Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help: Apparently insurmountable virus trouble.


  • This topic is locked This topic is locked
53 replies to this topic

#1 AlecGordon

AlecGordon

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 05 February 2016 - 10:08 AM

I've been lurking on here a while, I finally joined out of desperation. I got some kind of virus from downloading dodgy VSTs, and I can't get rid of it for the life on me.
I've run malwarebytes (and the chameleon version), ccleaner, adwcleaner (I think that's what it's called), hitman pro, MS security essentials, rkill and jrt, but the viruses subsist.
If I look at my access permissions, there are two new ones called creator owner and trusted installer. I can't change eithers permissions, and I can't always run in admin mode.
I ran all the scans on both regular and safe mode.
The viruses are called veediem, mindspark, babylon, yontoo and I think there were a few more.

I'm kind of at a loss as to what to do next. Does anyone have any suggestions? Any help would be greatly appreciated.
Thanks, Alec.

Edited by AlecGordon, 05 February 2016 - 10:10 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:09 PM

Posted 07 February 2016 - 03:45 PM

Greetings Alec and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 AlecGordon

AlecGordon
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 08 February 2016 - 07:19 AM

Hello,

 

Thank you for helping me, but I cannot call you friend, as you are more than that, you are a merciful knight aiding a newly ransacked peasant.  

I'm not sure what stage my computer is at currently. I did some chopping of stuff, so I can now run regular windows ok, but I am unable to run malware bytes and windows update isn't working properly. Also, windows seems to have un-verified itself, which I am unsure what to do about.

Anyway, thanks again for having a look, I hope that I've attached the correct things. 

 

Firstly, there are the FRST results: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Alec (administrator) on DEATHMACHINE500 (08-02-2016 10:51:20)
Running from C:\Users\Alec\Desktop
Loaded Profiles: Alec (Available Profiles: Alec & UpdatusUser & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BitTorrent, Inc.) C:\Program Files (x86)\BitTorrent\BitTorrent.exe
(Flux Software LLC) C:\Users\Alec\AppData\Local\FluxSoftware\Flux\flux.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Alec\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-16190850-2541859866-396269904-1000\...\Run: [BitTorrent] => C:\Program Files (x86)\BitTorrent\BitTorrent.exe [5708144 2012-03-18] (BitTorrent, Inc.)
HKU\S-1-5-21-16190850-2541859866-396269904-1000\...\Run: [f.lux] => C:\Users\Alec\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-16190850-2541859866-396269904-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-16190850-2541859866-396269904-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [osk.exe] => C:\Windows\system32\osk.exe [692736 2014-06-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll [2013-06-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll [2013-06-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll [2013-06-11] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll [2012-07-05] (SmartSoft Ltd.)
Startup: C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013-06-17]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2013-10-16]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1421EB1E-591C-4456-9017-CE0BBF4C5578}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{41942EC6-23CF-4C85-8701-A8E4457A78CD}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5C729C27-1CFB-4FD3-8C3E-0A5A71A23F47}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7569DBD9-B494-482A-90CB-5CA235267512}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{EACD2EE6-5E4B-4786-A1F7-43853A78F1FE}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-16190850-2541859866-396269904-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-16190850-2541859866-396269904-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-16190850-2541859866-396269904-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130988072042836303&GUID=9D676E60-A893-4EB9-B452-8528230AE2D0
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = 
SearchScopes: HKU\S-1-5-21-16190850-2541859866-396269904-1000 -> DefaultScope {66A24455-CDF3-4258-B00D-F89F5D57A356} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-16190850-2541859866-396269904-1000 -> {66A24455-CDF3-4258-B00D-F89F5D57A356} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-11-13] (Oracle Corporation)
DPF: HKLM {AEA3991E-3109-4C98-989E-33994FEB1A91} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri64_4.5.1.0.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02] (Skype Technologies S.A.)
 
