19:49 - 2016-01-16 00:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-27 19:49 - 2016-01-16 00:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-27 19:49 - 2016-01-16 00:17 - 21125400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-01-27 19:49 - 2016-01-16 00:16 - 05238360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-01-27 19:49 - 2016-01-16 00:13 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-01-27 19:49 - 2016-01-16 00:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-01-27 19:49 - 2016-01-16 00:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-27 19:49 - 2016-01-16 00:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-27 19:49 - 2016-01-16 00:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-27 19:49 - 2016-01-16 00:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-27 19:49 - 2016-01-15 23:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-27 19:49 - 2016-01-15 23:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-27 19:49 - 2016-01-15 23:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-27 19:49 - 2016-01-15 23:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-27 19:49 - 2016-01-15 23:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-27 19:49 - 2016-01-15 23:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-27 19:49 - 2016-01-15 23:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-27 19:49 - 2016-01-15 23:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-27 19:49 - 2016-01-15 23:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-27 19:49 - 2016-01-15 23:40 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-01-27 19:49 - 2016-01-15 23:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-27 19:49 - 2016-01-15 23:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-27 19:49 - 2016-01-15 23:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-27 19:49 - 2016-01-15 23:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-27 19:49 - 2016-01-15 23:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-27 19:49 - 2016-01-15 23:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-27 19:49 - 2016-01-15 23:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-27 19:49 - 2016-01-15 23:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-27 19:49 - 2016-01-15 23:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-27 19:49 - 2016-01-15 23:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-27 19:49 - 2016-01-15 23:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-27 19:49 - 2016-01-15 23:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-27 19:49 - 2016-01-15 23:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-27 19:49 - 2016-01-15 23:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-27 19:49 - 2016-01-15 23:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-27 19:49 - 2016-01-15 23:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-27 19:49 - 2016-01-15 23:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-27 19:49 - 2016-01-15 23:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-27 19:49 - 2016-01-15 23:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-27 19:49 - 2016-01-15 23:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-27 19:49 - 2016-01-15 23:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-27 19:49 - 2016-01-15 23:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-27 19:49 - 2016-01-15 23:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-27 19:49 - 2016-01-15 23:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-27 19:49 - 2016-01-15 23:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-27 19:49 - 2016-01-15 23:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-27 19:49 - 2016-01-15 23:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-27 19:49 - 2016-01-15 23:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-27 19:49 - 2016-01-15 23:32 - 24602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-27 19:49 - 2016-01-15 23:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-27 19:49 - 2016-01-15 23:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-27 19:49 - 2016-01-15 23:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-27 19:49 - 2016-01-15 23:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-27 19:49 - 2016-01-15 23:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-27 19:49 - 2016-01-15 23:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-27 19:49 - 2016-01-15 23:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-27 19:49 - 2016-01-15 23:30 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-27 19:49 - 2016-01-15 23:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-27 19:49 - 2016-01-15 23:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-27 19:49 - 2016-01-15 23:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-27 19:49 - 2016-01-15 23:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-27 19:49 - 2016-01-15 23:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-27 19:49 - 2016-01-15 23:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-27 19:49 - 2016-01-15 23:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-27 19:49 - 2016-01-15 23:28 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-01-27 19:49 - 2016-01-15 23:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-27 19:49 - 2016-01-15 23:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-27 19:49 - 2016-01-15 23:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-27 19:49 - 2016-01-15 23:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-27 19:49 - 2016-01-15 23:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-27 19:49 - 2016-01-15 23:26 - 19338752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-27 19:49 - 2016-01-15 23:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-27 