Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser opens with pop-up ad on start up


  • This topic is locked This topic is locked
15 replies to this topic

#1 mcpaul

mcpaul

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 01 February 2016 - 10:42 AM

Every time I log into windows a browser window opens with a random ad (see attached examples). Initially it was opening an IE 11 browser window and as I pretty much exclusively use Chrome, I went in via the control panel and removed IE11. This just caused the problem to continue such that it now opens in Chrome. I've run just about everything I can think of including MalwareBytes, ESET NOD32, Kaspersky, HijackThis, AdwCleaner, SpyBot, msconfig, etc. None of the malware or anti-virus programs are finding anything.
 
AdwCleaner does find these odd looking entries but even after removing them, upon rebooting they return:
 
 Folder Found : C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd
 
***** [ Web browsers ] *****
[C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : baohinapilmkigilbbbcccncoljkdpnd
 
Any help would be appreciated.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by mike (administrator) on QUBE (01-02-2016 10:22:15)
Running from C:\Users\mike2\Downloads
Loaded Profiles: mike (Available Profiles: mike & DefaultAppPool)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\Gigabyte\SIV\thermald.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\wbem\WmiPrvSE.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(i-Funbox.com) C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.122.14020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Inc.) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.7.1041.0_x64__8wekyb3d8bbwe\Solitaire.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1803392 2015-10-31] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [USB Electronic Scale] => C:\Program Files (x86)\USB Electronic Scale\scale.exe [4960256 2005-04-08] (TES)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [8192 2013-04-29] ()
HKLM-x32\...\RunOnce: [SIV] => C:\Program Files (x86)\Gigabyte\SIV\sivro.exe [12096 2015-07-01] (GIGA-BYTE TECHNOLOGY CO., LTD.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1908314208-3067588216-3482629810-1001\...\Run: [iFunBox] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe [2783232 2015-07-27] (i-Funbox.com)
HKU\S-1-5-21-1908314208-3067588216-3482629810-1001\...\Run: [GoogleChromeAutoLaunch_2274ED0A202A8FE2F97884BB76B1EB79] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748872 2016-01-27] (Google Inc.)
HKU\S-1-5-21-1908314208-3067588216-3482629810-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-1908314208-3067588216-3482629810-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk [2015-09-15]
ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-09-20]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2015-11-18]
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8e1988f0-21db-4fec-b23a-cc9a367d9c21}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-09-20] (LastPass)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-09-20] (LastPass)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-09-20] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-09-20] (LastPass)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-09-20] (LastPass)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-09-20] (LastPass)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-12-08] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-20]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2015-09-20]
CHR Extension: (IconSmash - Free Icons) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahphhkpleajnegckhjiogcpojdjimcob [2015-09-20]
CHR Extension: (Duolingo on the Web) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-09-20]
CHR Extension: (Google Docs) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-20]
CHR Extension: (Google Drive) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Shortcuts for Google™) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd [2016-02-01]
CHR Extension: (YouTube) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Add to Amazon Wish List) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2015-09-20]
CHR Extension: (Google Search) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Search Filter) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidhkmnbiahhgbgpjpiimdogfidfikgf [2015-09-20]
CHR Extension: (Google Calendar) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12]
CHR Extension: (JavaScript Editor) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhkeonpomkliaedmafeniofidolfmdd [2015-09-20]
CHR Extension: (Google Finance) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2015-09-20]
CHR Extension: (Google Sheets) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-20]
CHR Extension: (Google Docs Offline) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-02-01]
CHR Extension: (PDF Mergy) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2015-09-20]
CHR Extension: (NPR Infinite Player) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpcelemhneoooapbbopolpjhmbfmnbf [2015-09-20]
CHR Extension: (Google Voice (by Google)) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-09-20]
CHR Extension: (ShiftEdit) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcgmndephhjcabhhjfcmncnhbmgbkpij [2015-09-29]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2015-09-20]
CHR Extension: (Google Mail Checker) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-09-20]
CHR Extension: (Universal Unit Converter) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafkejlpknmikohhgdelefdeeieplkog [2015-09-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-20]
CHR Extension: (Gmail) - C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-20]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] () [File not signed]
S3 HwmRecordService; C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe [62784 2015-07-01] (GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359848 2015-10-10] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [168208 2015-07-13] (ESET)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-01] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-01 10:22 - 2016-02-01 10:22 - 00020912 _____ C:\Users\mike2\Downloads\FRST.txt
2016-02-01 10:21 - 2016-02-01 10:22 - 00000000 ____D C:\FRST
2016-02-01 10:20 - 2016-02-01 10:21 - 02370560 _____ (Farbar) C:\Users\mike2\Downloads\FRST64.exe
2016-02-01 10:15 - 2016-02-01 10:15 - 00016148 _____ C:\WINDOWS\system32\QUBE_mike_HistoryPrediction.bin
2016-02-01 10:06 - 2016-02-01 10:06 - 00000000 ___HD C:\OneDriveTemp
2016-02-01 07:00 - 2016-02-01 12:53 - 00000000 ____D C:\AdwCleaner
2016-02-01 06:51 - 2016-02-01 06:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-02-01 06:50 - 2016-02-01 12:53 - 00000000 ____D C:\Users\mike2\Desktop\mbar
2016-02-01 06:48 - 2016-02-01 06:48 - 00030264 _____ C:\Users\mike2\Downloads\MTB.txt
2016-02-01 06:41 - 2016-02-01 06:41 - 00003025 _____ C:\Users\mike2\Downloads\FSS.txt
2016-01-31 08:44 - 2016-01-31 08:44 - 00000000 ____D C:\Users\mike2\AppData\Local\CEF
2016-01-31 08:40 - 2016-01-31 08:40 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-31 08:40 - 2016-01-31 08:40 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-01-31 08:39 - 2016-01-31 08:39 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-01-31 08:20 - 2016-02-01 08:57 - 00000000 ____D C:\Users\mike2\Downloads\backups
2016-01-31 07:28 - 2016-01-31 07:28 - 00000000 ____D C:\Users\mike2\Logitech
2016-01-31 07:28 - 2016-01-31 07:28 - 00000000 ____D C:\Users\mike2\AppData\Roaming\Mozilla
2016-01-31 07:27 - 2016-01-31 07:27 - 48357912 _____ (Logitech Inc.) C:\Users\mike2\Downloads\LogitechHarmonyRemote7.7.0-WIN-x86.exe
2016-01-31 07:27 - 2016-01-31 07:27 - 00000000 ____D C:\Program Files (x86)\Logitech
2016-01-30 12:00 - 2016-01-30 12:00 - 00004568 _____ C:\Users\mike2\AppData\Local\recently-used.xbel
2016-01-30 09:22 - 2016-01-30 09:22 - 00002106 _____ C:\Users\Public\Desktop\H&R Block 2015.lnk
2016-01-30 09:21 - 2016-02-01 09:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2015
2016-01-30 09:21 - 2016-02-01 09:58 - 00000000 ____D C:\Program Files (x86)\PDF995
2016-01-30 09:21 - 2016-02-01 09:57 - 00000000 ____D C:\Program Files (x86)\HRBlock2015
2016-01-30 09:20 - 2016-02-01 09:58 - 00000000 ____D C:\ProgramData\TaxCut
2016-01-30 09:17 - 2016-01-30 09:17 - 00030229 _____ C:\Users\mike2\Downloads\application.zip
2016-01-30 09:14 - 2016-02-01 09:58 - 00000000 ____D C:\Users\mike2\Desktop\New folder
2016-01-30 06:24 - 2016-02-01 09:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gigabyte
2016-01-28 14:08 - 2016-01-28 14:08 - 00144093 _____ C:\Users\mike2\Desktop\https___www.tracfone.com_direct_controller.pdf
2016-01-28 06:19 - 2016-02-01 09:58 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-28 06:19 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-01-28 06:16 - 2016-02-01 09:58 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-01-28 06:16 - 2016-02-01 09:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-01-28 06:16 - 2016-02-01 09:58 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-01-28 06:16 - 2016-01-28 06:38 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-01-28 06:16 - 2016-01-28 06:16 - 00001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-01-28 06:16 - 2016-01-28 06:16 - 00001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-01-28 06:16 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-01-28 06:15 - 2016-01-28 06:15 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\mike2\Downloads\spybot-2.4.exe
2016-01-25 13:45 - 2016-01-25 13:45 - 00087530 _____ C:\Users\mike2\Desktop\https___www.erieinsurancepayments.com_cgi_erieExpress-bin_vortex.pdf
2016-01-23 07:37 - 2016-01-23 07:37 - 02875398 _____ C:\Users\mike2\Desktop\Eloquent_JavaScript.pdf
2016-01-21 14:58 - 2016-01-21 14:58 - 00001063 _____ C:\Users\mike2\Desktop\Genesis.txt
2016-01-21 09:32 - 2016-01-21 09:32 - 02956476 _____ C:\Users\mike2\Desktop\tracfone manual.pdf
2016-01-16 09:12 - 2016-02-01 09:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4Tools
2016-01-16 09:12 - 2016-02-01 09:58 - 00000000 ____D C:\Program Files (x86)\MP4Tools
2016-01-16 09:12 - 2016-01-16 09:12 - 11300959 _____ ( ) C:\Users\mike2\Downloads\MP4Tools-3.1-win32.exe
2016-01-16 09:07 - 2016-01-16 09:07 - 00000000 ____D C:\Users\mike2\AppData\Roaming\iDealshare VideoGo 6
2016-01-16 09:06 - 2016-01-16 09:06 - 18103025 _____ (iDealshare Corporation ) C:\Users\mike2\Downloads\i-video-converter.exe
2016-01-16 09:02 - 2016-02-01 09:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux (64 bits)
2016-01-16 09:02 - 2016-02-01 09:58 - 00000000 ____D C:\Program Files\Avidemux 2.6 - 64 bits
2016-01-16 09:02 - 2016-01-16 09:18 - 00000000 ____D C:\Users\mike2\AppData\Roaming\avidemux
2016-01-16 09:01 - 2016-01-16 09:02 - 16102241 _____ C:\Users\mike2\Downloads\avidemux_2.6.11beta1_win64 (1).exe
2016-01-16 09:01 - 2016-01-16 09:01 - 16102241 _____ C:\Users\mike2\Downloads\avidemux_2.6.11beta1_win64.exe
2016-01-13 11:07 - 2016-01-13 11:07 - 00000324 _____ C:\Users\mike2\Desktop\tin machine.txt