FireFox:
========
FF ProfilePath: C:\Users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\032vbpnx.default
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [2012-03-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2013-06-13] (Adobe Systems)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-11-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2013-06-13] (Adobe Systems)
FF Plugin HKU\S-1-5-21-16190850-2541859866-396269904-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alec\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-25] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2013-02-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2013-02-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-03] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-03-02]
StartMenuInternet: Google Chrome.Guest - C:\Users\Guest\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-06-17] (Adobe Systems) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2928128 2012-11-19] (PACE Anti-Piracy, Inc.) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-04-15] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2012-04-15] ()
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 4E5B0CDE6; C:\Windows\System32\drivers\4E5B0CDE6.sys [478392 2016-02-03] (Kaspersky Lab ZAO)
R0 4E5B0CDE61; C:\Windows\System32\drivers\4E5B0CDE61.sys [478392 2016-02-07] (Kaspersky Lab ZAO)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2016-02-07] (Malwarebytes)
S3 mbedComposite; C:\Windows\System32\DRIVERS\mbedComposite_x64.sys [49200 2009-09-30] (ARM Ltd)
S3 mbedSerial_x64; C:\Windows\System32\DRIVERS\mbedSerial_x64.sys [61488 2009-09-30] (ARM Ltd)
S3 monectdevices; C:\Windows\System32\DRIVERS\monectdevices.sys [15768 2013-12-03] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 NvnUsbAudio; C:\Windows\System32\DRIVERS\nvnusbaudio.sys [54000 2014-10-17] (Novation DMS Ltd.)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1528976 2013-03-05] (Realtek Semiconductor Corporation                           )
S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [108296 2007-04-24] (MCCI Corporation)
S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [19720 2007-04-24] (MCCI Corporation)
S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [144648 2007-04-24] (MCCI Corporation)
S3 s125mgmt; C:\Windows\System32\DRIVERS\s125mgmt.sys [126216 2007-04-24] (MCCI Corporation)
S3 teVirtualMIDI64; C:\Windows\System32\DRIVERS\teVirtualMIDI64.sys [30208 2012-08-15] (Tobias Erichsen)
S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [51496 2013-04-04] (Yamaha Corporation)
S2 BTWSp50a64; SysWOW64\Drivers\BTWSp50a64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MFE_RR; \??\C:\Users\Alec\AppData\Local\Temp\mfe_rr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-08 10:51 - 2016-02-08 10:51 - 02370560 _____ (Farbar) C:\Users\Alec\Downloads\FRST64 (2).exe
2016-02-08 10:51 - 2016-02-08 10:51 - 02370560 _____ (Farbar) C:\Users\Alec\Desktop\FRST64 (1).exe
2016-02-08 10:51 - 2016-02-08 10:51 - 00016891 _____ C:\Users\Alec\Desktop\FRST.txt
2016-02-07 23:40 - 2016-02-07 23:40 - 90645400 _____ (Kaspersky Lab ZAO) C:\Users\Alec\Downloads\KVRT (1).exe
2016-02-07 23:37 - 2016-02-07 23:37 - 00106000 _____ C:\Users\Alec\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-07 23:28 - 2016-02-07 23:32 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\4E5B0CDE61.sys
2016-02-07 23:04 - 2016-02-07 23:33 - 00378938 _____ C:\Windows\ntbtlog.txt
2016-02-07 22:46 - 2016-02-07 23:36 - 05155512 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-07 21:29 - 2016-02-07 21:29 - 00001121 _____ C:\Users\Alec\Desktop\Reset.cmd
2016-02-07 21:29 - 2016-02-07 21:29 - 00000000 ____D C:\Program Files (x86)\Windows Resource Kits
2016-02-07 21:28 - 2016-02-07 21:28 - 00379392 _____ C:\Users\Alec\Downloads\subinacl.msi
2016-02-07 20:33 - 2016-02-07 20:33 - 00108345 _____ C:\Users\Alec\Desktop\equalop.odt
2016-02-07 19:48 - 2016-02-07 19:48 - 07635472 _____ (Microsoft Corporation) C:\Users\Alec\Downloads\GetWindows10-sds_____________.exe
2016-02-07 19:42 - 2015-06-04 00:54 - 00007692 _____ C:\Users\Alec\Downloads\win10fix_full.bat
2016-02-07 14:43 - 2016-02-07 14:43 - 00302011 _____ C:\Users\Alec\Downloads\WindowsUpdateDiagnostic (1).diagcab
2016-02-07 14:34 - 2016-02-07 14:34 - 00002446 _____ C:\Users\Alec\Downloads\win10fix_full.zip
2016-02-07 13:46 - 2016-02-07 13:46 - 00302011 _____ C:\Users\Alec\Downloads\WindowsUpdateDiagnostic.diagcab
2016-02-06 23:03 - 2016-02-06 23:03 - 00000000 ____D C:\Windows\Microsoft Antimalware
2016-02-06 22:11 - 2015-10-13 16:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-02-06 22:11 - 2015-10-13 16:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-02-06 22:11 - 2015-10-01 18:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-02-06 22:11 - 2015-10-01 18:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-02-06 22:11 - 2015-10-01 18:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-02-06 22:11 - 2015-10-01 18:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-02-06 22:11 - 2015-10-01 18:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-02-06 22:11 - 2015-10-01 18:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-02-06 22:11 - 2015-10-01 18:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-02-06 22:11 - 2015-10-01 17:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-02-06 22:11 - 2015-10-01 17:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-02-06 22:11 - 2015-07-18 13:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-02-06 22:11 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-02-06 22:10 - 2015-06-15 21:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-02-06 22:10 - 2015-06-15 21:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-02-06 22:10 - 2015-06-15 21:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-06 22:10 - 2015-06-15 21:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-02-06 22:10 - 2015-06-15 21:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-02-06 22:10 - 2015-06-15 21:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-02-06 22:10 - 2015-06-15 21:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-02-06 22:10 - 2015-06-15 21:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-06 22:10 - 2015-06-15 21:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-02-06 22:10 - 2015-06-15 21:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-02-06 22:10 - 2015-06-15 21:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-02-06 22:10 - 2015-06-15 21:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-02-06 22:09 - 2015-07-30 18:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-02-06 22:09 - 2015-07-30 18:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-02-06 22:09 - 2015-07-30 18:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-02-06 22:09 - 2015-07-30 18:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-02-06 22:09 - 2015-07-30 18:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-02-06 22:09 - 2015-07-30 18:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-02-06 22:09 - 2015-07-30 18:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-02-06 22:09 - 2015-07-30 17:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-02-06 22:09 - 2015-07-30 17:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-02-06 22:09 - 2015-07-30 17:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-02-06 22:09 - 2015-07-30 17:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-02-06 22:09 - 2015-07-30 17:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-02-06 22:09 - 2015-07-30 17:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-02-06 22:09 - 2015-07-30 16:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-06 22:09 - 2015-07-30 16:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-02-06 22:09 - 2015-07-30 16:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-02-06 21:53 - 2016-02-06 21:53 - 00985600 _____ C:\Users\Alec\Downloads\MicrosoftFixit50123.msi
2016-02-06 21:34 - 2015-11-13 23:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-02-06 21:34 - 2015-11-13 23:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-02-06 21:34 - 2015-11-13 23:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-02-06 21:34 - 2015-11-13 22:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-02-06 21:34 - 2015-11-13 22:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-02-06 21:34 - 2015-11-13 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-02-06 21:34 - 2015-10-29 17:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2016-02-06 21:34 - 2015-10-29 17:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2016-02-06 21:34 - 2015-10-29 17:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2016-02-06 21:34 - 2015-10-29 17:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2016-02-06 21:34 - 2015-10-29 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2016-02-06 21:34 - 2015-10-29 17:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2016-02-06 21:34 - 2015-10-29 17:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2016-02-06 21:34 - 2015-07-15 03:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2016-02-06 21:34 - 2015-06-02 00:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2016-02-06 21:34 - 2015-06-01 23:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2016-02-06 21:32 - 2015-12-08 21:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-06 21:32 - 2015-12-08 19:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-06 21:31 - 2015-12-30 19:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-06 21:31 - 2015-12-30 19:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-06 21:31 - 2015-12-30 19:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-06 21:31 - 2015-12-30 19:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-06 21:31 - 2015-12-30 19:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-06 21:31 - 2015-12-30 19:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-06 21:31 - 2015-12-30 19:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-06 21:31 - 2015-12-30 19:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-06 21:31 - 2015-12-30 19:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-06 21:31 - 2015-12-30 19:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-06 21:31 - 2015-12-30 19:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-06 21:31 - 2015-12-30 19:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-06 21:31 - 2015-12-30 19:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-06 21:31 - 2015-12-30 19:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-06 21:31 - 2015-12-30 19:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-06 21:31 - 2015-12-30 19:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-06 21:31 - 2015-12-30 19:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-06 21:31 - 2015-12-30 19:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-06 21:31 - 2015-12-30 18:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-06 21:31 - 2015-12-30 18:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-06 21:31 - 2015-12-30 18:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-06 21:31 - 2015-12-30 18:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-06 21:31 - 2015-12-30 18:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-06 21:31 - 2015-12-30 18:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-06 21:31 - 2015-12-30 18:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-06 21:31 - 2015-12-30 18:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-06 21:31 - 2015-12-30 18:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-06 21:31 - 2015-12-30 18:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-06 21:31 - 2015-12-30 18:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-06 21:31 - 2015-12-30 18:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-06 21:31 - 2015-12-30 18:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-06 21:31 - 2015-12-30 18:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-06 21:31 - 2015-12-30 18:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-06 21:31 - 2015-12-30 18:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-06 21:31 - 2015-12-30 18:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-06 21:31 - 2015-12-30 18:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-06 21:31 - 2015-12-30 18:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-06 21:31 - 2015-12-30 18:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-06 21:31 - 2015-12-30 18:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-06 21:31 - 2015-12-30 18:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-06 21:31 - 2015-12-30 18:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-06 21:31 - 2015-12-30 18:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-06 21:31 - 2015-12-30 18:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-06 21:31 - 2015-12-30 18:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-06 21:31 - 2015-12-30 18:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-06 21:31 - 2015-12-30 18:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-06 21:31 - 2015-12-30 18:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 17:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-06 21:31 - 2015-12-30 17:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-06 21:31 - 2015-12-30 17:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-06 21:31 - 2015-12-30 17:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-06 21:31 - 2015-12-30 17:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-06 21:31 - 2015-12-30 17:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-06 21:31 - 2015-12-30 17:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-06 21:31 - 2015-12-30 17:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-06 21:31 - 2015-12-30 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-06 21:31 - 2015-12-30 17:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-06 21:31 - 2015-12-30 17:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-06 21:31 - 2015-12-30 17:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-06 21:31 - 2015-12-30 17:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-06 21:31 - 2015-12-30 17:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-06 21:31 - 2015-12-30 17:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 17:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 17:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-06 21:31 - 2015-12-30 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-06 21:31 - 2015-12-08 21:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-02-06 21:31 - 2015-12-08 19:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-02-06 21:31 - 2015-09-23 13:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-02-06 21:31 - 2015-09-23 13:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-02-06 21:31 - 2015-09-23 13:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-02-06 21:00 - 2016-02-06 21:00 - 07635472 _____ (Microsoft Corporation) C:\Users\Alec\Downloads\GetWindows10-Web_Default_Attr.exe
2016-02-06 14:54 - 2016-02-06 14:54 - 00886256 _____ (Microsoft Corporation) C:\Users\Alec\Downloads\mssstool64.exe
2016-02-06 14:49 - 2016-02-06 14:49 - 00007607 _____ C:\Users\Alec\AppData\Local\Resmon.ResmonCfg
2016-02-06 14:07 - 2016-02-06 14:08 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Alec\Downloads\mbar-1.09.3.1001.exe
2016-02-06 14:01 - 2016-02-07 21:51 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-06 14:00 - 2016-02-08 02:00 - 00000000 ____D C:\Users\Alec\AppData\Local\Adobe
2016-02-05 23:18 - 2016-02-07 21:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-05 23:18 - 2016-02-05 23:18 - 00001101 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-05 23:18 - 2016-02-05 23:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-05 23:18 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-02-05 23:18 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-02-05 16:43 - 2016-02-05 16:43 - 00000000 ___SD C:\ComboFix
2016-02-05 16:03 - 2016-02-05 16:03 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\404B58AC.sys
2016-02-05 16:01 - 2016-02-05 16:01 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\61DD573E.sys
2016-02-05 16:00 - 2016-02-05 16:00 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\3EE7564C.sys
2016-02-05 16:00 - 2016-02-05 16:00 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\069F568E.sys
2016-02-05 15:59 - 2016-02-05 15:59 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\016555DA.sys
2016-02-05 15:56 - 2016-02-05 15:56 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\51EF538B.sys
2016-02-05 15:56 - 2016-02-05 15:56 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\0C425340.sys
2016-02-05 15:33 - 2016-02-05 15:33 - 00001067 _____ C:\Users\Alec\Desktop\Avast Browser Cleanup.lnk
2016-02-05 15:33 - 2016-02-05 15:33 - 00000000 ____D C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Browser Cleanup
2016-02-05 15:33 - 2016-02-05 15:33 - 00000000 ____D C:\Users\Alec\AppData\Roaming\AVAST Software
2016-02-05 15:32 - 2016-02-05 15:32 - 22908888 _____ (Malwarebytes ) C:\Users\Alec\Downloads\mbam-setup-2.2.0.1024.exe
2016-02-05 15:32 - 2016-02-05 15:32 - 03840080 _____ (AVAST Software) C:\Users\Alec\Downloads\avast-browser-cleanup-sfx.exe
2016-02-05 15:26 - 2016-02-05 15:26 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\61C73C0F.sys
2016-02-05 15:24 - 2016-02-05 15:24 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\4B123AE3.sys
2016-02-05 15:23 - 2016-02-05 15:23 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\325239C0.sys
2016-02-05 15:21 - 2016-02-05 15:21 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\27DD3859.sys
2016-02-05 15:17 - 2016-02-05 15:17 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\34C535B5.sys
2016-02-05 15:15 - 2016-02-05 15:15 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\5C78342A.sys
2016-02-05 15:14 - 2016-02-05 15:14 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\21E632DD.sys
2016-02-05 15:12 - 2016-02-05 15:12 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\49993151.sys
2016-02-05 14:59 - 2016-02-07 23:26 - 00000547 _____ C:\Users\Alec\Desktop\JRT.txt
2016-02-05 14:55 - 2016-02-05 15:23 - 00002670 _____ C:\Users\Alec\Desktop\Rkill.txt
2016-02-05 14:55 - 2016-02-05 14:55 - 01609032 _____ (Malwarebytes) C:\Users\Alec\Desktop\JRT.exe
2016-02-05 14:54 - 2016-02-05 14:54 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Alec\Downloads\rkill.com
2016-02-05 14:20 - 2016-02-05 14:20 - 01259370 _____ C:\Users\Alec\Desktop\cc_20160205_142018.reg
2016-02-05 14:17 - 2016-02-05 14:17 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-02-05 14:17 - 2016-02-05 14:17 - 00000825 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-02-05 14:17 - 2016-02-05 14:17 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-02-05 14:17 - 2016-02-05 14:17 - 00000000 ____D C:\Program Files\CCleaner
2016-02-05 10:45 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe
2016-02-05 10:45 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe
2016-02-05 10:45 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-02-05 10:45 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-02-05 10:45 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-02-05 10:45 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe
2016-02-05 10:45 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe
2016-02-05 10:45 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe
2016-02-05 10:44 - 2016-02-05 10:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\0327645A.sys
2016-02-05 10:40 - 2016-02-05 16:43 - 00000000 ____D C:\Qoobox
2016-02-05 10:40 - 2016-02-05 10:57 - 00000000 ____D C:\Windows\erdnt
2016-02-05 10:39 - 2016-02-05 14:36 - 00099733 _____ C:\Users\Alec\Downloads\Shortcut.txt
2016-02-05 10:36 - 2016-02-05 14:36 - 00060837 _____ C:\Users\Alec\Downloads\Addition.txt
2016-02-05 10:33 - 2016-02-08 10:51 - 00000000 ____D C:\FRST
2016-02-05 10:33 - 2016-02-07 14:55 - 00069058 _____ C:\Users\Alec\Downloads\FRST.txt
2016-02-05 10:33 - 2016-02-05 10:33 - 06828320 _____ (Piriform Ltd) C:\Users\Alec\Downloads\ccsetup514.exe
2016-02-05 10:33 - 2016-02-05 10:33 - 06828320 _____ (Piriform Ltd) C:\Users\Alec\Downloads\ccsetup514 (1).exe
2016-02-05 10:32 - 2016-02-05 10:33 - 05657667 ____R (Swearware) C:\Users\Alec\Downloads\ComboFix.exe
2016-02-05 10:32 - 2016-02-05 10:32 - 02370560 _____ (Farbar) C:\Users\Alec\Downloads\FRST64.exe
2016-02-05 02:30 - 2016-02-05 02:30 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\5B656A1B.sys
2016-02-05 02:30 - 2016-02-05 02:30 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\399469F1.sys
2016-02-04 22:36 - 2016-02-04 22:36 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\1E1A375B.sys
2016-02-04 22:36 - 2016-02-04 22:36 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\2850372A.sys
2016-02-04 22:11 - 2016-02-04 22:11 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\493B2428.sys
2016-02-04 22:11 - 2016-02-04 22:11 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\47302432.sys
2016-02-04 22:09 - 2016-02-04 22:09 - 00002243 _____ C:\Windows\epplauncher.mif
2016-02-04 21:44 - 2016-02-04 21:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\78320F49.sys
2016-02-04 21:44 - 2016-02-04 21:44 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\54560F29.sys
2016-02-04 21:17 - 2016-02-04 21:17 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\6CD67AB6.sys
2016-02-04 21:17 - 2016-02-04 21:17 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\6EE17AAC.sys
2016-02-04 20:44 - 2016-02-04 20:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\64D46146.sys
2016-02-04 20:44 - 2016-02-04 20:44 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\66DF613D.sys
2016-02-04 20:20 - 2016-02-04 20:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\2ABF4F2D.sys
2016-02-04 20:20 - 2016-02-04 20:20 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\2CCA4F23.sys
2016-02-04 19:57 - 2016-02-04 19:57 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\08463D6E.sys
2016-02-04 19:57 - 2016-02-04 19:57 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\0A513D64.sys
2016-02-04 19:48 - 2016-02-04 19:48 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\73C5369E.sys
2016-02-04 19:48 - 2016-02-04 19:48 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\75D03695.sys
2016-02-04 19:12 - 2016-02-04 19:12 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\2E021B24.sys
2016-02-04 19:12 - 2016-02-04 19:12 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\300C1B1A.sys
2016-02-04 19:10 - 2016-02-04 19:10 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\6C2B192D.sys
2016-02-04 19:09 - 2016-02-04 19:10 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\4E6F18EF.sys