19:49 - 2016-01-15 23:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-27 19:49 - 2016-01-15 23:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-27 19:49 - 2016-01-15 23:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-27 19:49 - 2016-01-15 23:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-27 19:49 - 2016-01-15 23:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-27 19:49 - 2016-01-15 23:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-27 19:49 - 2016-01-15 23:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-27 19:49 - 2016-01-15 23:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-27 19:49 - 2016-01-15 23:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-27 19:49 - 2016-01-15 23:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-27 19:49 - 2016-01-15 23:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-27 19:49 - 2016-01-15 23:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-27 19:49 - 2016-01-15 23:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-27 19:49 - 2016-01-15 23:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-27 19:49 - 2016-01-15 23:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-27 19:49 - 2016-01-15 23:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-27 19:49 - 2016-01-15 23:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-27 19:49 - 2016-01-15 23:19 - 12126208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-27 19:49 - 2016-01-15 23:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-27 19:49 - 2016-01-15 23:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-27 19:49 - 2016-01-15 23:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-27 19:49 - 2016-01-15 23:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-27 19:49 - 2016-01-15 23:18 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-01-27 19:49 - 2016-01-15 23:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-27 19:49 - 2016-01-15 23:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-27 19:49 - 2016-01-15 23:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-27 19:49 - 2016-01-15 23:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-27 19:49 - 2016-01-15 23:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-27 19:49 - 2016-01-15 23:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-27 19:49 - 2016-01-15 23:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-27 19:49 - 2016-01-15 23:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-27 19:49 - 2016-01-15 23:09 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-01-21 23:21 - 2016-01-22 00:06 - 00005488 _____ C:\Users\William\Desktop\5512_CA_working_20160121.kmz
2016-01-21 00:03 - 2016-01-21 00:03 - 00005359 _____ C:\Users\William\Desktop\5512_CA_working_20160120.kmz
2016-01-19 21:54 - 2016-01-19 21:54 - 00005265 _____ C:\Users\William\Desktop\5512_CA_working_20160119.kmz
2016-01-18 20:22 - 2016-01-18 20:22 - 00000000 ____D C:\Users\William\Desktop\Nevada
2016-01-18 20:06 - 2016-01-18 20:11 - 00006053 _____ C:\Users\William\Desktop\5512_NV_AllAreas_working_20160118.kmz
2016-01-18 14:10 - 2016-01-18 14:10 - 00005147 _____ C:\Users\William\Desktop\5512_CA_working.kmz
2016-01-16 23:00 - 2016-01-16 23:00 - 00003746 _____ C:\WINDOWS\System32\Tasks\Video Software Uninstaller
2016-01-16 23:00 - 2016-01-16 23:00 - 00000000 ____D C:\Program Files (x86)\Video Software
2016-01-16 19:47 - 2016-01-16 19:47 - 00006029 _____ C:\Users\William\Desktop\5512_NV_AllAreas_working_20160116.kmz
2016-01-16 11:01 - 2016-01-16 11:01 - 00005932 _____ C:\Users\William\Desktop\5512_NV_AllAreas_working.kmz
2016-01-16 10:54 - 2016-01-16 10:54 - 00017012 _____ C:\Users\William\Desktop\5512_NV_AllAreas.kmz
2016-01-13 22:13 - 2016-02-01 11:19 - 00000000 ____D C:\Users\William\AppData\Roaming\Network Cleaner
2016-01-13 22:13 - 2016-01-13 22:57 - 00003418 _____ C:\WINDOWS\System32\Tasks\Network Cleaner
2016-01-13 21:52 - 2016-01-13 21:52 - 00243440 _____ C:\Users\William\Downloads\Firefox Setup Stub 35.0.1.exe
2016-01-13 21:07 - 2016-01-22 00:52 - 00000000 ____D C:\Users\William\Desktop\California_KMZ
2016-01-12 22:38 - 2016-01-12 22:38 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-01-12 21:35 - 2016-01-04 20:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-12 21:35 - 2016-01-04 20:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-12 21:35 - 2016-01-04 20:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-12 21:35 - 2016-01-04 20:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-12 21:35 - 2016-01-04 20:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-12 21:35 - 2016-01-04 20:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-12 21:35 - 2016-01-04 20:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-12 21:35 - 2016-01-04 20:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-12 21:35 - 2016-01-04 20:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-12 21:35 - 2016-01-04 20:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-12 21:35 - 2016-01-04 20:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-12 21:35 - 2016-01-04 20:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-12 21:35 - 2016-01-04 20:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-12 21:35 - 2016-01-04 20:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-12 21:35 - 2016-01-04 20:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-12 21:35 - 2016-01-04 20:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-12 21:35 - 2016-01-04 20:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-12 21:35 - 2016-01-04 20:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-12 21:35 - 2016-01-04 20:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-12 21:35 - 2016-01-04 20:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-12 