2016-01-12 14:03 - 2016-02-01 09:58 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-12 13:54 - 2016-01-04 22:07 - 02463704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-12 13:54 - 2016-01-04 22:07 - 00377592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-01-12 13:54 - 2016-01-04 22:06 - 08022368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-12 13:54 - 2016-01-04 22:06 - 01991120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-01-12 13:54 - 2016-01-04 22:06 - 01270104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-12 13:54 - 2016-01-04 22:06 - 01063504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-01-12 13:54 - 2016-01-04 22:06 - 00119800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-12 13:54 - 2016-01-04 22:04 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-01-12 13:54 - 2016-01-04 22:04 - 02641928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-01-12 13:54 - 2016-01-04 22:04 - 01591848 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-12 13:54 - 2016-01-04 22:04 - 01150816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-12 13:54 - 2016-01-04 22:04 - 00862056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-12 13:54 - 2016-01-04 22:04 - 00787720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-12 13:54 - 2016-01-04 22:04 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-12 13:54 - 2016-01-04 22:04 - 00779928 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-12 13:54 - 2016-01-04 22:04 - 00772448 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-12 13:54 - 2016-01-04 22:04 - 00751992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-01-12 13:54 - 2016-01-04 22:04 - 00667856 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-12 13:54 - 2016-01-04 22:04 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-01-12 13:54 - 2016-01-04 22:04 - 00249464 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-01-12 13:54 - 2016-01-04 22:04 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-12 13:54 - 2016-01-04 22:04 - 00233992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-12 13:54 - 2016-01-04 22:04 - 00115704 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-01-12 13:54 - 2016-01-04 22:04 - 00090912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-01-12 13:54 - 2016-01-04 22:04 - 00083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-01-12 13:54 - 2016-01-04 21:59 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-01-12 13:54 - 2016-01-04 21:52 - 00441696 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-12 13:54 - 2016-01-04 21:50 - 01817064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-12 13:54 - 2016-01-04 21:50 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-12 13:54 - 2016-01-04 21:50 - 00723648 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-12 13:54 - 2016-01-04 21:50 - 00345080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-01-12 13:54 - 2016-01-04 21:50 - 00251544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-01-12 13:54 - 2016-01-04 21:50 - 00205072 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-01-12 13:54 - 2016-01-04 21:31 - 01365576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-12 13:54 - 2016-01-04 21:30 - 02459096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-01-12 13:54 - 2016-01-04 21:30 - 02162064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-01-12 13:54 - 2016-01-04 21:30 - 02152744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-12 13:54 - 2016-01-04 21:30 - 01106872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-12 13:54 - 2016-01-04 21:30 - 00882208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-01-12 13:54 - 2016-01-04 21:30 - 00368776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-01-12 13:54 - 2016-01-04 21:30 - 00232896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-01-12 13:54 - 2016-01-04 21:30 - 00100712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-12 13:54 - 2016-01-04 21:29 - 00208688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-12 13:54 - 2016-01-04 21:28 - 02445128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-01-12 13:54 - 2016-01-04 21:28 - 00714808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-12 13:54 - 2016-01-04 21:28 - 00696192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-01-12 13:54 - 2016-01-04 21:28 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-12 13:54 - 2016-01-04 21:28 - 00645144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-12 13:54 - 2016-01-04 21:28 - 00635312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-12 13:54 - 2016-01-04 21:28 - 00497896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-12 13:54 - 2016-01-04 21:28 - 00277400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-01-12 13:54 - 2016-01-04 21:28 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-12 13:54 - 2016-01-04 21:28 - 00107952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-01-12 13:54 - 2016-01-04 21:28 - 00082096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-01-12 13:54 - 2016-01-04 21:28 - 00072808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-01-12 13:54 - 2016-01-04 21:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-01-12 13:54 - 2016-01-04 21:18 - 21873152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-12 13:54 - 2016-01-04 21:15 - 24592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-12 13:54 - 2016-01-04 21:15 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2016-01-12 13:54 - 2016-01-04 21:15 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-12 13:54 - 2016-01-04 21:15 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-12 13:54 - 2016-01-04 21:10 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfh264enc.dll
2016-01-12 13:54 - 2016-01-04 21:10 - 00305776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-01-12 13:54 - 2016-01-04 21:10 - 00278424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-01-12 13:54 - 2016-01-04 21:10 - 00188032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-01-12 13:54 - 2016-01-04 21:09 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-12 13:54 - 2016-01-04 21:09 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-12 13:54 - 2016-01-04 21:02 - 01672192 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-12 13:54 - 2016-01-04 21:02 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-12 13:54 - 2016-01-04 21:02 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-12 13:54 - 2016-01-04 21:01 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-12 13:54 - 2016-01-04 21:00 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-01-12 13:54 - 2016-01-04 21:00 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-12 13:54 - 2016-01-04 20:59 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-12 13:54 - 2016-01-04 20:57 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-12 13:54 - 2016-01-04 20:57 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-12 13:54 - 2016-01-04 20:57 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-12 13:54 - 2016-01-04 20:56 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-12 13:54 - 2016-01-04 20:51 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-12 13:54 - 2016-01-04 20:51 - 01009664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-12 13:54 - 2016-01-04 20:51 - 00634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-01-12 13:54 - 2016-01-04 20:51 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-01-12 13:54 - 2016-01-04 20:51 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-01-12 13:54 - 2016-01-04 20:44 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-12 13:54 - 2016-01-04 20:44 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-12 13:54 - 2016-01-04 20:43 - 19324928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-12 13:54 - 2016-01-04 20:42 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2016-01-12 13:54 - 2016-01-04 20:38 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfh264enc.dll
2016-01-12 13:54 - 2016-01-04 20:32 - 01541632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-12 13:54 - 2016-01-04 20:32 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-12 13:54 - 2016-01-04 20:31 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-12 13:54 - 2016-01-04 20:31 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-12 13:54 - 2016-01-04 20:30 - 18802176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-12 13:54 - 2016-01-04 20:29 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-01-12 13:54 - 2016-01-04 20:29 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-12 13:54 - 2016-01-04 20:26 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-12 13:54 - 2016-01-04 20:24 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-12 13:54 - 2016-01-04 20:20 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-12 13:54 - 2016-01-04 20:19 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-12 13:54 - 2016-01-04 20:19 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-01-12 13:54 - 2016-01-04 20:19 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-01-12 13:54 - 2016-01-04 20:19 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-01-07 13:21 - 2016-01-07 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2016-01-07 13:21 - 2016-01-07 13:21 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2016-01-03 17:24 - 2016-01-03 17:24 - 04120904 _____ C:\Users\mike2\Desktop\Phantom_FC40_User_Manual_v1.06_en.pdf
2016-01-03 07:54 - 2016-01-03 07:54 - 00001303 _____ C:\Users\Public\Desktop\DJI NAZAM Assistant_2.20.lnk
2016-01-03 07:54 - 2016-01-03 07:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DJI Product
2016-01-03 07:54 - 2016-01-03 07:54 - 00000000 ____D C:\Program Files (x86)\DJI Product
2016-01-03 07:52 - 2016-01-03 07:52 - 11340607 _____ (DJI ) C:\Users\mike2\Downloads\NAZAM_2.20_Installer.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-01 12:53 - 2015-09-20 07:22 - 00000000 ____D C:\Users\mike2\AppData\Local\VirtualStore
2016-02-01 10:22 - 2015-09-15 08:12 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-01 10:21 - 2015-09-15 15:32 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-01 10:09 - 2015-09-15 13:39 - 01005598 __NDT C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-01 10:09 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF
2016-02-01 10:06 - 2015-09-20 07:23 - 00000000 ___RD C:\Users\mike2\OneDrive
2016-02-01 10:06 - 2015-09-15 08:12 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-01 10:06 - 2015-09-15 05:55 - 00026192 ____N (Windows ® Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2016-02-01 10:01 - 2015-10-31 08:18 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-01 10:01 - 2015-09-15 13:39 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-01 10:01 - 2015-07-10 07:21 - 00000006 ___HD C:\WINDOWS\Tasks\SA.DAT
2016-02-01 10:01 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-01 10:00 - 2015-09-20 07:22 - 00000000 ____D C:\Users\mike2
2016-02-01 10:00 - 2015-09-15 08:11 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-01 09:58 - 2015-11-12 18:09 - 00000000 ____D C:\Users\mike2\AppData\Roaming\vlc
2016-02-01 09:58 - 2015-10-31 16:23 - 00000000 ____D C:\Users\mike2\AppData\Local\gtk-2.0
2016-02-01 09:58 - 2015-10-16 06:25 - 00000000 ____D C:\Users\DefaultAppPool
2016-02-01 09:58 - 2015-10-04 13:24 - 00000000 ____D C:\Program Files (x86)\USB Electronic Scale
2016-02-01 09:58 - 2015-09-21 09:50 - 00000000 ____D C:\Users\mike2\AppData\Local\arw
2016-02-01 09:58 - 2015-09-15 14:28 - 00000000 ____D C:\ProgramData\FitbitConnect
2016-02-01 09:58 - 2015-09-15 13:40 - 00000000 ____D C:\Users\Mike
2016-02-01 09:58 - 2015-09-15 05:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-01 09:58 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-01 09:58 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\registration
2016-02-01 09:58 - 2015-07-10 06:04 - 00000000 ____D C:\Program Files\Windows Defender
2016-02-01 09:58 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-02-01 09:58 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\servicing
2016-01-31 08:06 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-30 12:06 - 2015-10-04 13:06 - 00000000 ____D C:\Users\mike2\.gimp-2.8
2016-01-30 11:42 - 2015-07-10 07:20 - 00339272 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-30 06:23 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-28 17:23 - 2015-09-15 08:12 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-27 16:04 - 2015-09-21 09:50 - 00000000 ____D C:\Users\mike2\Desktop\NowSmart Recordings
2016-01-16 09:02 - 2015-12-07 14:17 - 00000000 ____D C:\Users\mike2\AppData\Local\Screencast-O-Matic-v2
2016-01-16 05:03 - 2015-09-20 07:46 - 00000000 ____D C:\Users\mike2\AppData\LocalLow\LastPass
2016-01-15 13:20 - 2015-12-09 05:18 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 16:44 - 2015-09-15 15:11 - 00000000 ____D C:\ProgramData\DVD Shrink
2016-01-12 14:08 - 2015-09-15 07:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-12 14:04 - 2015-09-15 07:25 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-07 13:21 - 2015-09-15 14:28 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-01-02 20:40 - 2015-07-10 06:06 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 20:40 - 2015-07-10 06:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-09-20 07:46 - 2015-09-20 07:46 - 16790552 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-01-30 12:00 - 2016-01-30 12:00 - 0004568 _____ () C:\Users\mike2\AppData\Local\recently-used.xbel
2015-09-15 13:39 - 2015-09-15 13:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Mike\AppData\Local\Temp\InstHelper.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-29 06:09