2016-02-04 18:41 - 2016-02-04 18:41 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2016-02-04 18:23 - 2016-02-07 21:54 - 00000000 ___HD C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-02-04 18:23 - 2016-02-07 21:53 - 00000000 ____D C:\Users\Alec\Desktop\mbar
2016-02-04 18:23 - 2016-02-04 18:23 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\378F7562.sys
2016-02-04 18:03 - 2016-02-04 18:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\603C663B.sys
2016-02-04 18:03 - 2016-02-04 18:03 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\0C436634.sys
2016-02-04 18:01 - 2016-02-04 18:01 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\23A064F7.sys
2016-02-04 18:01 - 2016-02-04 18:01 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\4FA764F1.sys
2016-02-04 18:00 - 2016-02-04 18:00 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\0CEA63CB.sys
2016-02-04 18:00 - 2016-02-04 18:00 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\64F963BE.sys
2016-02-04 14:17 - 2016-02-04 14:17 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\4CC43917.sys
2016-02-04 14:16 - 2016-02-04 14:16 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\331E38C5.sys
2016-02-04 14:16 - 2016-02-04 14:16 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\13573891.sys
2016-02-04 14:13 - 2016-02-04 14:13 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\57A1367D.sys
2016-02-04 14:12 - 2016-02-04 14:12 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\32A03595.sys
2016-02-04 13:41 - 2016-02-05 10:28 - 00000000 ____D C:\AdwCleaner
2016-02-04 11:42 - 2016-02-04 13:52 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\14B64301.sys
2016-02-04 11:38 - 2016-02-04 11:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\424A3FC1.sys
2016-02-04 11:38 - 2016-02-04 11:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\2CBA3F5B.sys
2016-02-04 01:04 - 2016-02-04 01:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\18645A68.sys
2016-02-04 01:04 - 2016-02-04 01:04 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\7AA85A2A.sys
2016-02-04 01:01 - 2016-02-08 10:51 - 00006160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-04 01:01 - 2016-02-08 10:51 - 00006160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-04 01:00 - 2016-02-08 03:46 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-03 18:02 - 2016-02-07 22:02 - 00891210 _____ C:\Windows\system32\PerfStringBackup.TMP
2016-02-03 14:17 - 2016-02-05 14:30 - 00106000 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2016-02-03 14:06 - 2016-02-03 14:06 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\4E5B0CDE6.sys
2016-02-03 13:30 - 2016-02-03 13:30 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\76D14754.sys
2016-02-02 21:31 - 2016-02-02 21:31 - 00051448 _____ C:\Users\Alec\Desktop\What is Trojan horse virus and how to remove it manually _ COMBOFIX.html
2016-02-02 21:31 - 2016-02-02 21:31 - 00000000 ____D C:\Users\Alec\Desktop\What is Trojan horse virus and how to remove it manually _ COMBOFIX_files
2016-02-01 23:13 - 2016-02-01 23:14 - 00000000 ____D C:\KVRT_Data
2016-02-01 23:11 - 2016-02-01 23:12 - 91546008 _____ (Kaspersky Lab ZAO) C:\Users\Alec\Downloads\KVRT.exe
2016-02-01 18:44 - 2016-02-01 18:44 - 00169536 _____ C:\Users\Alec\Downloads\Messiaen-McOpera-6 Feb.pdf
2016-02-01 13:52 - 2015-11-11 18:53 - 01735680 ____H (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-02-01 13:52 - 2015-11-11 18:53 - 00525312 ____H (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-02-01 13:52 - 2015-11-11 18:39 - 01242624 ____H (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-02-01 13:52 - 2015-11-11 18:39 - 00487936 ____H (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-02-01 13:52 - 2015-07-09 17:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2016-02-01 13:52 - 2015-07-09 17:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2016-02-01 13:52 - 2015-07-09 17:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2016-01-31 23:33 - 2016-01-31 23:33 - 00002120 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-01-31 23:32 - 2016-01-31 23:33 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-01-31 23:32 - 2016-01-31 23:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-01-31 23:31 - 2016-01-31 23:31 - 14243008 _____ (Microsoft Corporation) C:\Users\Alec\Downloads\mseinstall.exe
2016-01-30 23:13 - 2016-01-31 07:26 - 00000000 ____D C:\Users\Alec\Downloads\camelcrusher-win_mac
2016-01-30 21:57 - 2016-01-30 21:57 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focusrite
2016-01-30 21:28 - 2016-01-30 21:28 - 00377265 ____T C:\Users\Alec\Desktop\Burnistoun - Nice Hair.mp3.asd
2016-01-28 22:46 - 2016-01-28 23:27 - 00000000 ____D C:\Users\Alec\Desktop\sound
2016-01-28 19:11 - 2016-01-28 19:11 - 00032393 _____ C:\Users\Alec\Desktop\new.sib
2016-01-26 11:44 - 2016-01-26 11:44 - 00000000 ____D C:\Users\Alec\Desktop\Camera
2016-01-26 11:43 - 2016-01-26 11:43 - 00000000 ____D C:\Users\Alec\Desktop\Messenger
2016-01-21 14:19 - 2016-01-21 14:19 - 00028515 _____ C:\Users\Alec\Downloads\Ellen McNeill - Full Score (1).pdf
2016-01-21 14:18 - 2016-01-21 14:18 - 00431330 _____ C:\Users\Alec\Downloads\fangsi.pdf
2016-01-21 14:18 - 2016-01-21 14:18 - 00115824 _____ C:\Users\Alec\Downloads\hannahMY.pdf
2016-01-21 14:18 - 2016-01-21 14:18 - 00028515 _____ C:\Users\Alec\Downloads\Ellen McNeill - Full Score.pdf
2016-01-21 14:18 - 2016-01-21 14:18 - 00022061 _____ C:\Users\Alec\Downloads\Composition Intermediate - 3pm - Full Score.pdf
2016-01-15 20:47 - 2016-01-15 20:47 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Novation
2016-01-15 20:47 - 2016-01-15 20:47 - 00000000 ____D C:\Program Files\Novation
2016-01-15 20:47 - 2014-10-17 13:19 - 00054000 ____H (Novation DMS Ltd.) C:\Windows\system32\Drivers\nvnusbaudio.sys
2016-01-15 20:47 - 2014-10-17 13:19 - 00022256 ____H (Novation DMS Ltd.) C:\Windows\system32\nvnusbaudio_coinst.dll
2016-01-15 18:52 - 2016-01-15 18:52 - 00533957 ____T C:\Users\Alec\Desktop\Kyu Sakamoto - CHINA NIGHTS (Shina No Yoru).mp3.asd
2016-01-15 01:31 - 2016-01-15 01:31 - 00000000 ____D C:\Program Files\DIFX
2016-01-15 01:30 - 2013-09-25 15:22 - 00127280 ____H (Focusrite Audio Engineering Limited.) C:\Windows\system32\Drivers\ffusb2audio.sys
2016-01-15 01:23 - 2016-01-15 01:23 - 00000000 ____D C:\Program Files\Focusrite
2016-01-15 01:23 - 2016-01-15 01:23 - 00000000 ____D C:\Program Files (x86)\Focusrite
2016-01-15 01:23 - 2014-03-17 11:38 - 00022832 ____H (Focusrite Audio Engineering Limited.) C:\Windows\system32\ffusb2audio_coinst.dll
2016-01-15 00:48 - 2016-01-15 00:48 - 03714161 _____ C:\Users\Alec\Downloads\Mad-Ska-2-.m4a.m4a
2016-01-14 17:03 - 2016-01-14 17:14 - 00000000 ____D C:\Users\Alec\Desktop\New folder (2)
2016-01-10 18:42 - 2016-01-10 18:46 - 00000000 ____D C:\Users\Alec\Desktop\vst
2016-01-10 18:27 - 2016-01-10 18:27 - 00000000 ____D C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Arturia
2016-01-10 18:24 - 2016-01-10 18:26 - 00000000 ____D C:\Users\Alec\Documents\Calibre Library
2016-01-10 18:24 - 2016-01-10 18:25 - 00000000 ____D C:\Users\Alec\AppData\Roaming\calibre
2016-01-10 18:24 - 2016-01-10 18:24 - 00000000 ____D C:\Users\Alec\AppData\Local\calibre-cache
2016-01-10 18:23 - 2016-01-10 18:23 - 00000963 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2016-01-10 18:23 - 2016-01-10 18:23 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2016-01-10 18:23 - 2016-01-10 18:23 - 00000000 ____D C:\Program Files (x86)\Calibre2
2016-01-10 18:19 - 2016-01-10 18:21 - 66744320 _____ C:\Users\Alec\Downloads\calibre-2.48.0.msi
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-08 10:51 - 2012-03-18 20:05 - 00000000 ____D C:\Users\Alec\AppData\Roaming\BitTorrent
2016-02-08 01:11 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2016-02-08 01:06 - 2009-07-14 03:20 - 00000000 ___HD C:\Windows\inf
2016-02-07 19:13 - 2012-11-09 20:55 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-02-07 19:12 - 2012-11-09 20:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-02-07 19:12 - 2012-11-09 20:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-02-07 14:59 - 2015-12-19 15:41 - 00000000 ____D C:\Users\Alec\AppData\Local\Bitwig Studio
2016-02-06 13:57 - 2014-08-11 10:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-05 14:50 - 2015-11-29 17:01 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arturia
2016-02-05 14:50 - 2012-11-26 23:35 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Karnaugh Map Minimizer
2016-02-05 14:50 - 2012-05-02 17:08 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liberation of Nuenen
2016-02-05 14:50 - 2012-04-09 16:51 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars
2016-02-05 14:50 - 2012-03-22 16:43 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codec-C
2016-02-05 14:44 - 2009-07-14 02:34 - 00000215 _____ C:\Windows\system.ini
2016-02-05 14:19 - 2015-06-08 07:49 - 00000000 ___HD C:\Windows\Minidump
2016-02-05 14:19 - 2013-11-09 18:45 - 00000000 ____D C:\Users\Alec\AppData\Roaming\Sony
2016-02-05 14:19 - 2012-03-15 02:22 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-05 14:19 - 2012-03-15 00:53 - 00000000 ___HD C:\Windows\Panther
2016-02-05 10:55 - 2012-03-14 23:59 - 00000000 ___HD C:\Users\Alec
2016-02-04 23:41 - 2013-09-20 02:10 - 00000000 ___HD C:\Windows\system32\MRT
2016-02-04 23:37 - 2012-11-10 13:14 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-03 11:04 - 2012-04-22 21:14 - 00000000 ___HD C:\Program Files (x86)\Google
2016-02-02 14:54 - 2012-04-22 21:14 - 00003894 ____H C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 14:54 - 2012-04-22 21:14 - 00003642 ____H C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-02 13:11 - 2012-07-27 11:20 - 00000000 ____D C:\Users\Guest
2016-02-02 13:11 - 2012-03-16 23:56 - 00000000 ____D C:\Users\UpdatusUser
2016-02-02 00:43 - 2015-12-15 12:44 - 00001675 _____ C:\Users\Alec\Desktop\writingThis will probably be the last thing I upload for a while, working on something real.,raps.txt
2016-01-31 23:16 - 2015-12-19 17:20 - 00000000 ___RD C:\Users\Alec\Desktop\rap beat Project
2016-01-31 07:26 - 2015-09-20 18:02 - 00000000 ____D C:\Program Files (x86)\Steinberg
2016-01-31 07:26 - 2014-12-25 15:38 - 00000000 ____D C:\Users\Alec\Downloads\MIT.Press.Processing.A.Programming.Handbook.for.Visual.Designers.and.Artists.Sep.2007.eBook-BBL
2016-01-31 07:26 - 2014-03-24 10:39 - 00000000 ____D C:\Users\Alec\Downloads\Sibelius 6 - With working Activation
2016-01-31 07:26 - 2014-03-18 09:25 - 00000000 ____D C:\Users\Alec\Downloads\Max5 Installer
2016-01-31 07:26 - 2009-07-14 03:20 - 00000000 ___HD C:\Windows\registration
2016-01-30 23:17 - 2015-12-18 15:08 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steinberg Cubasis VST 4
2016-01-29 01:57 - 2015-04-24 09:45 - 00002215 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-29 01:57 - 2015-04-24 09:45 - 00002186 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-27 19:14 - 2009-07-14 03:20 - 00000000 ___HD C:\Windows\system32\NDF
2016-01-23 00:10 - 2012-03-18 13:57 - 00000000 ____D C:\Users\Alec\AppData\Roaming\vlc
2016-01-14 17:53 - 2012-03-15 02:33 - 00000000 ____D C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-14 17:10 - 2015-09-27 21:10 - 00024748 ____T C:\Users\Alec\Downloads\Tape Deck-SoundBible.com-967485391.mp3.asd
2016-01-14 17:06 - 2012-03-15 03:24 - 00000000 ____D C:\Users\Alec\AppData\Roaming\Audacity
2016-01-10 18:46 - 2015-12-28 15:11 - 00000000 ____D C:\Program Files (x86)\Hadron
 