21:35 - 2016-01-04 20:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-12 21:35 - 2016-01-04 20:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-12 21:35 - 2016-01-04 20:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-12 21:35 - 2016-01-04 20:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-12 21:35 - 2016-01-04 20:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-12 21:35 - 2016-01-04 20:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-12 21:35 - 2016-01-04 20:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-12 21:35 - 2016-01-04 19:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-12 21:35 - 2016-01-04 19:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-12 21:35 - 2016-01-04 19:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-12 21:35 - 2016-01-04 19:54 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-01-12 21:35 - 2016-01-04 19:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-12 21:35 - 2016-01-04 19:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-12 21:35 - 2016-01-04 19:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-12 21:35 - 2016-01-04 19:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-12 21:35 - 2016-01-04 19:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-12 21:35 - 2016-01-04 19:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-12 21:35 - 2016-01-04 19:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-12 21:35 - 2016-01-04 19:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-12 21:35 - 2016-01-04 19:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-12 21:35 - 2016-01-04 19:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-12 21:35 - 2016-01-04 19:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-12 21:35 - 2016-01-04 19:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-12 21:35 - 2016-01-04 19:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-12 21:35 - 2016-01-04 19:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-12 21:35 - 2016-01-04 19:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-12 21:35 - 2016-01-04 19:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-12 21:35 - 2016-01-04 19:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-12 21:35 - 2016-01-04 19:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-12 21:35 - 2016-01-04 19:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-12 21:35 - 2016-01-04 19:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-12 21:35 - 2016-01-04 19:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-12 21:35 - 2016-01-04 19:43 - 00953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-01-12 21:35 - 2016-01-04 19:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-12 21:35 - 2016-01-04 19:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-12 21:35 - 2016-01-04 19:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-12 21:35 - 2016-01-04 19:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-12 21:35 - 2016-01-04 19:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-12 21:35 - 2016-01-04 19:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-12 21:35 - 2016-01-04 19:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-12 21:35 - 2016-01-04 19:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-12 21:35 - 2016-01-04 19:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-12 21:35 - 2016-01-04 19:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-12 21:35 - 2016-01-04 19:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-12 21:35 - 2016-01-04 19:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-12 21:35 - 2016-01-04 19:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-12 21:35 - 2016-01-04 19:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-12 21:35 - 2016-01-04 19:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-12 21:35 - 2016-01-04 19:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-12 21:35 - 2016-01-04 19:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-12 21:35 - 2016-01-04 19:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-12 21:35 - 2016-01-04 19:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-12 21:35 - 2016-01-04 19:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-12 21:35 - 2016-01-04 19:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-10 03:39 - 2016-01-13 22:42 - 00000000 ____D C:\Users\William\AppData\LocalLow\uTorrent
2016-01-09 22:26 - 2016-01-09 22:26 - 00011593 _____ C:\Users\William\Desktop\Antenna Calculator.xlsx
2016-01-09 22:05 - 2016-01-18 20:22 - 00000000 ____D C:\Users\William\Desktop\Arizona
2016-01-09 13:08 - 2016-01-09 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2016-01-09 13:06 - 2016-01-09 13:06 - 01424328 _____ (Microsoft Corporation) C:\Users\William\Downloads\NDP461-KB3102438-Web.exe
2016-01-09 12:41 - 2016-01-09 12:42 - 50966608 _____ (Hi-Rez Studios) C:\Users\William\Downloads\InstallHiRezGamesEnglish.exe
2016-01-09 12:33 - 2016-01-09 12:34 - 50699928 _____ (Hi-Rez Studios) C:\Users\William\Downloads\InstallSmite(1).exe
2016-01-09 12:01 - 2016-01-09 12:02 - 06503984 _____ (Microsoft Corporation) C:\Users\William\Downloads\vcredist_x86.exe
2016-01-09 11:55 - 2016-01-09 11:55 - 00409856 _____ (TweakBit) C:\Users\William\Downloads\fix_msvcp100.dll-setup.exe
2016-01-08 23:53 - 2016-01-09 13:08 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2016-01-08 23:53 - 2016-01-09 13:08 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2016-01-08 23:26 - 2016-01-08 23:51 - 50699928 _____ (Hi-Rez Studios) C:\Users\William\Downloads\InstallSmite.exe
2016-01-08 22:46 - 2016-01-22 00:53 - 00000000 ____D C:\Users\William\Desktop\Pics