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by mike (2016-02-01 10:22:31)
Running from C:\Users\mike2\Downloads
Windows 10 Pro (X64) (2015-09-15 19:02:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1908314208-3067588216-3482629810-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1908314208-3067588216-3482629810-503 - Limited - Disabled)
Guest (S-1-5-21-1908314208-3067588216-3482629810-501 - Limited - Disabled)
mike (S-1-5-21-1908314208-3067588216-3482629810-1001 - Administrator - Enabled) => C:\Users\mike2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS B15.0630.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE)
@BIOS B15.0630.1 (x32 Version: 3.00.0000 - GIGABYTE) Hidden
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.16 - Adobe Systems)
APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.15.1228 - Gigabyte)
APP Center (x32 Version: 1.15.1228 - Gigabyte) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Audio Record Wizard (HKLM-x32\...\Audio Record Wizard) (Version: 7.16 - NowSmart)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.911.151222 - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DJI NAZAM Assistant version 2.20 (HKLM-x32\...\{407BF034-D1D3-4397-8887-72FE329100D8}_is1) (Version: 2.20 - DJI)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
ESET NOD32 Antivirus (HKLM\...\{5F2AE448-CD4B-40BD-B245-5F0CD06A09B0}) (Version: 8.0.319.0 - ESET, spol s r. o.)
EZSetup B15.0811.1 (HKLM-x32\...\InstallShield_{9EAB60B6-70FE-4EC7-8DF4-54773E4EAC05}) (Version: 1.00.0000 - GIGABYTE)
EZSetup B15.0811.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Fast Boot (HKLM-x32\...\InstallShield_{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.15.0626 - GIGABYTE)
Fast Boot (x32 Version: 1.15.0626 - GIGABYTE) Hidden
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
H&R Block Deluxe + Efile + State 2015 (HKLM-x32\...\{E7BFC29A-9459-4534-9E35-BF1D66A18BAA}) (Version: 15.05.3801 - HRB Technology, LLC.)
iFunbox (v3.0.3109.1352) (HKLM-x32\...\iFunbox_is1) (Version: v3.0.3109.1352 - iFunbox DevTeam)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4279 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mp3tag v2.71 (HKLM-x32\...\Mp3tag) (Version: v2.71 - Florian Heidenreich)
MP4Tools v3.1 (HKLM-x32\...\MP4Tools_is1) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.3 - Notepad++ Team)
NVIDIA 3D Vision Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
ON_OFF Charge 2 B15.0709.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B15.0709.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 12.0 - PlotSoft LLC)
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7200 - Realtek Semiconductor Corp.)
ScanSnap (x32 Version: 5.1.30.19 - PFU Limited) Hidden
ScanSnap (x32 Version: 5.1.81.1 - PFU Limited) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.1L81 - PFU)
ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V4.1L30 - PFU)
ScanSnap Organizer (x32 Version: 4.1.30.16 - PFU LIMITED) Hidden
Screencast-O-Matic v2.0 (HKLM-x32\...\Screencast-O-Matic v2.0) (Version: v2.0 - Screencast-O-Matic)
SIV (HKLM-x32\...\InstallShield_{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.15.0701 - GIGABYTE)
SIV (x32 Version: 1.15.0701 - GIGABYTE) Hidden
Smart Recovery 2 B15.1002.1 (x64) (HKLM-x32\...\{BC1FA5CF-A36F-4C61-9638-09D0B431B006}) (Version: 1.00.0003 - GIGABYTE)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
USB Electronic Scale (HKLM-x32\...\{D1E777C3-B26E-4E91-8B09-0A19B259A805}) (Version: 1.00.5000 - NA)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VTuner (HKLM-x32\...\InstallShield_{C381226E-C402-4976-9411-54282F1396D3}) (Version: 1.15.0626 - GIGABYTE)
VTuner (x32 Version: 1.15.0626 - GIGABYTE) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1908314208-3067588216-3482629810-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\mike2\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03B5E5FB-71D7-4C82-83AF-08E994563A25} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {05519631-D420-4811-9071-017314B95A53} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {09149F7C-F748-4E51-B915-D489F652F693} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {129DA2ED-6C8E-4D1A-ABAB-1B32156145DF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-12] (Microsoft Corporation)
Task: {1D9FAA05-CD3C-49C9-AD2A-23639D9EC7FE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {228D26D0-EDC4-4BB1-A1DB-5636ECFA94BE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {22A3374B-ACB8-4027-BC70-3A17C682E5C1} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {24E58AFB-6439-4B59-83DC-EAB10DA00BC5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {32195EB4-319F-40A1-8F14-9872103C7E9C} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {3576F0E5-F7B1-4D72-8A16-EF95FA3D8C9C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {361A75D8-04E5-4839-8116-E5152A97BFF4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {3C535AFB-939A-4475-8AE6-4AC86DC6A6D3} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3C5B88DD-463C-41DA-B7EC-69AB02AAB118} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3D226ADF-9E71-49C0-8685-E32E89E8C33A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4DC7BBBF-E891-481D-A21C-DB0E8199B4C3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {53C02F48-3D94-4E43-928C-92DB6AF52AF4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {572AF016-6A67-4590-86A6-F1FD28F45571} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5AE52F55-FCF5-48DF-8273-7308FD3B9C57} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {6234CB44-E24C-45C4-812B-FDFCEB011704} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {63A9162F-C9FA-4932-A37E-F8BDA6769068} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {66B583A9-6551-4572-A2B7-683446169932} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {66E738B1-9F24-47D8-8747-FEAB5974F293} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {6CFCE2B2-18B7-47DA-93B6-95619056045D} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {70A9B82E-4C5D-4C18-9C94-17AF6207047E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {7B55AEE8-55D1-437E-A994-66E660893EBD} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {902D4535-BECF-4877-87D4-50866FC84E7A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {9282708F-7415-4710-ABD6-ACED0B27389D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {99EFA801-1C03-4A5F-B579-2C0200DDA744} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A0AC53B9-B853-4953-99D9-79219D6575FC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-15] (Adobe Systems Incorporated)
Task: {A20B2CAE-96B0-4388-B8C9-A8AC43E1FEAA} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {B0B8AAA7-5B36-4FE8-8861-E1CFF3D2E50C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B4195639-26E4-4784-B841-95BC74647C9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-15] (Google Inc.)
Task: {BB18E515-71DE-4C43-A638-85B73DB6B4E1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {BBE6B983-34C7-4BD5-A1AF-86754E89D51D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BD080909-5F77-4236-B825-8892A199C16C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C381DECC-33AB-4537-BB55-063A6AAB6A62} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-15] (Google Inc.)
Task: {CB86918D-10C9-412E-A743-479E000055DA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CC39031E-D3D2-454E-8BFA-D6D671625559} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {D14A3CA5-1BFE-47CB-8D48-FBF71ABA923F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {E221E128-9978-491C-A381-D30FFC58ABA9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {E82A69F2-1EDA-4A13-94B8-CA7001DC3CCA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {EA7DBEBB-5A89-41BC-8605-E47B880BDB2A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {FC3D6CBB-CAE0-4B20-A25C-278294172A45} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {FE4F8D55-D007-476A-97D8-4B46648FD85F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-09-15 17:36 - 2015-09-15 17:36 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-10-31 08:18 - 2015-10-13 12:26 - 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-15 17:36 - 2015-09-15 17:36 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-04-14 15:27 - 2015-04-14 15:27 - 00016896 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
2015-02-13 03:20 - 2015-02-13 03:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-01 08:23 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 08:23 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-30 09:52 - 2015-07-30 09:52 - 01244456 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe
2015-10-01 08:22 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 05:59 - 2015-07-10 05:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-12-09 12:28 - 2015-11-24 23:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-09 12:28 - 2015-11-24 23:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-09 12:28 - 2015-11-24 23:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 08:23 - 2015-09-17 00:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-12-09 12:28 - 2015-11-24 23:18 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2015-10-01 08:23 - 2015-09-17 00:43 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-12-09 12:28 - 2015-11-24 23:17 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-10-07 12:50 - 2015-07-27 20:46 - 00592384 _____ () C:\Program Files (x86)\i-Funbox DevTeam\exifext_x64.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 00306960 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2016-01-26 05:28 - 2016-01-26 05:28 - 00015872 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.122.14020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-01-26 05:28 - 2016-01-26 05:28 - 14870016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.122.14020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-20 05:16 - 2015-11-20 05:16 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.122.14020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-01-13 06:10 - 2016-01-13 06:10 - 00173056 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.7.1041.0_x64__8wekyb3d8bbwe\CellNativeClientUniversal.dll
2015-09-15 14:30 - 2015-09-15 14:30 - 04485808 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.7.1041.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll
2015-09-15 14:30 - 2015-09-15 14:30 - 07502848 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.7.1041.0_x64__8wekyb3d8bbwe\Microsoft.Xbox.Services.dll
2015-09-15 14:30 - 2015-09-15 14:30 - 01384960 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.7.1041.0_x64__8wekyb3d8bbwe\cpprest140_uwp_2_6.dll
2016-01-28 06:16 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-01-28 06:16 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-01-28 06:16 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-01-28 06:16 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-01-28 06:16 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-01-22 13:53 - 2014-01-22 13:53 - 01607680 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\BDR_info.dll
2015-02-16 10:47 - 2015-02-16 10:47 - 00105472 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\ycc.dll
2015-09-15 05:58 - 2013-09-16 11:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-04-14 14:05 - 2015-04-14 14:05 - 01974272 _____ () C:\Program Files (x86)\Gigabyte\SIV\MFCCPU.dll
2015-02-16 10:47 - 2015-02-16 10:47 - 00105472 _____ () C:\Program Files (x86)\Gigabyte\SIV\ycc.dll
2014-12-11 17:40 - 2014-12-11 17:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2015-09-15 16:45 - 2015-04-14 15:50 - 00385024 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
2015-09-15 16:45 - 2015-04-14 15:49 - 00233472 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
2015-09-15 16:45 - 2003-03-26 17:46 - 00135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2015-09-15 16:45 - 2010-08-24 16:56 - 00167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
2016-01-28 17:23 - 2016-01-27 12:39 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libglesv2.dll
2016-01-28 17:23 - 2016-01-27 12:39 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libegl.dll
2016-01-28 17:23 - 2016-01-27 12:39 - 16799048 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\mike2\Desktop\USB Scale Drivers.exe:$DEPRIMARY