==================== Files in the root of some directories =======
 
2014-03-24 10:54 - 2014-03-24 10:54 - 0000604 ____H () C:\Program Files (x86)\STLL Notifier
2014-03-24 11:33 - 2014-03-24 11:33 - 0000604 ____H () C:\Program Files (x86)\_43_S
2013-01-24 13:36 - 2013-01-24 13:36 - 0000604 ____H () C:\Program Files (x86)\_Z2
2013-09-30 14:13 - 2013-09-30 14:13 - 0227208 _____ () C:\Users\Alec\AppData\Roaming\AvidLicenseControl_Install.log
2015-10-16 09:38 - 2016-01-08 21:10 - 0006144 _____ () C:\Users\Alec\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-06 14:49 - 2016-02-06 14:49 - 0007607 _____ () C:\Users\Alec\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\Alec\AppData\Local\Temp\sqlite-3.8.0-x86-sqlitejdbc.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-08 04:15
 
==================== End of FRST.txt ============================
 
here are the addition.txt results:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Alec (2016-02-08 10:52:26)
Running from C:\Users\Alec\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-03-14 23:59:52)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
139D72199F534DB887E4 (S-1-5-21-16190850-2541859866-396269904-1012 - Limited - Enabled)
Administrator (S-1-5-21-16190850-2541859866-396269904-500 - Administrator - Disabled)
Alec (S-1-5-21-16190850-2541859866-396269904-1000 - Administrator - Enabled) => C:\Users\Alec
D015033911DF45769384 (S-1-5-21-16190850-2541859866-396269904-1009 - Limited - Enabled)
Guest (S-1-5-21-16190850-2541859866-396269904-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-16190850-2541859866-396269904-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-16190850-2541859866-396269904-1003 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1000 Amps (HKLM-x32\...\Steam App 205690) (Version:  - )
ACD/Labs Software in C:\Program Files (x86)\ACDFREE11\ (HKLM-x32\...\ACDLabs in C__Program_Files_(x86)_ACDFREE11_) (Version: v11.00, FREE - ACD/Labs)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.0.0.181 - Adobe Systems Incorporated)
Adobe Dreamweaver CC (HKLM-x32\...\{00E094E1-A852-11E2-803D-ACEA632352B4}) (Version: 13 - Adobe Systems Incorporated)
Adobe GoLive CS2 English (HKLM-x32\...\Adobe GoLive CS2 English) (Version: 8.0 - Adobe Systems)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
AirMech (HKLM-x32\...\Steam App 206500) (Version:  - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta1 - Michael Tippach)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)
Avast Browser Cleanup (HKU\S-1-5-21-16190850-2541859866-396269904-1000\...\Avast Browser Cleanup) (Version: 10.4.2233.107 - AVAST Software)
Avid Effects (HKLM-x32\...\{A86F1158-A7F7-4E8C-98E3-88F4996E85EB}) (Version: 10.3 - Avid Technology, Inc.)
Avid HD Driver (x64) (HKLM\...\{658E112A-8776-4430-A275-D9248732DFB9}) (Version: 10.3 - Avid Technology, Inc.)
Avid License Control (HKLM-x32\...\{F187D064-F101-4E95-8D05-4027809AA0F8}) (Version: 3.0.1 - Avid Technology, Inc.)
Avid Pro Tools (HKLM-x32\...\{8E60BB71-7EF3-42ED-9F10-AA041F25841A}) (Version: 10.3 - Avid Technology, Inc.)
Belkin F6D4050 Enhanced Wireless USB Adapter (HKLM-x32\...\InstallShield_{B97A0C89-29C0-4682-902C-364109A9857C}) (Version: 2.0.0.08 - Belkin)
Belkin F6D4050 Enhanced Wireless USB Adapter (x32 Version: 2.0.0.08 - Belkin) Hidden
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.6.1 - BitTorrent Inc.)
Bitwig Studio 1.0.4 (HKLM-x32\...\{A79BAFFB-F92E-4551-A91C-5215176269A5}) (Version: 1.0.0 - Bitwig GmbH)
Blender (HKLM\...\Blender) (Version: 2.72a - Blender Foundation)
calibre (HKLM-x32\...\{5AD205E9-E80E-4F4B-88A5-C6B5CC12BBE4}) (Version: 2.48.0 - Kovid Goyal)
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
CINEMA 4D 16.050 (HKLM\...\MAXON9AB801B9) (Version: 16.050 - MAXON Computer GmbH)
Code Hero (HKLM-x32\...\{86883E5D-330F-4F36-A5B4-80CBFF386F31}) (Version: 0.192 - Primer Labs)
CPUID CPU-Z 1.69 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Cubasis VST 4 (HKLM-x32\...\Cubasis VST 4) (Version:  - )
Defraggler (HKLM\...\Defraggler) (Version: 2.09 - Piriform)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
f.lux (HKU\S-1-5-21-16190850-2541859866-396269904-1000\...\Flux) (Version:  - )
FabFilter Twin VSTi RTAS v2.00 (HKLM-x32\...\FabFilter Twin VSTi RTAS_is1) (Version:  - )
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
Finale 2014 (HKLM-x32\...\Finale 2014) (Version: 2014.0.3163.2 - MakeMusic)
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
Garritan Personal Orchestra (HKLM-x32\...\Garritan Personal Orchestra) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Guitar Pro 5.0 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
HeadCrusherFree version 1.0.0 (HKLM\...\HeadCrusherFree_is1) (Version: 1.0.0 - )
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{AA67D612-0BE5-44D6-9A91-592958F754A1}) (Version: 13.0.198 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Jamestown (HKLM-x32\...\Steam App 94200) (Version:  - )
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java™ 6 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416031FF}) (Version: 6.0.310 - Oracle)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Java™ 7 Update 1 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417001FF}) (Version: 7.0.10 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JBridge (HKLM-x32\...\JBridge) (Version:  - JBridge)
Kentucky Route Zero (HKLM-x32\...\Kentucky Route Zero) (Version: 4.1.2.1635 - Cardboard Computer)
Kentucky Route Zero Act III (HKLM-x32\...\{9A99DB29-F374-4D7C-99B6-D77877031667}_is1) (Version: 4.3.1 - Cardboard Computer)
KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version:  - )
KlipFreak version 1.0.1 (HKLM\...\KlipFreak_is1) (Version: 1.0.1 - )
KORG KONTROL Editor (HKLM-x32\...\{2994E3F1-B6A3-40FD-860E-A54363FC266C}) (Version: 1.50.0000 - KORG Inc.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
License Support (HKLM-x32\...\InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.3.0.8766 - PACE Anti-Piracy, Inc.)
License Support (Version: 1.3.0.8766 - PACE Anti-Piracy, Inc.) Hidden
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.1.0.0 - Lightworks)
Live 8.2.2 (HKLM-x32\...\Live 8.2.2) (Version:  - )
Max 7 (64-bit) (HKLM\...\{AA260796-B1C2-446A-A60A-690EAC15B268}) (Version: 7.0.1 - Cycling '74)
Max 7 (HKLM-x32\...\{68A34EF0-9E94-468E-87A0-F3DE8658707B}) (Version: 7.0.5 - Cycling '74)
Melodics version 1.0.1695.0 (HKLM\...\Melodics_is1) (Version: 1.0.1695.0 - )
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Age of Empires II Trial Version (HKLM-x32\...\Age of Empires II Trial) (Version:  - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C# 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-GB)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1 - Mozilla)
MultiBit 0.5.16 (HKLM-x32\...\MultiBit 0.5.16) (Version: 0.5.16 - )
Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 4 DJ Driver (HKLM-x32\...\Native Instruments Audio 4 DJ Driver) (Version:  - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.5.0.409 - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version:  - Native Instruments)
Novation USB Audio Driver 2.6 (HKLM\...\Novation USB Audio Driver_is1) (Version: 2.6 - Novation DMS Ltd.)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.3 (HKLM-x32\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org)
Oracle VM VirtualBox 4.3.10 (HKLM\...\{5632714F-6A48-4BF2-89E0-F8B6CE9FE6D1}) (Version: 4.3.10 - Oracle Corporation)
Overture 3.5 SE (HKLM-x32\...\Overture 3.5 SE) (Version:  - )
PartikkelAudio Hadron (HKLM-x32\...\Hadron) (Version:  - )
Pd-0.43.4-extended (HKLM-x32\...\pd_is1) (Version:  - puredata.info)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PreReq (x32 Version: 6.2.3.0 - Eastman Kodak Company) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Psychonauts (HKLM-x32\...\Steam App 3830) (Version:  - Double Fine Productions, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Python 2.5.4 (HKLM-x32\...\{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BC}) (Version: 2.5.4150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - )
Red Orchestra 2: Heroes of Stalingrad (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire)
Scarlett MixControl 1.8 (HKLM-x32\...\Saffire USB 26_is1) (Version: 1.8 - Focusrite Audio Engineering Limited)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Sibelius 7 OpenType Fonts (HKLM-x32\...\{623C2BD8-1B28-4F98-B578-E9D139827269}) (Version: 7.1.3 - Avid)
Sibelius 7.1.3.77 (HKLM\...\Sibelius 7.0.0.23_is1) (Version: 7.1.3.77 - Avid)
Sid Meier's Civilization III: Complete (HKLM-x32\...\Steam App 3910) (Version:  - Firaxis)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
SmartFTP Client (HKLM\...\{1C1E6A38-3A57-41F9-BBFB-22C1C03BB675}) (Version: 4.0.1251.0 - SmartSoft Ltd.)
SmartFTP Client Setup Files 4.0 (x64) (remove only) (HKLM-x32\...\SmartFTP Client 4.0 (x64) Setup Files) (Version: 4.0 - SmartSoft Ltd)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
SuperCollider Version 3.6.6 (HKLM-x32\...\SuperCollider-3.6.6) (Version: 3.6.6 - )
Sylenth1 v2.21 (HKLM\...\Sylenth1_is1) (Version:  - )
System Requirements Lab CYRI (64-bit) (HKLM\...\{15AD6738-23E8-4AE6-93E9-434E717EECB2}) (Version: 4.5.1.0 - Husdawg, LLC)
System Requirements Lab CYRI (HKLM-x32\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Ship (HKLM-x32\...\Steam App 2400) (Version:  - Outerlight)
The Ship Single Player (HKLM-x32\...\Steam App 2420) (Version:  - Outerlight)
The Ship Tutorial (HKLM-x32\...\Steam App 2430) (Version:  - Outerlight)
The Void (HKLM-x32\...\Steam App 37000) (Version:  - Ice-pick Lodge)
TP-LINK TL-WN721N_TL-WN722N Driver (HKLM-x32\...\{86A7EED0-02D0-4D91-8183-8D2F23F5E6AE}) (Version: 1.3.1 - TP-LINK)
TP-LINK TL-WN725N_TL-WN723N Driver (HKLM-x32\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 1.3.1 - TP-LINK)
Transient version 1.0.1 (HKLM\...\Transient_is1) (Version: 1.0.1 - )
Unity Web Player (HKU\S-1-5-21-16190850-2541859866-396269904-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
ValhallaFreqEcho version 1.0.5 (HKLM-x32\...\{86164718-6457-42DE-8DB6-EA05F7045F2C}_is1) (Version: 1.0.5 - Valhalla DSP, LLC)
Vegas Pro 12.0 (64-bit) (HKLM\...\{A7500970-FE98-11E1-B560-F04DA23A5C58}) (Version: 12.0.367 - Sony)
VirtualDJ Home FREE (HKLM-x32\...\{5E1375CB-6792-4464-8715-CC3EC83D48FA}) (Version: 7.0.5 - Atomix Productions)
Visual C++ 64-bit Redistributables (HKLM-x32\...\InstallShield_{FB03650C-B373-4B20-ACA5-B7BA1A8EEE33}) (Version: 1.3.0.8766 - PACE Anti-Piracy, Inc.)
Visual C++ Redistributables (HKLM-x32\...\InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}) (Version: 1.3.0.8766 - PACE Anti-Piracy, Inc.)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Xfer Records LFOTool v1.29 Beta 6 x64 (HKLM\...\Xfer Records LFOTool v1.29 Beta 6 x64_is1) (Version:  - )
Yamaha USB-MIDI Driver (HKLM-x32\...\InstallShield_{71E75F05-930E-41BA-BDBC-15E3134DD45B}) (Version: 3.1.3.1 - Yamaha Corporation)
Yamaha USB-MIDI Driver (Version: 3.1.3.1 - Yamaha Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-16190850-2541859866-396269904-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {19388491-F3CF-4DC8-8C7B-FD6F25106ED8} - System32\Tasks\{DB0D4F12-B628-4EDD-ADBA-3FB35C34F106} => C:\Users\Alec\Desktop\lololololol.exe