2016-01-08 20:01 - 2016-01-08 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-01-07 21:20 - 2016-01-09 03:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-01 11:05 - 2014-01-23 14:59 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2295E6D4-1CF1-4F1C-AEB6-8A8B29CBFDD4}
2016-02-01 11:02 - 2013-04-13 10:01 - 00000380 _____ C:\Users\William\AppData\Roaming\sp_data.sys
2016-01-31 23:59 - 2013-04-13 12:00 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-31 23:46 - 2013-04-15 08:06 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-31 23:19 - 2014-01-23 12:18 - 00000000 __RDO C:\Users\William\SkyDrive
2016-01-31 23:18 - 2013-04-15 08:06 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-31 20:32 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-31 20:32 - 2015-09-25 02:08 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-31 20:24 - 2015-12-20 16:45 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-31 20:24 - 2015-12-18 12:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-31 20:24 - 2015-10-30 00:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-01-31 20:13 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache
2016-01-31 19:35 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-28 23:22 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\Help
2016-01-28 22:58 - 2014-04-22 09:45 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-28 22:29 - 2015-12-18 12:18 - 00000000 ____D C:\Users\William
2016-01-28 22:23 - 2013-04-14 20:49 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-28 20:54 - 2013-04-16 07:08 - 00000000 ____D C:\Users\William\AppData\Local\CrashDumps
2016-01-28 19:27 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-28 15:53 - 2015-12-20 11:53 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-01-28 15:52 - 2015-12-26 13:29 - 00000085 _____ C:\WINDOWS\wininit.ini
2016-01-28 15:49 - 2015-09-09 23:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-28 15:16 - 2015-10-30 01:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-28 15:16 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-28 15:16 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-28 15:16 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-28 15:16 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-28 15:16 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-28 15:16 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-28 00:03 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-27 19:14 - 2013-04-15 08:06 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-27 19:09 - 2013-09-18 08:32 - 00000000 ____D C:\Users\William\AppData\Roaming\FileZilla
2016-01-22 06:44 - 2013-04-28 14:27 - 00000000 ____D C:\Users\William\AppData\Roaming\Skype
2016-01-19 23:53 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\IME
2016-01-15 11:56 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-01-15 03:33 - 2013-04-28 14:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-14 03:30 - 2015-02-02 17:54 - 00000000 ____D C:\Users\William\AppData\Roaming\uTorrent
2016-01-14 01:42 - 2015-05-25 21:25 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-14 01:41 - 2015-10-31 16:45 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-12 22:41 - 2013-07-26 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-12 22:39 - 2013-07-26 21:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-12 22:39 - 2013-07-26 21:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-12 22:35 - 2013-07-19 01:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-12 22:28 - 2013-04-14 10:03 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-12 22:28 - 2012-07-25 23:26 - 00000301 _____ C:\WINDOWS\win.ini
2016-01-12 01:30 - 2015-02-20 10:37 - 00000000 ____D C:\Users\William\Desktop\From phone
2016-01-10 03:57 - 2013-04-13 13:45 - 00000000 ____D C:\Users\William\AppData\Roaming\Spotify
2016-01-10 03:42 - 2013-04-13 13:46 - 00000000 ____D C:\Users\William\AppData\Local\Spotify
2016-01-09 13:08 - 2012-10-22 03:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-09 12:51 - 2013-04-15 18:36 - 00000000 ____D C:\Users\William\AppData\Local\ElevatedDiagnostics
2016-01-09 11:51 - 2015-12-20 11:57 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-01-09 03:31 - 2013-04-13 10:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-09 00:12 - 2015-09-25 11:08 - 00000000 ___RD C:\Users\William\3D Objects
2016-01-08 20:01 - 2014-03-27 20:08 - 00000000 ____D C:\Users\William\AppData\Local\Skype
2016-01-08 20:01 - 2013-04-28 14:27 - 00000000 ____D C:\ProgramData\Skype
2016-01-07 20:50 - 2015-12-18 12:14 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2016-01-02 19:40 - 2015-10-30 01:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 19:40 - 2015-10-30 01:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-04-13 10:01 - 2016-02-01 11:02 - 0000380 _____ () C:\Users\William\AppData\Roaming\sp_data.sys
2015-03-11 18:33 - 2015-12-26 19:54 - 0000098 _____ () C:\Users\William\AppData\Roaming\theHunterPrimal_LauncherSettings_live.cfg
2015-06-15 07:32 - 2015-06-15 07:32 - 0007508 _____ () C:\Users\William\AppData\Roaming\TheHunterPrimevalSettings_live.bin
2012-08-04 19:42 - 2012-07-30 00:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-04 19:42 - 2009-07-22 04:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Some files in TEMP:
====================
C:\Users\William\AppData\Local\Temp\2982.tmp.exe
C:\Users\William\AppData\Local\Temp\5C9B.tmp.exe
C:\Users\William\AppData\Local\Temp\71D1.tmp.exe
C:\Users\William\AppData\Local\Temp\CC57.tmp.exe
C:\Users\William\AppData\Local\Temp\DC09.tmp.exe
C:\Users\William\AppData\Local\Temp\F498.tmp.exe
C:\Users\William\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\William\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\William\AppData\Local\Temp\nvStInst.exe
C:\Users\William\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-27 00:45