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1908314208-3067588216-3482629810-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "USB Electronic Scale"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{A69130BF-8F03-4902-A139-6596A62F1B3A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{55CE817F-4D47-41A3-BB61-EF55AFD54B94}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{807DE36F-7C07-43F4-A3C1-76088CB2765C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EFDA9BBF-9D48-43CE-844A-C3AD71C03876}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B617A118-01CB-4F20-BC71-5AD1B5F2DA54}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8F7A2796-FB10-4EC6-8350-82FC5D7258C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9374BD43-386E-4115-B886-33798E2FB504}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6CDC1958-45B3-4097-AA4D-8933986D884B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{83A34FA9-9B29-4F39-ABA7-C88E41A16DC5}C:\program files (x86)\gigabyte\appcenter\gbupdate.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gbupdate.exe
FirewallRules: [UDP Query User{AC53A43B-C2A1-452F-A394-4AB3B488AC10}C:\program files (x86)\gigabyte\appcenter\gbupdate.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gbupdate.exe
FirewallRules: [TCP Query User{A085BD75-383D-408F-973E-C9EBB81AA4A4}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe
FirewallRules: [UDP Query User{EA3A98B9-8163-4114-9FAE-8EAB28C97F52}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe
FirewallRules: [{ACBA982E-3538-4EC3-B7EA-BF79861A7DF7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8BC5CF03-157F-4667-A2B3-A2A1C21A26B4}] => (Allow) LPort=2869
FirewallRules: [{1E3715F0-6A50-4C4A-A47E-E29F81DF25EA}] => (Allow) LPort=1900
FirewallRules: [{988F3B3D-8396-400B-A8EB-70227BDCE2AC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D3B0A658-7666-40B6-90FB-93DF5D737789}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

10-01-2016 17:35:55 Windows Update
18-01-2016 06:24:55 Scheduled Checkpoint
27-01-2016 06:11:41 Scheduled Checkpoint
30-01-2016 06:24:11 Removed APP Center
31-01-2016 07:27:42 Installed Remote Control USB Driver
01-02-2016 09:57:17 Restore Operation

==================== Faulty Device Manager Devices =============

Name: Intel® HD Graphics 4600
Description: Intel® HD Graphics 4600
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2016 10:07:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (02/01/2016 10:07:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (02/01/2016 10:07:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22

Error: (02/01/2016 10:07:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21

Error: (02/01/2016 10:07:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20

Error: (02/01/2016 10:07:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19

Error: (02/01/2016 10:07:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18

Error: (02/01/2016 10:07:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17

Error: (02/01/2016 10:07:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 16

Error: (02/01/2016 10:07:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 15


System errors:
=============
Error: (02/01/2016 10:07:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/01/2016 10:05:51 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The dmwappushsvc service hung on starting.

Error: (02/01/2016 10:03:50 AM) (Source: DCOM) (EventID: 10010) (User: Qube)
Description: CortanaUI.AppXp81wz6pza5f41400crqbvnefb3af4vqa.mca

Error: (02/01/2016 10:03:50 AM) (Source: DCOM) (EventID: 10010) (User: Qube)
Description: CortanaUI.AppXr0dtzccx33hvam1xwfz3c1354p6222qd.mca

Error: (02/01/2016 10:03:20 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.

Error: (02/01/2016 10:02:50 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

Error: (02/01/2016 10:02:20 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

Error: (02/01/2016 10:01:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (02/01/2016 10:01:17 AM) (Source: DCOM) (EventID: 10010) (User: Qube)
Description: Cortana.ActionUris.ActionUri

Error: (02/01/2016 10:01:17 AM) (Source: DCOM) (EventID: 10010) (User: Qube)
Description: Cortana.ActionUris.ActionUri


CodeIntegrity:
===================================
Date: 2016-02-01 09:45:49.402
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-10 09:13:53.325
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-10 09:13:53.300
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-10 09:13:53.267
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-10 09:13:53.207
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-10 09:13:53.188
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-10 09:13:53.169
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-10 09:13:52.567
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-10 09:13:52.464
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-10 09:13:06.133
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 35%
Total physical RAM: 8083.05 MB
Available physical RAM: 5179.48 MB
Total Virtual: 16275.05 MB
Available Virtual: 12721.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.03 GB) (Free:110.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 6F3AE172)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 01 February 2016 - 02:59 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:42 AM

Posted 01 February 2016 - 03:03 PM

Greetings mcpaul and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Does this make any sense to you?

C:\Users\mike2\Desktop\USB Scale Drivers.exe:$DEPRIMARY

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
Task: {1D9FAA05-CD3C-49C9-AD2A-23639D9EC7FE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {228D26D0-EDC4-4BB1-A1DB-5636ECFA94BE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3576F0E5-F7B1-4D72-8A16-EF95FA3D8C9C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3D226ADF-9E71-49C0-8685-E32E89E8C33A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4DC7BBBF-E891-481D-A21C-DB0E8199B4C3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {53C02F48-3D94-4E43-928C-92DB6AF52AF4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6234CB44-E24C-45C4-812B-FDFCEB011704} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {B0B8AAA7-5B36-4FE8-8861-E1CFF3D2E50C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BBE6B983-34C7-4BD5-A1AF-86754E89D51D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BD080909-5F77-4236-B825-8892A199C16C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CB86918D-10C9-412E-A743-479E000055DA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Launching Chrome Without Plugins or Extensions

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type in chrome --incognito and press Enter
  • Check the browser behavior
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Recognize entry?
  • Fixlog
  • RogueKiller log
  • MiniToolBox report
  • How does Chrome perform?
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 mcpaul

mcpaul
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 01 February 2016 - 07:15 PM

Hi Gary, 
 
I appreciate your assistance! My name is Mike.
 
Hopefully I'm providing everything you asked for:
  • Recognize entry: USB Scale Drivers.exe is a self-extracting zip file containing drivers for a USB postage scale I have, so yes, I do recognize that, though I'm not sure what $DEPRIMARY means.
  • Fixlog: attached
  • RogueKiller log: attached; note this wasn't created automatically though I was able to generate it manually,
  • MiniToolBox reporta: attached
  • How does Chrome perform?: performs as expected (no pop-up), but the problem only seems to occur when first logging into the PC.
  • System Summary Information: attached
Thanks again!

Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by mike (2016-02-01 17:20:51) Run:1
Running from C:\Users\mike2\Desktop
Loaded Profiles: mike (Available Profiles: mike & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
Task: {1D9FAA05-CD3C-49C9-AD2A-23639D9EC7FE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {228D26D0-EDC4-4BB1-A1DB-5636ECFA94BE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <====
ATTENTION
Task: {3576F0E5-F7B1-4D72-8A16-EF95FA3D8C9C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3D226ADF-9E71-49C0-8685-E32E89E8C33A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4DC7BBBF-E891-481D-A21C-DB0E8199B4C3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {53C02F48-3D94-4E43-928C-92DB6AF52AF4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6234CB44-E24C-45C4-812B-FDFCEB011704} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {B0B8AAA7-5B36-4FE8-8861-E1CFF3D2E50C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BBE6B983-34C7-4BD5-A1AF-86754E89D51D}
- \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BD080909-5F77-4236-B825-8892A199C16C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CB86918D-10C9-412E-A743-479E000055DA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
*****************

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
idsvc => service removed successfully
wfpcapture => service removed successfully
wpcsvc => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D9FAA05-CD3C-49C9-AD2A-23639D9EC7FE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D9FAA05-CD3C-49C9-AD2A-23639D9EC7FE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{228D26D0-EDC4-4BB1-A1DB-5636ECFA94BE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{228D26D0-EDC4-4BB1-A1DB-5636ECFA94BE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3576F0E5-F7B1-4D72-8A16-EF95FA3D8C9C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3576F0E5-F7B1-4D72-8A16-EF95FA3D8C9C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D226ADF-9E71-49C0-8685-E32E89E8C33A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D226ADF-9E71-49C0-8685-E32E89E8C33A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4DC7BBBF-E891-481D-A21C-DB0E8199B4C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DC7BBBF-E891-481D-A21C-DB0E8199B4C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53C02F48-3D94-4E43-928C-92DB6AF52AF4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53C02F48-3D94-4E43-928C-92DB6AF52AF4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6234CB44-E24C-45C4-812B-FDFCEB011704}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6234CB44-E24C-45C4-812B-FDFCEB011704}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F4C3A2F-D807-437E-BAA4-10DF9721ED47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F4C3A2F-D807-437E-BAA4-10DF9721ED47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0B8AAA7-5B36-4FE8-8861-E1CFF3D2E50C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0B8AAA7-5B36-4FE8-8861-E1CFF3D2E50C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Task: {BBE6B983-34C7-4BD5-A1AF-86754E89D51D} => key not found.
- \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD080909-5F77-4236-B825-8892A199C16C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD080909-5F77-4236-B825-8892A199C16C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CB86918D-10C9-412E-A743-479E000055DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB86918D-10C9-412E-A743-479E000055DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully

==== End of Fixlog 17:20:51 ====
MiniToolBox by Farbar Version: 02-11-2015
Ran by mike (administrator) on 01-02-2016 at 18:35:50
Running from "C:\Users\mike2\Desktop"
Microsoft Windows 10 Pro (X64)
Model: H81M-HD3 Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Qube
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 40-8D-5C-36-A6-16
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::40dc:989a:ebf9:c7dc%4(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.22(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, February 01, 2016 10:01:42 AM
Lease Expires . . . . . . . . . . : Tuesday, February 02, 2016 10:01:42 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 239111516
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-89-B2-CD-40-8D-5C-36-A6-16
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{8E1988F0-21DB-4FEC-B23A-CC9A367D9C21}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:108d:15d8:b605:6d49(Preferred)
Link-local IPv6 Address . . . . . : fe80::108d:15d8:b605:6d49%2(Preferred)
Default Gateway . . . . . . . . . : ::
DHCPv6 IAID . . . . . . . . . . . : 134217728
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-89-B2-CD-40-8D-5C-36-A6-16
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: router.asus.com
Address: 192.168.0.1

Name: google.com
Addresses: 2607:f8b0:400d:c04::65
173.194.206.101
173.194.206.139
173.194.206.100
173.194.206.138
173.194.206.113
173.194.206.102


Pinging google.com [173.194.206.102] with 32 bytes of data:
Reply from 173.194.206.102: bytes=32 time=26ms TTL=43
Reply from 173.194.206.102: bytes=32 time=23ms TTL=43

Ping statistics for 173.194.206.102:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 23ms, Maximum = 26ms, Average = 24ms
Server: router.asus.com
Address: 192.168.0.1

Name: yahoo.com
Addresses: 2001:4998:58:c02::a9
2001:4998:44:204::a7
2001:4998:c:a06::2:4008
98.138.253.109
206.190.36.45
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=32ms TTL=48
Reply from 98.139.183.24: bytes=32 time=33ms TTL=48

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 32ms, Maximum = 33ms, Average = 32ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
4...40 8d 5c 36 a6 16 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
3...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
2...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.22 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.22 276
192.168.0.22 255.255.255.255 On-link 192.168.0.22 276
192.168.0.255 255.255.255.255 On-link 192.168.0.22 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.22 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.22 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
2 306 ::/0 On-link
1 306 ::1/128 On-link
2 306 2001::/32 On-link
2 306 2001:0:5ef5:79fd:108d:15d8:b605:6d49/128
On-link
4 276 fe80::/64 On-link
2 306 fe80::/64 On-link
2 306 fe80::108d:15d8:b605:6d49/128
On-link
4 276 fe80::40dc:989a:ebf9:c7dc/128
On-link
1 306 ff00::/8 On-link
4 276 ff00::/8 On-link
2 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67072] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)

**** End of log ****
RogueKiller V11.0.10.0 [Feb 1 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : mike [Administrator]
Started from : C:\Users\mike2\Desktop\RogueKiller.exe
Mode : Scan -- Date : 02/01/2016 18:30:25

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 1 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SSD2SC24 0G1SA754D117-820 SCSI Disk Device +++++
--- User ---
[MBR] 07823f2981dd5ecb7550b960bdaa3457
[BSP] 7c294b8b8b09d7310d8334c1c9ae0a13 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 228384 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 467937280 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
--- User ---
[MBR] 7222e567610288a82337087745add40a
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 32768 | Size: 60431 MB [Unknown Bootstrap | Unknown Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

Attached Files


Edited by Oh My!, 01 February 2016 - 07:27 PM.


#4 mcpaul

mcpaul
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 01 February 2016 - 07:25 PM

Ignore; I thought it was fixed but it is not.


Edited by mcpaul, 01 February 2016 - 07:29 PM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:42 AM

Posted 01 February 2016 - 07:40 PM

Hi Mike,


If you could copy and paste your reports into the reply screen that would make things easier.

Can you tell me how Internet Explorer and Firefox are working.

Please do this.

===================================================

RogueKiller Selecting Deletions

--------------------
  • Close any open programs
  • Please disconnect any USB or external drives from the computer before you run the scan
  • For Vista/7 users right click on the RogueKiller icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Allow the Prescan to finish
  • Click Scan
  • When the Status box shows Scan Finished place a checkmark in the following and select Delete

[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Found

  • Click Report
  • Copy and paste the contents of the report in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
AlternateDataStreams: C:\Users\mike2\Desktop\USB Scale Drivers.exe:$DEPRIMARY
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log
  • Fixlog

Edited by Oh My!, 01 February 2016 - 08:45 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 mcpaul

mcpaul
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 02 February 2016 - 08:13 AM

Hey Gary,

 

Internet Explorer appears to work normally, no pop-ups when using it. I don't have Firefox installed.

 

BTW, in my original post I mentioned that the original problem was with IE opening these ads when first logging into the computer. I had 'removed' IE via the control panel and the behavior moved to Chrome. I neglected to mention that I had tried going back as far as I could with a system restore which did not solve the problem. I then restored using the most recent restore point available. This moved the offending browser back to IE (so the ads are now using IE). BTW, this was all done before opening this case; I'm not making any changes unless instructed  :)

 

I ran RogueKiller last night, removing the entry as instructed. Unfortunately I lost the log because I pasted it into a reply to this thread without saving it and when I ran Farbar's Recovery scan tool it closed the browser.

 

The fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by mike (2016-02-01 22:00:25) Run:3
Running from C:\Users\mike2\Desktop
Loaded Profiles: mike (Available Profiles: mike & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
AlternateDataStreams: C:\Users\mike2\Desktop\USB Scale Drivers.exe:$DEPRIMARY
*****************
 
C:\Users\mike2\Desktop\USB Scale Drivers.exe => ":$DEPRIMARY" ADS removed successfully.
 
==== End of Fixlog 22:00:25 ====
 
RogueKiller log from this morning (the PUP was removed last night and did not return):
 
RogueKiller V11.0.10.0 [Feb  1 2016] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : mike [Administrator]
Started from : C:\Users\mike2\Desktop\RogueKiller.exe
Mode : Scan -- Date : 02/02/2016 07:48:21
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SSD2SC24 0G1SA754D117-820 SCSI Disk Device +++++
--- User ---
[MBR] 07823f2981dd5ecb7550b960bdaa3457
[BSP] 7c294b8b8b09d7310d8334c1c9ae0a13 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 228384 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 467937280 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
--- User ---
[MBR] 7222e567610288a82337087745add40a
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 32768 | Size: 60431 MB [Unknown Bootstrap | Unknown Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 

 



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:42 AM

Posted 02 February 2016 - 02:44 PM

Hi Mike,

Do you have other computers attached to the same wireless routers and if so are they experiencing any problems?

Please do this.

===================================================

Zoek by Smeenk - Running Commands and Performing a Scan

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected
  • Click More Options and place a check mark in the following boxes:

Do a Deep Scan

  • Copy and paste the following into the main white box

createsrpoint;
installedprogs;
chromelook;
autoclean;
emptyalltemp;
resethosts;

  • Click Run Script and wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Other computers?
  • Zoek report
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 mcpaul

mcpaul
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 02 February 2016 - 05:20 PM

Hey Gary,

 

I have another desktop (the issue is on a desktop) and a laptop; neither have any issues.

 

After running Zoek it asked me to reboot. I did not experience the issue after logging back in. I will do another restart after posting the log.

 

Edit: I rebooted twice and am not getting the browser pop-up. However, it is now taking  ~ 4 minutes to get from the login to the desktop (this used to take ~ 15-20 seconds).

Edit2: the last restart took ~ 8 minutes. But it seems if I do a full shutdown and power back up, it takes ~ 5 seconds to get from login to desktop. I don't get it. The good news is still no ads.

 

Zoek log
 
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by mike on Tue 02/02/2016 at 15:27:00.96.
Microsoft Windows 10 Pro 10.0.10240  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\mike2\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]
 
==== System Restore Info ======================
 
2/2/2016 3:28:19 PM Zoek.exe System Restore Point Created Successfully.
 
==== Reset Hosts File ======================
 
# Copyright © 1993-2006 Microsoft Corp. 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# For example: 
#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
127.0.0.1       localhost 
 
==== Empty Folders Check ======================
 
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\PlotSoft deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\DefaultAppPool\AppData\LocalLow deleted successfully
C:\Users\Mike\AppData\Local\PeerDistRepub deleted successfully
C:\Users\mike2\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Installed Programs ======================
 