Task: {336FC55E-F9D9-4630-8250-F7AE1E99EEDA} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMKJJMOMOJMJKMOMKJCNJMNJOJJMCNLMMMOMIMCNOJJMLJLMCNOJKJNJHMLJGMOMOJMMKJOMJMJNJICMIMCNGMCNIMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMFMHMIMIMJNHICMEKMICNJJCKJNBJCMOLDJKJMJPNILAJNILJAJBJJNKJCMJNNICMJNDJCMKJBJJNMJCMPMFMPMFMPMJNFICMNIJJIIGJPIKJAJKILIBNKJHIKJ"
Task: {4120743E-44B0-48B0-8821-447247AE7F13} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {4480E22E-DDA4-4B4E-8D28-3C358F10D4E7} - System32\Tasks\{5A930BC5-0FD4-4ADA-8D68-3F274DAED688} => pcalua.exe -a "C:\Users\Alec\Desktop\New folder\Archives\bf1942\Levels\abtf.exe" -d "C:\Users\Alec\Desktop\New folder\Archives\bf1942\Levels"
Task: {502DFB7F-EF69-4D70-A147-18325561609B} - System32\Tasks\{10771694-CE9B-4885-9A8B-47CA9B7495EA} => pcalua.exe -a "C:\Program Files (x86)\Steinberg\Cubasis VST 4\Setupmme.exe" -d C:\PROGRA~2\STEINB~1\CUBASI~1
Task: {55693D8F-90C1-4B1C-B1FA-D4761A5725E6} - System32\Tasks\{9BCB8018-3898-4512-9C11-3FBB6684DD78} => pcalua.exe -a F:\autorun.exe -d F:\
Task: {56C7B7EC-1716-415B-A95B-F6FE4FD74552} - System32\Tasks\AdobeAAMUpdater-1.0-DeathMachine500-Alec => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {61D97733-C5F3-4124-BB01-06A3858262B5} - \DealPlyUpdate -> No File <==== ATTENTION
Task: {9677D12E-215A-4413-8687-9FB9681AC947} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {BF997542-5DAD-446C-B7FA-EB4EE2E711C2} - \DealPly -> No File <==== ATTENTION
Task: {F03CA1F8-7B40-464D-98C5-F7B4DFB921E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {F0A83718-5035-4D63-9706-2C56CDFBDA87} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {F75C5881-CD09-437D-B7CC-ABC1D50D4A25} - System32\Tasks\{CC3012D3-D4D3-4737-BD65-3F0EE7237CF8} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{B97A0C89-29C0-4682-902C-364109A9857C}\setup.exe" -c -runfromtemp -l0x0409
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-04-11 15:09 - 2012-04-15 20:12 - 00076888 ____H () C:\Windows\SysWOW64\PnkBstrA.exe
2012-04-11 15:09 - 2012-04-15 20:13 - 00189248 ____H () C:\Windows\SysWOW64\PnkBstrB.exe
2012-03-16 23:56 - 2013-01-31 09:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-06-11 22:58 - 2013-06-11 22:58 - 03316080 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2012-03-25 17:08 - 2012-02-17 19:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2012-10-10 02:22 - 2012-10-10 02:22 - 00094208 ____H () C:\Windows\System32\IccLibDll_x64.dll
2016-01-29 01:57 - 2016-01-27 17:39 - 01632584 ____H () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libglesv2.dll
2016-01-29 01:57 - 2016-01-27 17:39 - 00087880 ____H () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libegl.dll
2016-01-29 01:57 - 2016-01-27 17:39 - 16799048 ____H () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Alec\Cookies:wxnZnWqEnAKN0SFOgo5NoriJ
AlternateDataStreams: C:\Users\Alec\AppData\Local\K5QzDO6wn:1VZ48cJfwcbL0tVlFLA
AlternateDataStreams: C:\Users\Alec\AppData\Local\Temp:3aCe00V7RP9NXo6QnMB1FGCojO
AlternateDataStreams: C:\Users\Alec\AppData\Local\Temp:c6WmAwdcTDwxjRiBp
AlternateDataStreams: C:\Users\Alec\AppData\Local\Temp:eGjS8e09YamB1Z3czrkZX4Yl8Nhf
AlternateDataStreams: C:\Users\Alec\AppData\Local\Temp:QMFBVSAnCZZGEyO5Vlx8Bb7cdR9
AlternateDataStreams: C:\Users\Alec\AppData\Local\Temp:ScV8Tj9nfyYaJMF9RvUq8OC
AlternateDataStreams: C:\Users\Alec\AppData\Local\Temporary Internet Files:7S9A8HKQKvqgZ3QEsTJ
AlternateDataStreams: C:\Users\Alec\AppData\Local\zsEKRvIABbj:WjW0bqcKLY4jJksMyz37u9
AlternateDataStreams: C:\Users\Alec\AppData\Local\zXmJe3reAmT1l8:hd1vEmR8SwVcbBxiffs4BWB
AlternateDataStreams: C:\ProgramData\Microsoft:7z1wEv5Xzl6wT4GqmfGscWddkw
AlternateDataStreams: C:\ProgramData\Microsoft:sO4HPagV81CV11xiB67EUi
AlternateDataStreams: C:\ProgramData\Microsoft:x23L6PF4svAxYurrqGotCTCNL
AlternateDataStreams: C:\ProgramData\Microsoft:z1RmIroVh4ssfymkxpy8DNs
AlternateDataStreams: C:\ProgramData\TEMP:C8B8CEBD
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\44436291.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\4E5B0CDE6.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\4E5B0CDE61.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\44436291.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\4E5B0CDE6.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\4E5B0CDE61.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2016-02-05 10:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-16190850-2541859866-396269904-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Alec^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Alec^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Alec^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BitTorrent => "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: Boxoft Tools => "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun
MSCONFIG\startupreg: F.lux => "C:\Users\Alec\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
MSCONFIG\startupreg: Facebook Update => "C:\Users\Alec\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: FormAutoFill => C:\Program Files (x86)\FormAutoFill\faf.exe
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: PrivitizeVPN => C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Alec\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Alec\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: Unified Remote v2 => C:\Program Files (x86)\Unified Remote\RemoteServer.exe
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{23763708-EF66-44EC-8694-0A18676793F6}] => (Allow) LPort=1542
FirewallRules: [{6C8FC700-BEB9-4B34-8BDD-C0A62E8CCFD8}] => (Allow) LPort=1542
FirewallRules: [{295468D6-480C-463E-8D68-5A69C4058DF9}] => (Allow) LPort=53
FirewallRules: [{B7145D49-81D1-43CE-A0E5-75040A369B94}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EC4E0A22-9755-4270-B16C-BB59E54D3E99}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9B4DD835-090A-4AF9-9604-01EEA341B50D}] => (Allow) C:\Program Files (x86)\BitTorrent\BitTorrent.exe
FirewallRules: [{574514CE-4D9B-4A8F-958C-386B9EDD9847}] => (Allow) C:\Program Files (x86)\BitTorrent\BitTorrent.exe
FirewallRules: [{D6441A5C-DCCE-4D58-856C-FB0395473E35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sonic generations\SonicGenerations.exe
FirewallRules: [{4C7EBBFB-56CB-4725-88CA-297F5534E9E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sonic generations\SonicGenerations.exe
FirewallRules: [{9B22F50C-1DBD-46C1-B2AF-78FA10D2A78A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sonic generations\ConfigurationTool.exe
FirewallRules: [{0F3F3678-0B3A-4379-8EF6-F3346E94461A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sonic generations\ConfigurationTool.exe
FirewallRules: [TCP Query User{50338E27-E6B9-47F0-AD77-EA835DA1F6A2}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{EB80D78B-C335-49EC-9309-8980231EA858}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{FFDC69B8-5A7F-4482-B28C-4366FE3BD6D1}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{FA1FD098-0A87-4908-974B-BE47F731A2B4}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{E473114A-E0B4-453F-AD9B-5D1B893F7940}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\psychonauts\Psychonauts.exe
FirewallRules: [{7BDB083D-8204-492C-B540-4D76B92AAF83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\psychonauts\Psychonauts.exe
FirewallRules: [{2DAB33BE-C868-44AC-9C60-E2DFD9DCB764}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{685005F0-F7DE-40D2-87D7-FCF0AE2276C5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E67B1A3B-BA0E-4139-A9C0-E2D8CFDFE1B1}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{642FFEE4-F7E6-4C22-BAF3-D96CFDCA1993}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{42749BC6-8203-447D-BC8E-D9A7D113E423}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{33AE510B-6321-4064-81F3-7F6106189C42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{37FBC56B-5544-4706-AF04-C2F716FCF6F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Binaries\APB.exe
FirewallRules: [{B63809F9-AEE8-4906-8BAD-00A151B53D99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Binaries\APB.exe
FirewallRules: [{84466634-90A4-44AF-902C-064556549543}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{207B2274-BC3F-4352-84BC-5AC50DC4A593}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{DE02449E-9866-43BE-992D-CD8A9D06B008}] => (Allow) LPort=9322
FirewallRules: [{F6661A93-461D-4032-BB3B-FE9EAAE3A86F}] => (Allow) LPort=5353
FirewallRules: [{C6243754-023E-4DA5-ABD3-8BC8DE0BAD48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\1000 amps\1000AmpsReWin.exe
FirewallRules: [{205AFD3C-A130-47F0-BD5E-716412839EC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\1000 amps\1000AmpsReWin.exe
FirewallRules: [{29C1B15C-ADFF-4F29-9E2D-F220B99E43EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the void\bin\win32\Game.exe
FirewallRules: [{06864979-EF1C-4271-9D03-CB6142CA6747}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the void\bin\win32\Game.exe
FirewallRules: [{597BB4C1-DB42-4176-931B-7569FAE5D237}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the void\bin\win32\Config.exe
FirewallRules: [{A2AC631B-30B7-4A46-AE29-F54A1F13F489}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the void\bin\win32\Config.exe
FirewallRules: [{58EBE00D-AF07-4BC0-AE98-749221AE696C}] => (Allow) LPort=5353
FirewallRules: [{D167CD56-F4B3-4632-ADEB-5AC9D313B14B}] => (Allow) C:\Program Files\SmartFTP Client\SmartFTP.exe
FirewallRules: [{BF4EDE23-A9D7-47E5-83A4-320FEDC4C427}] => (Allow) C:\Program Files\SmartFTP Client\SmartFTP.exe
FirewallRules: [{B427B319-BEC3-459B-9AF4-5ACEDF197436}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\bit.trip runner\runner.exe
FirewallRules: [{B97EF69B-C3EC-4D4A-AF57-1597A16C2A59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\bit.trip runner\runner.exe
FirewallRules: [{86D691C3-060F-4B9A-A890-20331B6AEAB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nightsky\NightSky.exe
FirewallRules: [{449DEEAE-6FB1-4675-ADC2-295177D4752B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nightsky\NightSky.exe
FirewallRules: [{C25FA388-D5FC-4641-A5BC-C0223E428606}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\super meat boy\SuperMeatBoy.exe
FirewallRules: [{3D4FB10E-B318-4E42-85AB-C079396436A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\super meat boy\SuperMeatBoy.exe
FirewallRules: [{0DA6BD4A-CDC2-424D-AE15-055E99F3674D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shank\bin\Shank.exe
FirewallRules: [{B5C47223-8467-4D5F-8FE4-D8D5458B6FC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shank\bin\Shank.exe
FirewallRules: [TCP Query User{D8F0F584-81AE-4CBE-BC66-7C91F0CA757D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{4D702B4A-91DC-4E9D-93A0-AC1B62BC3C80}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{556C0A55-26D7-4EF1-977D-F524D14EAA5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ValveTestApp206500\AirMech.exe