==================== End of FRST.txt ============================



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:51 PM

Posted 08 February 2016 - 08:28 AM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

[attachment=176466:fixlist.txt]


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
How is the computer running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 stonewilled

stonewilled
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 09 February 2016 - 05:29 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by William (2016-02-09 16:12:47) Run:1
Running from C:\Users\William\Downloads
Loaded Profiles: William (Available Profiles: William)
Boot Mode: Normal
==============================================

fixlist content:
*****************
SearchScopes: HKU\S-1-5-21-464151272-1660440405-727124041-1002 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
C:\Users\William\AppData\Local\Temp\2982.tmp.exe
C:\Users\William\AppData\Local\Temp\5C9B.tmp.exe
C:\Users\William\AppData\Local\Temp\71D1.tmp.exe
C:\Users\William\AppData\Local\Temp\CC57.tmp.exe
C:\Users\William\AppData\Local\Temp\DC09.tmp.exe
C:\Users\William\AppData\Local\Temp\F498.tmp.exe
C:\Users\William\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\William\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\William\AppData\Local\Temp\nvStInst.exe
C:\Users\William\AppData\Local\Temp\sqlite3.dll
EmptyTemp:
Hosts:
Task: {F8D55BBC-3A93-40AC-B9F7-1989ED2A07DA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CBA1F1B7-64B2-410C-B062-9326327360C3} - \Megasoft Security Uninstaller -> No File <==== ATTENTION
Task: {D93645DB-AC3B-49BC-8233-578DA408356D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {90BCC4B4-EF2F-4347-82AB-CF73BD3A7DBA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {765527FC-070E-4121-B4BB-B4E3D227DAA4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7C776046-D8A5-4799-8E96-E2907492A074} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {69AA1F92-ADAD-4D11-A85E-83FA60930544} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {536581E5-DF0A-4BBE-85B5-4828174BF827} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {4EC18CF5-D895-4A7F-92C9-2C76049E09A2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3EE70D86-E818-420F-96B8-1BDA8110B1F2} - System32\Tasks\Video Software Uninstaller => C:\Program Files (x86)\Video Software\VideoSoftware.exe [2016-01-16] (Secure Updater) <==== ATTENTION
Task: {12ED816E-A238-46B7-8109-75E5475BD047} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {14F5F4E5-BA55-4497-AAA6-8857715A7BE4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {11E5BB97-007C-43FC-B581-AAB48C071C62} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
C:\Users\William\AppData\Roaming\Network Cleaner\Network Cleaner.exe  