@BIOS B15.0630.1  
Adobe Acrobat X Standard - English, Fran‡ais, Deutsch  
Adobe Refresh Manager  
APP Center  
Apple Application Support (32-bit)  
Apple Application Support (64-bit)  
Apple Mobile Device Support  
Apple Software Update  
Ashampoo Burning Studio FREE v.1.14.5  
Audacity 2.1.1  
Audio Record Wizard  
Avidemux 2.6 - 64 bits  
Bonjour  
D3DX10  
DJI NAZAM Assistant version 2.20  
DVD Shrink 3.2  
ESET NOD32 Antivirus  
EZSetup B15.0811.1  
Fast Boot  
Fitbit Connect  
GIMP 2.8.14  
Google Chrome  
Google Update Helper  
H&R Block Deluxe + Efile + State 2015  
iFunbox (v3.0.3109.1352)  
ImgBurn  
Intel® Management Engine Components  
Intel® Processor Graphics  
Intel® USB 3.0 eXtensible Host Controller Driver  
Intelr Trusted Connect Service Client  
iTunes  
LAME v3.99.3 (for Windows)  
LastPass (uninstall only)  
Malwarebytes Anti-Malware version 2.2.0.1024  
Microsoft .NET Framework 4.5.2  
Microsoft Application Error Reporting  
Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64)  
Microsoft Office 2007 Service Pack 3 (SP3)  
Microsoft Office Access MUI (English) 2007  
Microsoft Office Access Setup Metadata MUI (English) 2007  
Microsoft Office Excel MUI (English) 2007  
Microsoft Office File Validation Add-In  
Microsoft Office Groove MUI (English) 2007  
Microsoft Office Groove Setup Metadata MUI (English) 2007  
Microsoft Office InfoPath MUI (English) 2007  
Microsoft Office Office 64-bit Components 2007  
Microsoft Office OneNote MUI (English) 2007  
Microsoft Office Outlook MUI (English) 2007  
Microsoft Office PowerPoint MUI (English) 2007  
Microsoft Office Proof (English) 2007  
Microsoft Office Proof (French) 2007  
Microsoft Office Proof (Spanish) 2007  
Microsoft Office Proofing (English) 2007  
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)  
Microsoft Office Publisher MUI (English) 2007  
Microsoft Office Shared 64-bit MUI (English) 2007  
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007  
Microsoft Office Shared MUI (English) 2007  
Microsoft Office Shared Setup Metadata MUI (English) 2007  
Microsoft Office Ultimate 2007  
Microsoft Office Word MUI (English) 2007  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030  
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030  
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030  
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030  
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030  
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030  
Movie Maker  
Mp3tag v2.71  
MP4Tools v3.1  
MSVCRT  
MSVCRT110  
MSVCRT110_amd64  
Notepad++  
NVIDIA 3D Vision Driver 341.92  
NVIDIA Control Panel 341.92  
NVIDIA Graphics Driver 341.92  
NVIDIA HD Audio Driver 1.3.30.1  
NVIDIA Install Application  
NVIDIA Stereoscopic 3D Driver  
NVIDIA Update 10.4.0  
NVIDIA Update Core  
ON_OFF Charge 2 B15.0709.1  
PDFill PDF Editor with FREE Writer and FREE Tools  
Photo Common  
Photo Gallery  
Platform  
Realtek Ethernet Controller Driver  
Realtek High Definition Audio Driver  
ScanSnap  
ScanSnap Manager  
ScanSnap Organizer  
Screencast-O-Matic v2.0  
Security Update for Microsoft Office 2007 suites (KB2596650) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2687409) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2881067) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB3085549) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB3085616) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB3085620) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB3114541) 32-Bit Edition   
Security Update for Microsoft Office Access 2007 (KB2596614) 32-Bit Edition   
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3114457) 32-Bit Edition   
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3114546) 32-Bit Edition   
Security Update for Microsoft Office Excel 2007 (KB3114540) 32-Bit Edition   
Security Update for Microsoft Office InfoPath 2007 (KB2687406) 32-Bit Edition   
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition   
Security Update for Microsoft Office OneNote 2007 (KB2889915) 32-Bit Edition   
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition  
Security Update for Microsoft Office PowerPoint 2007 (KB3114429) 32-Bit Edition   
Security Update for Microsoft Office Publisher 2007 (KB2880506) 32-Bit Edition   
Security Update for Microsoft Office Word 2007 (KB3114549) 32-Bit Edition   
SIV  
Smart Recovery 2 B15.1002.1  (x64)  
Spybot - Search & Destroy  
TrueCrypt  
Update for 2007 Microsoft Office System (KB967642)  
Update for Microsoft Office 2007 Help for Common Features (KB963673)  
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition  
Update for Microsoft Office Access 2007 Help (KB963663)  
Update for Microsoft Office Excel 2007 Help (KB963678)  
Update for Microsoft Office Infopath 2007 Help (KB963662)  
Update for Microsoft Office OneNote 2007 Help (KB963670)  
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition  
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition  
Update for Microsoft Office Outlook 2007 Help (KB963677)  
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB3114544) 32-Bit Edition  
Update for Microsoft Office Powerpoint 2007 Help (KB963669)  
Update for Microsoft Office Publisher 2007 Help (KB963667)  
Update for Microsoft Office Script Editor Help (KB963671)  
Update for Microsoft Office Word 2007 Help (KB963665)  
USB Electronic Scale  
VIA Platform Device Manager  
VLC media player  
VTuner  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Installer  
Windows Live Photo Common  
Windows Live PIMT Platform  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  
 
==== Running Processes ======================
 
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Gigabyte\SIV\thermald.exe
C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
C:\Users\mike2\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
C:\Users\mike2\Desktop\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\USB Electronic Scale deleted
C:\install.exe deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
 
==== System Specs ======================
 
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 8084 MB
CPU Info: Intel® Core™ i7-4790K CPU @ 4.00GHz
CPU Speed: 3991.2 MHz
Sound Card: Speakers (Realtek High Definiti | 
Realtek Digital Output (Realtek | 
Realtek Digital Output(Optical) | 
Display Adapters: NVIDIA GeForce 210  | NVIDIA GeForce 210
Monitors: 1x; Dell S2415H(Analog) | 
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (D: | ) D: Optiarc DVD RW AD-7240S
Ports: COM1 LPT1
Mouse: 
Hard Disks: C:  223.0GB
Hard Disks - Free: C:  107.1GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 08/11/15 | BIOS Date: 08/11/15 11:41:45 Ver: 04.06.05
Time Zone: Eastern Standard Time
Motherboard *: Gigabyte Technology Co., Ltd. H81M-HD3
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Internet Explorer Version: 11.0.10240.16644 
Google Chrome version: 48.0.2564.97
 
==== Files Recently Created / Modified ======================
 
====== C:\WINDOWS ====
====== C:\Users\mike2\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2016-02-02 20:20:55 40C108033712EE4CD9B087EFD523F219 16148 ----a-w- C:\WINDOWS\Sysnative\QUBE_mike_HistoryPrediction.bin
2016-01-28 11:16:13 82446D358A9FB51CB9DA32A5C901D7A0 21040 ----a-w- C:\WINDOWS\Sysnative\sdnclean64.exe
====== C:\WINDOWS\Sysnative\drivers =====
2016-02-01 22:23:42 0C997B061E3C66BD9E927C1288EB1CC7 24688 ----a-w- C:\WINDOWS\Sysnative\drivers\TrueSight.sys
====== C:\WINDOWS\Tasks ======
2016-01-28 11:16:21 -------- d-----w- C:\WINDOWS\Sysnative\Tasks\Safer-Networking
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2016-01-28 11:19:49 -------- d-----w- C:\Program Files\Common Files\AV
2016-01-16 14:02:15 -------- d-----w- C:\Program Files\Avidemux 2.6 - 64 bits
======= C:\PROGRA~2 =====
2016-01-31 13:40:39 -------- d-----w- C:\PROGRA~2\Kaspersky Lab
2016-01-31 12:27:52 -------- d-----w- C:\PROGRA~2\COMMON~1\Remote Control Software Common
2016-01-31 12:27:48 -------- d-----w- C:\PROGRA~2\Logitech
2016-01-31 12:27:47 -------- d-----w- C:\PROGRA~2\COMMON~1\Remote Control USB Driver
2016-01-30 14:21:49 -------- d-----w- C:\PROGRA~2\PDF995
2016-01-30 14:21:49 -------- d-----w- C:\PROGRA~2\HRBlock2015
2016-01-16 14:12:20 -------- d-----w- C:\PROGRA~2\MP4Tools
2016-01-07 18:21:19 -------- d-----w- C:\PROGRA~2\Fitbit Connect
======= C: =====
====== C:\Users\mike2\AppData\Roaming ======
2016-02-01 19:45:59 FFB20AB71C87C9C427657445C2902D1F 8864 ----a-w- C:\Users\mike2\AppData\Local\recently-used.xbel
2016-01-31 13:44:33 -------- d-----w- C:\Users\mike2\AppData\Local\CEF
2016-01-28 11:18:18 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Programs
====== C:\Users\mike2 ======
2016-02-02 02:59:08 9C66241BD72D865E4046F73550F01262 7922688 ----a-w- C:\Users\mike2\Desktop\USB Scale Drivers.exe
2016-02-01 23:34:33 2723697065B733FCAE91765B70CEBA8C 891392 ----a-w- C:\Users\mike2\Desktop\MiniToolBox.exe
2016-02-01 22:23:40 -------- d-----w- C:\ProgramData\RogueKiller
2016-02-01 22:22:19 F8149D21EBEEAB3F6EFEBE3EC6B11F6A 20943432 ----a-w- C:\Users\mike2\Desktop\RogueKiller.exe
2016-02-01 15:35:58 08C49265FB0299B4021DE13D7DF70F53 1508352 ----a-w- C:\Users\mike2\Downloads\AdwCleaner.exe
2016-02-01 15:20:59 E69E774B542236A4676FD58DB7926093 2370560 ----a-w- C:\Users\mike2\Desktop\FRST64.exe
2016-01-31 13:40:39 -------- d-----w- C:\ProgramData\Kaspersky Lab
2016-01-31 13:39:49 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files
2016-01-31 12:28:21 -------- d-----w- C:\Users\mike2\Logitech
2016-01-31 12:27:07 F7FD134B7E0EF9DC4F2D0C802C0AF599 48357912 ----a-w- C:\Users\mike2\Downloads\LogitechHarmonyRemote7.7.0-WIN-x86.exe
2016-01-30 14:21:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2015
2016-01-30 14:20:57 -------- d-----w- C:\ProgramData\TaxCut
2016-01-30 11:24:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gigabyte
2016-01-16 14:12:22 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4Tools
2016-01-16 14:02:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux (64 bits)
2016-01-07 18:21:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
 