FirewallRules: [{9B71D93F-C8F5-4C51-9A3F-6FE0A59A290F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ValveTestApp206500\AirMech.exe
FirewallRules: [{2681B62E-F72E-486E-9B32-8FBC69B8642C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Launcher\APBLauncher.exe
FirewallRules: [{F91CF6C0-71BA-44ED-BDDA-64E40BB30D37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Launcher\APBLauncher.exe
FirewallRules: [{E349B831-439F-4BBE-AFD2-40E3C1CA4533}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shank\bin\Shank.exe
FirewallRules: [{059297C7-3238-4037-BD5B-26B0BC3AEC53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shank\bin\Shank.exe
FirewallRules: [{41284F35-FC6B-4A86-8348-3FAE9D39EB26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{50F57945-BBA4-4627-A4AB-CB71CBF0C92B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{B12806CD-AB86-476F-A3F4-B9FA59682886}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Happy Song Prototype\AfMana.exe
FirewallRules: [{C9294F17-2BFD-45BB-85E8-FAD8C4432CF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Happy Song Prototype\AfMana.exe
FirewallRules: [{CD475F26-934A-4B63-9A3A-63BD8C20111E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Costume Quest Prototype\AfCq.exe
FirewallRules: [{0AF520D2-AEB7-43AB-B814-DB42499AD568}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Costume Quest Prototype\AfCq.exe
FirewallRules: [{9E9C2A7F-8994-46E1-956E-74148B3651C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{EA79B31C-D47F-472E-B47B-82C1B8E44279}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{5F23D846-3F1E-44AF-B9E2-4064BF4DA31B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nightsky\NightSky.exe
FirewallRules: [{CC2D1246-9782-4F07-A6FD-D86B290F7F9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nightsky\NightSky.exe
FirewallRules: [{A5760A0D-EE36-40C9-B6D8-A857F607C6D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\jamestown\Jamestown.exe
FirewallRules: [{936CCF71-4D35-42BC-8D9F-0BE411ABA2BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\jamestown\Jamestown.exe
FirewallRules: [TCP Query User{5DCB20E1-016E-4820-8E66-EE172648BCA5}C:\program files (x86)\avid\pro tools\protools.exe] => (Block) C:\program files (x86)\avid\pro tools\protools.exe
FirewallRules: [UDP Query User{AFC25767-2EAC-4111-8E03-CEC772ED281E}C:\program files (x86)\avid\pro tools\protools.exe] => (Block) C:\program files (x86)\avid\pro tools\protools.exe
FirewallRules: [TCP Query User{DA2641FC-5041-4CE9-804A-EB484719BEA8}C:\program files (x86)\microsoft games\age of empires ii trial\empires2.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii trial\empires2.exe
FirewallRules: [UDP Query User{11D439DC-C8CC-43C2-8A02-87087B419858}C:\program files (x86)\microsoft games\age of empires ii trial\empires2.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii trial\empires2.exe
FirewallRules: [{8A9C595E-3F18-476B-AE48-6C6A586E2E35}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{B904A7D0-5234-447C-9D0D-56C36F7E7457}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{01CB2E5B-EE01-4B3F-AAAD-AA2D61314D43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{13FA6969-9752-4D11-9BA8-53E3EE022013}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{F1A2D318-4BF7-4C34-98E7-38F3A5A019F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{19340688-FD08-4EB5-8C3F-28910E10C1D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{7ED37072-060B-4B5B-98C2-1638098E829C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AirMech\AirMech.exe
FirewallRules: [{0CD05A6A-4EB7-4E84-9FD7-58A48DCD505F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AirMech\AirMech.exe
FirewallRules: [{AC23CA74-D891-4F1B-8833-FCF0DFA3BB88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\jamestown\Jamestown.exe
FirewallRules: [{409A79FF-C392-4658-953A-47F28A991237}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\jamestown\Jamestown.exe
FirewallRules: [{40B41F7B-47FA-48F3-AA59-448EFB0C3755}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{6E9B7B2C-6EAD-427F-B098-120F07E37217}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{81639932-44A5-4296-A21F-6E35338F6B05}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{94D68EA4-B54C-4B53-B61F-8925901E2757}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [TCP Query User{E05B0042-18CB-4EE5-90A2-E1FB7BBB2ED5}C:\users\guest\downloads\processing-2.0.3\java\bin\java.exe] => (Block) C:\users\guest\downloads\processing-2.0.3\java\bin\java.exe
FirewallRules: [UDP Query User{57A90151-95D8-498E-B31B-0C94AC9D7A15}C:\users\guest\downloads\processing-2.0.3\java\bin\java.exe] => (Block) C:\users\guest\downloads\processing-2.0.3\java\bin\java.exe
FirewallRules: [{0A5B256D-D6B4-46DF-A056-7B531A0D4B5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Ship\ship.exe
FirewallRules: [{B0CACA92-70D1-4F4D-8084-31032966ECB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Ship\ship.exe
FirewallRules: [{6872919C-C2A6-492A-9991-CAC0EC87FB14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\bit.trip runner\RUNNER.exe
FirewallRules: [{7A5DF5C1-697F-4701-B620-DF1B019640CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\bit.trip runner\RUNNER.exe
FirewallRules: [TCP Query User{722711DF-B7A8-4394-AA3A-A6DE3144EDA4}C:\users\guest\downloads\vvvv_45beta31_x64\vvvv.exe] => (Block) C:\users\guest\downloads\vvvv_45beta31_x64\vvvv.exe
FirewallRules: [UDP Query User{B5113118-C924-492C-ABD9-982F7F1354ED}C:\users\guest\downloads\vvvv_45beta31_x64\vvvv.exe] => (Block) C:\users\guest\downloads\vvvv_45beta31_x64\vvvv.exe
FirewallRules: [{C5D1D083-F0D9-4FA9-8967-D888879CA30C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AirMech\AirMech.exe
FirewallRules: [{871904A1-F1A1-46E4-BC00-11BBBAAEC503}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AirMech\AirMech.exe
FirewallRules: [{E991EC79-760E-43AD-8171-990ABD5FE943}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{3365555E-6E14-44E3-8BE3-B350196680DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D317C3C6-1819-47A5-92B9-44FB5AC0873C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4FEECA2C-4FFA-4453-8201-5810798FE304}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6CC24E5E-F787-47B5-BEF7-4C3FC472B1E0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{FF973506-9EE7-4B6B-A283-A309F0FE6AE2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{D18B815D-F17B-43AC-8DDD-C37CAD169D59}C:\program files (x86)\supercollider-3.6.6\scide.exe] => (Allow) C:\program files (x86)\supercollider-3.6.6\scide.exe
FirewallRules: [UDP Query User{42A63C85-64FF-45CB-B351-5CE691C434A4}C:\program files (x86)\supercollider-3.6.6\scide.exe] => (Allow) C:\program files (x86)\supercollider-3.6.6\scide.exe
FirewallRules: [TCP Query User{AD104C11-E48F-4F7A-ACEB-02D190ADBDDE}C:\program files (x86)\supercollider-3.6.6\sclang.exe] => (Allow) C:\program files (x86)\supercollider-3.6.6\sclang.exe
FirewallRules: [UDP Query User{83CA8541-4AB4-4529-AA15-E91D9237CD69}C:\program files (x86)\supercollider-3.6.6\sclang.exe] => (Allow) C:\program files (x86)\supercollider-3.6.6\sclang.exe
FirewallRules: [TCP Query User{3047900D-93F2-4A38-936D-21E1925FF0E2}C:\program files (x86)\pd\bin\pd.exe] => (Allow) C:\program files (x86)\pd\bin\pd.exe
FirewallRules: [UDP Query User{ABB4EB93-5441-4391-9C2B-1C7A725A7390}C:\program files (x86)\pd\bin\pd.exe] => (Allow) C:\program files (x86)\pd\bin\pd.exe
FirewallRules: [TCP Query User{9DBB9A17-F2F5-4577-AC1C-EF97D1B9C0ED}C:\users\alec\appdata\local\id software\quakelive\quakelive.exe] => (Allow) C:\users\alec\appdata\local\id software\quakelive\quakelive.exe
FirewallRules: [UDP Query User{D18A2EA5-5A1E-4304-BABA-E849D5836BDB}C:\users\alec\appdata\local\id software\quakelive\quakelive.exe] => (Allow) C:\users\alec\appdata\local\id software\quakelive\quakelive.exe
FirewallRules: [TCP Query User{44BC7030-5D32-4D9D-A788-2F91EEDC3505}C:\python25\pythonw.exe] => (Block) C:\python25\pythonw.exe
FirewallRules: [UDP Query User{C84268A2-00A7-47D4-B690-83BA976E53C5}C:\python25\pythonw.exe] => (Block) C:\python25\pythonw.exe
FirewallRules: [TCP Query User{2318B685-CA80-4F4C-9644-6BBF39999C67}C:\users\alec\downloads\processing-2.2.1\java\bin\java.exe] => (Allow) C:\users\alec\downloads\processing-2.2.1\java\bin\java.exe
FirewallRules: [UDP Query User{EB93ED29-D187-4181-9A90-8988985ED007}C:\users\alec\downloads\processing-2.2.1\java\bin\java.exe] => (Allow) C:\users\alec\downloads\processing-2.2.1\java\bin\java.exe
FirewallRules: [TCP Query User{665F6A6B-7FB7-41A4-884B-5742752BA084}C:\program files\cycling '74\max 7\max.exe] => (Allow) C:\program files\cycling '74\max 7\max.exe
FirewallRules: [UDP Query User{9A0C997B-AB5F-4487-BAFF-8F3E0B0FA58E}C:\program files\cycling '74\max 7\max.exe] => (Allow) C:\program files\cycling '74\max 7\max.exe
FirewallRules: [TCP Query User{6E09A811-9B4C-44DB-9D66-FC55249404D8}D:\cinema 4d\cinema 4d teamrender client.exe] => (Allow) D:\cinema 4d\cinema 4d teamrender client.exe
FirewallRules: [UDP Query User{5F5E71ED-6FEC-4B17-8DD1-26A48C135313}D:\cinema 4d\cinema 4d teamrender client.exe] => (Allow) D:\cinema 4d\cinema 4d teamrender client.exe
FirewallRules: [TCP Query User{DBD66EC4-5A99-46E9-A73C-929E4CDF6AB3}C:\program files (x86)\cycling '74\max 7\max.exe] => (Allow) C:\program files (x86)\cycling '74\max 7\max.exe
FirewallRules: [UDP Query User{929A8EEE-6782-4167-B391-718F89DD3420}C:\program files (x86)\cycling '74\max 7\max.exe] => (Allow) C:\program files (x86)\cycling '74\max 7\max.exe
FirewallRules: [{A5AF34E6-650C-4960-B66C-AD177FA233DC}] => (Block) C:\program files (x86)\cycling '74\max 7\max.exe
FirewallRules: [{F691C8B9-723E-4678-A5E1-962B0FD6116F}] => (Block) C:\program files (x86)\cycling '74\max 7\max.exe
FirewallRules: [{B8B40665-4ACE-45D1-8CF3-C0ECB8254238}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{90274755-7A5B-44A9-A96E-B92E52CB2938}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BDE5BD16-34D8-4747-BD36-8A1FF7E2F1D0}C:\program files (x86)\bitwig studio 1.0.4\bitwig studio.exe] => (Block) C:\program files (x86)\bitwig studio 1.0.4\bitwig studio.exe
FirewallRules: [UDP Query User{33A6F802-548A-430E-A812-DC3853C74594}C:\program files (x86)\bitwig studio 1.0.4\bitwig studio.exe] => (Block) C:\program files (x86)\bitwig studio 1.0.4\bitwig studio.exe
FirewallRules: [{B0E3318F-B776-4772-8FD6-CD1AA9F348D6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\BT Common Client\SwiApiMux.exe] => Enabled:SwiApiMux
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: BTWSp50a64 NDIS Protocol Driver
Description: BTWSp50a64 NDIS Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: BTWSp50a64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/08/2016 03:46:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/08/2016 03:28:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/07/2016 11:35:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/07/2016 11:05:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/07/2016 10:58:35 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: Microsoft.SqlServer.Management.SmoMetadataProvider, Version=10.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91 . Error code = 0x80070002
 