*****************

HKU\S-1-5-21-464151272-1660440405-727124041-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully
gupdate => service removed successfully
gupdatem => service removed successfully
C:\Users\William\AppData\Local\Temp\2982.tmp.exe => moved successfully
C:\Users\William\AppData\Local\Temp\5C9B.tmp.exe => moved successfully
C:\Users\William\AppData\Local\Temp\71D1.tmp.exe => moved successfully
C:\Users\William\AppData\Local\Temp\CC57.tmp.exe => moved successfully
C:\Users\William\AppData\Local\Temp\DC09.tmp.exe => moved successfully
C:\Users\William\AppData\Local\Temp\F498.tmp.exe => moved successfully
C:\Users\William\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\William\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
C:\Users\William\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\William\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8D55BBC-3A93-40AC-B9F7-1989ED2A07DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8D55BBC-3A93-40AC-B9F7-1989ED2A07DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBA1F1B7-64B2-410C-B062-9326327360C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBA1F1B7-64B2-410C-B062-9326327360C3}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Megasoft Security Uninstaller => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D93645DB-AC3B-49BC-8233-578DA408356D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D93645DB-AC3B-49BC-8233-578DA408356D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90BCC4B4-EF2F-4347-82AB-CF73BD3A7DBA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90BCC4B4-EF2F-4347-82AB-CF73BD3A7DBA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{765527FC-070E-4121-B4BB-B4E3D227DAA4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{765527FC-070E-4121-B4BB-B4E3D227DAA4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C776046-D8A5-4799-8E96-E2907492A074}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C776046-D8A5-4799-8E96-E2907492A074}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{69AA1F92-ADAD-4D11-A85E-83FA60930544}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69AA1F92-ADAD-4D11-A85E-83FA60930544}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{536581E5-DF0A-4BBE-85B5-4828174BF827}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{536581E5-DF0A-4BBE-85B5-4828174BF827}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EC18CF5-D895-4A7F-92C9-2C76049E09A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EC18CF5-D895-4A7F-92C9-2C76049E09A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EE70D86-E818-420F-96B8-1BDA8110B1F2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EE70D86-E818-420F-96B8-1BDA8110B1F2}" => key removed successfully
C:\WINDOWS\System32\Tasks\Video Software Uninstaller => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Video Software Uninstaller" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12ED816E-A238-46B7-8109-75E5475BD047}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12ED816E-A238-46B7-8109-75E5475BD047}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14F5F4E5-BA55-4497-AAA6-8857715A7BE4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14F5F4E5-BA55-4497-AAA6-8857715A7BE4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11E5BB97-007C-43FC-B581-AAB48C071C62}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11E5BB97-007C-43FC-B581-AAB48C071C62}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"C:\Users\William\AppData\Roaming\Network Cleaner\Network Cleaner.exe" => not found.
EmptyTemp: => 853 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 16:14:34 ====



#10 stonewilled

stonewilled
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 09 February 2016 - 05:39 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Home x64
Ran by William (Administrator) on Tue 02/09/2016 at 16:32:17.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4

Successfully deleted: C:\Users\William\AppData\Roaming\nico mak computing (Folder)
Successfully deleted: C:\Users\William\AppData\Roaming\sp_data.sys (File)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Successfully deleted: C:\WINDOWS\prefetch\DRIVERUPDATEUI.EXE-A933B2EF.pf (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/09/2016 at 16:36:21.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

The computer is running better.  The issues that I was originally facing seem to have gone.  However I have noticed a new problem with my audio.  Sometimes on startup my audio wont work and I cant even open audio settings in control panel.  It also hangs up the booting process I believe because wifi never shows up in task manager.  I hope I am explaining this well enough.



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:51 PM

Posted 11 February 2016 - 07:18 PM

I dont think any of the issues you are experiencing are malware related at this point. Lets make another check for any leftovers.

ZN3USrZ.png Emsisoft Emergency Kit
  • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
    dQVDkTW.png
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    yEgPemv.png
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    RUeRoi4.png
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    P7FSALs.png
  • Please Copy and Paste the contents of the scan log in your next reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:51 PM

Posted 14 February 2016 - 11:44 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:51 PM

Posted 01 March 2016 - 08:21 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users