====== C: exe-files ==
2016-02-02 02:59:08 9C66241BD72D865E4046F73550F01262 7922688 ----a-w- C:\Users\mike2\Desktop\USB Scale Drivers.exe
2016-02-01 23:34:33 2723697065B733FCAE91765B70CEBA8C 891392 ----a-w- C:\Users\mike2\Desktop\MiniToolBox.exe
2016-02-01 22:22:19 F8149D21EBEEAB3F6EFEBE3EC6B11F6A 20943432 ----a-w- C:\Users\mike2\Desktop\RogueKiller.exe
2016-02-01 15:35:58 08C49265FB0299B4021DE13D7DF70F53 1508352 ----a-w- C:\Users\mike2\Downloads\AdwCleaner.exe
2016-02-01 15:20:59 E69E774B542236A4676FD58DB7926093 2370560 ----a-w- C:\Users\mike2\Desktop\FRST64.exe
2016-02-01 14:34:07 B594A4223F0E112441247EA4C8D48A7A 141090816 ----a-w- C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-e4d7e8e9.exe
2016-01-31 12:27:28 DCB85AC1C2214F8865C0814C8C445B31 10672 ----a-w- C:\Users\mike2\AppData\Local\Temp\{A424FCBD-720D-4AF7-81A1-06C8C8736F73}\dotnetinstaller.exe
2016-01-31 12:27:28 706F3B74145DA018125DBC85783ECE22 2914992 ----a-w- C:\Users\mike2\AppData\Local\Temp\{A424FCBD-720D-4AF7-81A1-06C8C8736F73}\{5C6F884D-680C-448B-B4C9-22296EE1B206}\USBLanDriver.exe
2016-01-31 12:27:28 1D461686B0E32F2DECB587C895A05402 120240 ----a-w- C:\Users\mike2\AppData\Local\Temp\{A424FCBD-720D-4AF7-81A1-06C8C8736F73}\ISBEW64.exe
2016-01-31 12:27:25 A205551E7BA8580D2C0FF896A4D79FA9 460248 ----a-w- C:\Users\mike2\AppData\Local\Temp\{D27CAF70-338F-4122-B5B1-0C4F7283B186}\Disk1\setup.exe
2016-01-31 12:27:07 F7FD134B7E0EF9DC4F2D0C802C0AF599 48357912 ----a-w- C:\Users\mike2\Downloads\LogitechHarmonyRemote7.7.0-WIN-x86.exe
2016-01-30 14:17:01 8FF745BD9377C773368D8D7F78D1220F 86016 ----a-w- C:\Users\mike2\Desktop\New folder\installers\Business\UTILITY\SetAtrib.exe
2016-01-30 14:17:01 4A70C7E39649FD1F4845C8ABF73C555E 395288 ----a-w- C:\Users\mike2\Desktop\New folder\installers\Business\UTILITY\HRBDiag15.exe
2016-01-30 14:17:01 04B88AF13B95D2D1CFAEE3B41DA1F00E 1357360 ----a-w- C:\Users\mike2\Desktop\New folder\installers\Business\UTILITY\Jet35sp3.exe
2016-01-30 14:16:59 342F79337765760AD4E392EB67D5ED2C 2585872 ----a-w- C:\Users\mike2\Desktop\New folder\installers\Business\SYSTEM\WinInst.exe
2016-01-30 14:16:48 53406E9988306CBD4537677C5336ABA4 889416 ----a-w- C:\Users\mike2\Desktop\New folder\installers\Business\SYSTEM\dotNetFx40_Full_setup.exe
2016-01-30 14:16:48 251743DFD3FDA414570524BAC9E55381 50449456 ----a-w- C:\Users\mike2\Desktop\New folder\installers\Business\SYSTEM\dotNetFx40_Full_x86_x64.exe
2016-01-30 14:16:11 AC397B24CCDD00A1A9A04D943BD3C924 20497848 ----a-w- C:\Users\mike2\Desktop\New folder\installers\Business\SETUP.EXE
2016-01-30 14:16:10 E8130C72BC6F19063D78291CFA21921E 187320 ----a-w- C:\Users\mike2\Desktop\New folder\installers\Business\HRBSetup.exe
2016-01-30 14:16:01 80201E8415FEA095136491CBDA9EF4F7 54482512 ----a-w- C:\Users\mike2\Desktop\New folder\installers\HRBlock_Premium+State_2015_CD.exe
2016-01-30 14:15:51 DB57465B720273D8BB82A115E4CBF47A 54488184 ----a-w- C:\Users\mike2\Desktop\New folder\installers\HRBlock_Home_Premium+State_2015_CD.exe
2016-01-30 14:15:41 F6F06667689D25C66AE8BA8ADB1F7EDE 54484760 ----a-w- C:\Users\mike2\Desktop\New folder\installers\HRBlock_Deluxe+State_2015_CD.exe
2016-01-30 14:15:30 013F1C18B14F0FF8550406222488AC1A 54491288 ----a-w- C:\Users\mike2\Desktop\New folder\installers\HRBlock_Deluxe_2015_CD.exe
2016-01-30 14:15:18 37BCD843F5216ED6A106052CA20200D3 9594120 ----a-w- C:\Users\mike2\Desktop\New folder\tcauto.exe
2016-01-30 14:15:18 0F74F032AD2123586476ECBB6783D818 334240 ----a-w- C:\Users\mike2\Desktop\New folder\tools\Diagnose.exe
2016-01-28 22:22:43 DB8D4B390D7B6F725A41BAA41E8D66AB 6070352 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\48.0.2564.97\48.0.2564.97_47.0.2526.111_chrome_updater_3stage.exe
2016-01-28 11:16:13 82446D358A9FB51CB9DA32A5C901D7A0 21040 ----a-w- C:\WINDOWS\System32\sdnclean64.exe
=== C: other files ==
2016-02-02 00:46:07 4FE1BB5CCA6C8234E1476655E6FA9F4F 98 ----a-w- C:\$Recycle.Bin\S-1-5-21-1908314208-3067588216-3482629810-1001\$I3ICYEC.zip
2016-02-01 23:40:22 9B6FCECCA04222079370A3BB4D2BED4D 385844 ----a-w- C:\$Recycle.Bin\S-1-5-21-1908314208-3067588216-3482629810-1001\$R3ICYEC.zip
2016-02-01 22:23:42 0C997B061E3C66BD9E927C1288EB1CC7 24688 ----a-w- C:\WINDOWS\System32\drivers\TrueSight.sys
2016-01-31 13:14:47 3BE2F77A5D6AC084B554273A6C9D975B 51062 ----a-w- C:\Users\mike2\AppData\Local\Microsoft\Windows\INetCache\IE\J2YJ0KI3\plugins[1].zip
2016-01-30 14:17:45 047E07AE040C109225BCB0CABFD3B90E 30229 ----a-w- C:\Users\mike2\Downloads\application.zip
2016-01-30 14:17:01 F80D08BC2FE11E31592AB7D83FF6154E 186686 ----a-w- C:\Users\mike2\Desktop\New folder\installers\Business\SYSTEM\UNINSTAL.ZIP
2016-01-30 14:17:01 C2F94CC231E02B640C1DBD3E9DA78092 651 ----a-w- C:\Users\mike2\Desktop\New folder\installers\Business\SYSTEM\SYSTEM.ZIP
2016-01-30 14:17:01 7835B29E09251BD5D4AD67996AB19349 56465 ----a-w- C:\Users\mike2\Desktop\New folder\installers\Business\SYSTEM\TCSTUB.ZIP
2016-01-30 14:17:01 6A381A73CC3C46CF01C8758766309573 337909 ----a-w- C:\Users\mike2\Desktop\New folder\installers\Business\SYSTEM\TCBGRA.ZIP
2016-01-30 14:17:01 2794AAE1B2F89F9A81F6B32580BF831F 117294 ----a-w- C:\Users\mike2\Desktop\New folder\installers\Business\SYSTEM\SUPPORT.ZIP
2016-01-30 14:17:00 E17EB38B544CB2BBA26C1B127B2B3F18 139037 ----a-w- C:\Users\mike2\Desktop\New folder\installers\Business\SYSTEM\EFILE.ZIP
2016-01-30 14:17:00 D4321825A2A13BA38330C68A0790747F 1015660 ----a-w- C:\Users\mike2\Desktop\New folder\installers\Business\SYSTEM\INTTCB.ZIP
2016-01-30 14:17:00 A86258BD0F409B50422E397A893E64FD 925996 ----a-w- C:\Users\mike2\Desktop\New folder\installers\Business\SYSTEM\GDIPLUS.ZIP
2016-01-30 14:17:00 2C56F02DD44F7F2B90984BCF7C6A168C 192684 ----a-w- C:\Users\mike2\Desktop\New folder\installers\Business\SYSTEM\MANIFEST.ZIP
2016-01-30 14:17:00 2C090B5160C7001E9DED76C094FF811C 18772 ----a-w- C:\Users\mike2\Desktop\New folder\installers\Business\SYSTEM\RIM.ZIP
2016-01-30 14:17:00 24404EEB8C4B6472F60102D8851B6EFD 404550 ----a-w- C:\Users\mike2\Desktop\New folder\installers\Business\SYSTEM\HELPTCB.ZIP
2016-01-30 14:17:00 1C7D8F5DD7D2ACC067047EABB47EB06C 8357 ----a-w- C:\Users\mike2\Desktop\New folder\installers\Business\SYSTEM\CHANGELO.ZIP
2016-01-30 14:16:59 D49167486503DC4E963919CC1E26203E 1977268 ----a-w- C:\Users\mike2\Desktop\New folder\installers\Business\SYSTEM\ATXEXE.ZIP
2016-01-30 14:16:59 B5B5FEDCFD012DBCA1F68ED48EBEBBFD 65777 ----a-w- C:\Users\mike2\Desktop\New folder\installers\Business\SYSTEM\ATX2015.ZIP
2016-01-30 14:16:35 51B1DF619D954D8C368F58B457B3711B 55684978 ----a-w- C:\Users\mike2\Desktop\New folder\installers\Business\FORMS\szp.zip
2016-01-30 14:16:16 A797D2C3BCA2FC414E403FBB2F0ECA16 70284325 ----a-w- C:\Users\mike2\Desktop\New folder\installers\Business\FORMS\rzp.zip
2016-01-30 14:16:16 2A80B3CD8845BFD27A56BCCD2A63E150 1670 ----a-w- C:\Users\mike2\Desktop\New folder\installers\Business\FORMS\rev.zip
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"
 
[HKEY_USERS\S-1-5-21-1908314208-3067588216-3482629810-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\mike2\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"iFunBox"="C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe /tray"
"Fitbit Connect"="C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe /autorun"
"SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"USB Electronic Scale"="C:\Program Files (x86)\USB Electronic Scale\scale.exe /s"
"Adobe Acrobat Speed Launcher"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
"Fitbit Connect"="C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe /autorun"
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SIV"="C:\Program Files (x86)\Gigabyte\SIV\sivro.exe"
"PreRun"="C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\mike2\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"iFunBox"="C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe /tray"
"Fitbit Connect"="C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe /autorun"
"SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
 
==== Task Scheduler Jobs ======================
 
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/15/2015 08:11 AM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/15/2015 08:12 AM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/15/2015 08:12 AM]
 
==== Other Scheduled Tasks ======================
 
"C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe"]
"C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe"]
"C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe"]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn" [12/08/2015 10:00 PM]
 
==== Chromium Look ======================
 
Google Chrome Version: 46.0.2490.86
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
hdokiejnpimakedhajhdlcegeplioahd - No path found[]
 
Google Slides - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
BIODIGITAL HUMAN - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak
IconSmash - Free Icons - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahphhkpleajnegckhjiogcpojdjimcob
Duolingo on the Web - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl
Google Docs - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Shortcuts for Googleâ„¢ - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd
YouTube - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Add to Amazon Wish List - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced
Google Search - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Search Filter - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidhkmnbiahhgbgpjpiimdogfidfikgf
Google Calendar - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn
JavaScript Editor - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhkeonpomkliaedmafeniofidolfmdd
Google Finance - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp
Google Sheets - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
LastPass - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
PDF Mergy - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha
NPR Infinite Player - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpcelemhneoooapbbopolpjhmbfmnbf
Google Voice (by Google) - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo
Chrome Hotword Shared Module - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
ShiftEdit - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcgmndephhjcabhhjfcmncnhbmgbkpij
Numerics Calculator & Converter - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe
Google Mail Checker - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff
A powerful unit converter with user focused design is making unit conversion full of joy. - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafkejlpknmikohhgdelefdeeieplkog
Chrome Web Store Payments - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
BIODIGITAL HUMAN - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak
IconSmash - Free Icons - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahphhkpleajnegckhjiogcpojdjimcob
Duolingo on the Web - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl
Google Docs - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Shortcuts for Googleâ„¢ - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd
YouTube - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Add to Amazon Wish List - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced
Google Search - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Search Filter - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidhkmnbiahhgbgpjpiimdogfidfikgf
Google Calendar - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn
JavaScript Editor - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhkeonpomkliaedmafeniofidolfmdd
Google Finance - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp
Google Sheets - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
LastPass - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
PDF Mergy - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha
NPR Infinite Player - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpcelemhneoooapbbopolpjhmbfmnbf
Google Voice (by Google) - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo
ShiftEdit - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcgmndephhjcabhhjfcmncnhbmgbkpij
Numerics Calculator & Converter - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe
Google Mail Checker - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff
A powerful unit converter with user focused design is making unit conversion full of joy. - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafkejlpknmikohhgdelefdeeieplkog
Chrome Web Store Payments - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - mike2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Chromium Fix ======================
 
C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage deleted successfully
C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage-journal deleted successfully
C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3l3lkinz3f56t.cloudfront.net_0.localstorage deleted successfully
C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3l3lkinz3f56t.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3l3lkinz3f56t.cloudfront.net_0.localstorage deleted successfully
C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3l3lkinz3f56t.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_workplaceservices110.fidelity.com_0.localstorage deleted successfully
C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_workplaceservices110.fidelity.com_0.localstorage-journal deleted successfully
C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_workplaceservices120.fidelity.com_0.localstorage deleted successfully
C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_workplaceservices120.fidelity.com_0.localstorage-journal deleted successfully
C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_workplaceservices120.fidelity.com_0.localstorage deleted successfully
C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_workplaceservices120.fidelity.com_0.localstorage-journal deleted successfully
C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_slickdeals.net_0.localstorage deleted successfully
C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_slickdeals.net_0.localstorage-journal deleted successfully
C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_slickdeals.net_0.localstorage deleted successfully
C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_slickdeals.net_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Policies\Chromium deleted successfully
 
==== HijackThis Entries ======================
 
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [USB Electronic Scale] C:\Program Files (x86)\USB Electronic Scale\scale.exe /s
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\RunOnce: [SIV] C:\Program Files (x86)\Gigabyte\SIV\sivro.exe
O4 - HKLM\..\RunOnce: [PreRun] C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\mike2\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [iFunBox] C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe /tray
O4 - HKCU\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Global Startup: Conversion to PDF with ScanSnap Organizer.lnk = ?
O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O4 - Global Startup: ScanSnap Manager.lnk = C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: LastPass - file://C:\Users\mike2\AppData\LocalLow\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\mike2\AppData\LocalLow\LastPass\context.html?cmd=fillforms
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Fitbit Connect Service (Fitbit Connect) - Fitbit, Inc. - C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
O23 - Service: GIGABYTE Adjust (gadjservice) - Unknown owner - C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HwmRecordService - GIGA-BYTE TECHNOLOGY CO., LTD. - C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Mike\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\mike2\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\mike2\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Mike\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\mike2\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\mike2\AppData\Local\Microsoft\Windows\INetCache\IE\1OKOKZCD will be deleted at reboot
C:\Users\mike2\AppData\Local\Microsoft\Windows\INetCache\IE\DTYIGXBW will be deleted at reboot
C:\Users\mike2\AppData\Local\Microsoft\Windows\INetCache\IE\J2YJ0KI3 will be deleted at reboot
C:\Users\mike2\AppData\Local\Microsoft\Windows\INetCache\IE\OYDJSZA8 will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\mike2\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=43 folders=16 20126103 bytes)
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\mike2\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\mike2\AppData\Local\Microsoft\Windows\INetCache\IE\1OKOKZCD" not found
"C:\Users\mike2\AppData\Local\Microsoft\Windows\INetCache\IE\DTYIGXBW" not found
"C:\Users\mike2\AppData\Local\Microsoft\Windows\INetCache\IE\J2YJ0KI3" not found
"C:\Users\mike2\AppData\Local\Microsoft\Windows\INetCache\IE\OYDJSZA8" not found
 
==== EOF on Tue 02/02/2016 at 17:14:07.14 ======================

Edited by mcpaul, 02 February 2016 - 06:03 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:42 AM

Posted 02 February 2016 - 07:01 PM

It sounds like the computer is hanging while shutting down programs/processes. You have a number of automatic startup items that don't really need to start and hog resources whether or not they are being used.

Please run this.

===================================================

HijackThis

--------------------
  • Download HijackThis and save it to your desktop
  • Double click the HijackThis icon, then select Run
  • If prompted select I Accept
  • Click on Do a system scan and save a logfile
  • Ignore any warning regarding the Hosts file
  • A report will be generated and will appear on your desktop as an open Notepad document
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • HijackThis log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 mcpaul

mcpaul
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 02 February 2016 - 09:11 PM

Well, the thing is it's not the closing down that's slow, it's the startup (or more precisely the logon process). On restart it closes down quickly and gets back to the Windows logon screen quickly but from password submission to the desktop takes forever.

 

HijackThis log:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:04:55 PM, on 2/2/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10240.16603)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Gigabyte\SIV\thermald.exe
C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
C:\Users\mike2\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\mike2\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [USB Electronic Scale] C:\Program Files (x86)\USB Electronic Scale\scale.exe /s
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\RunOnce: [SIV] C:\Program Files (x86)\Gigabyte\SIV\sivro.exe
O4 - HKLM\..\RunOnce: [PreRun] C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\mike2\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [iFunBox] C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe /tray
O4 - HKCU\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Global Startup: Conversion to PDF with ScanSnap Organizer.lnk = ?
O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O4 - Global Startup: ScanSnap Manager.lnk = C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: LastPass - file://C:\Users\mike2\AppData\LocalLow\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\mike2\AppData\LocalLow\LastPass\context.html?cmd=fillforms
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Fitbit Connect Service (Fitbit Connect) - Fitbit, Inc. - C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
O23 - Service: GIGABYTE Adjust (gadjservice) - Unknown owner - C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HwmRecordService - GIGA-BYTE TECHNOLOGY CO., LTD. - C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 13130 bytes


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:42 AM

Posted 02 February 2016 - 10:28 PM

Thank you for your patience and the information.

I would like to run 2 more scans but I don't think it is going to resolve the slow boot issue, which I believe is a system issue. My research indicates there may be several potential causes. We may need to end up asking for assistance in the Windows 10 Forum since my training is in malware.

Please do this.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program, this may take some time
  • Click on 2. Scan
  • Click Yes to detecting Potentially Unwanted Programs
  • Click Malware Scan
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Copy and paste or attach the report to your reply
  • Close the program then click Close
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon then click Run
  • Press any key to launch the program
  • Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • When completed a Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report
  • Security Check report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 mcpaul

mcpaul
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 03 February 2016 - 06:12 AM

Hi Gary,

 

As far as I'm concerned you have resolved my issue. I can do some troubleshooting of the issue with restarting from the OS on my own. I so seldom do this that I can't say when it started or even there is any possibility of a relationship with the adware issue. Re the adware, were you able to determine specifically what was causing it?

 

Emisoft log:

 

Emsisoft Emergency Kit - Version 11.0
Last update: 2/3/2016 6:01:13 AM
User account: Qube\mike
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 2/3/2016 6:01:43 AM
 
Scanned 80563
Found 0
 
Scan end: 2/3/2016 6:02:03 AM
Scan time: 0:00:20
 
 
Security check log: 
 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
ESET NOD32 Antivirus 8.0   
Windows Defender           
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Google Chrome (47.0.2526.111) 
 Google Chrome (48.0.2564.97) 
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Spybot Teatimer.exe is disabled! 
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Gigabyte SIV thermald.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 

 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:42 AM

Posted 03 February 2016 - 12:00 PM

Greetings,

It is hard to say but there were a number of Chrome entries removed by Zoek that were related to ad activity.

One thing I did find regarding the boot issue is that in Windows 8/10 it may be normal for a reboot to take longer to load than a cold boot, although I do have to say that the length of time it is taking seems to be abnormal. It has to do with the different computer states during the startup process. When a computer is completely shut down the state of the computer during shutdown is saved. So when you start up part of the work is done already. When you reboot, the start up has to start from scratch.

Is there anything else I can help you with?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 mcpaul

mcpaul
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 03 February 2016 - 12:58 PM

Gary,

 

We can close this out. Thanks for the information and a huge thanks for all of your help with this!!



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:42 AM

Posted 03 February 2016 - 01:31 PM

Very good.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a brief period of time in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users