Error: (02/07/2016 10:58:35 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: Microsoft.SqlServer.Management.SmoMetadataProvider, Version=10.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91 . Error code = 0x80070002
 
Error: (02/07/2016 10:48:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/07/2016 10:02:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: NT AUTHORITY)
Description: Installing the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (02/07/2016 10:02:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3013) (User: NT AUTHORITY)
Description: Unable to update the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the error code.
 
Error: (02/07/2016 09:52:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: NT AUTHORITY)
Description: Installing the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
 
System errors:
=============
Error: (02/08/2016 10:46:30 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%5
 
Error: (02/08/2016 10:46:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%5
 
Error: (02/08/2016 10:46:30 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80070005
 
Error: (02/08/2016 10:46:29 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%5
 
Error: (02/08/2016 10:46:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%5
 
Error: (02/08/2016 10:46:29 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80070005
 
Error: (02/08/2016 10:46:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%5
 
Error: (02/08/2016 10:46:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%5
 
Error: (02/08/2016 10:46:18 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80070005
 
Error: (02/08/2016 03:50:47 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0826: Security Update for Windows 7 for x64-based Systems (KB3087039).
 
 
CodeIntegrity:
===================================
  Date: 2016-02-07 04:35:07.639
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows\System32\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-07 04:35:07.463
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows\System32\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-07 04:35:07.292
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows\System32\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-07 04:35:07.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows\System32\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-07 04:32:25.322
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-07 04:32:25.152
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-07 04:32:24.981
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-07 04:32:24.812
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-07 04:11:28.928
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Iomega\Local Disk\Windows\System32\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-07 04:11:28.748
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Iomega\Local Disk\Windows\System32\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 28%
Total physical RAM: 8109.24 MB
Available physical RAM: 5769.27 MB
Total Virtual: 16216.69 MB
Available Virtual: 13660.41 MB
 
==================== Drives ================================
 
Drive c: (New) (Fixed) (Total:232.88 GB) (Free:17.76 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Iomega HDD) (Fixed) (Total:465.76 GB) (Free:89.42 GB) NTFS
Drive e: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:114.68 GB) NTFS
Drive g: (WDO_MEDIA64) (Removable) (Total:1.92 GB) (Free:1.47 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 510A5109)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: CB4A53FB)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 547E39A6)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1.9 GB) (Disk ID: 000C4335)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0B)
 
==================== End of Addition.txt ============================
 
 
And finally, the summary is attached. 


#4 AlecGordon

AlecGordon
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 08 February 2016 - 07:22 AM

Ah, it didn't attach properly, I'll attach it to this one 

Attached Files



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:09 PM

Posted 08 February 2016 - 10:57 AM

You give me far too much credit my friend, your computer isn't fixed yet!

Do these look familiar to you?

MultiBit
C:\Users\Alec\Desktop\lololololol.exe
C:\Users\Alec\Desktop\New folder\Archives\bf1942\Levels\abtf.exe


-----

Can you describe exactly what happens when you try to run Malwarebytes.

When did you start receiving the Windows not genuine warning? Did you try to upgrade to Windows 10?

-----

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-16190850-2541859866-396269904-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = 
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
S2 BTWSp50a64; SysWOW64\Drivers\BTWSp50a64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MFE_RR; \??\C:\Users\Alec\AppData\Local\Temp\mfe_rr.sys [X]
Task: {55693D8F-90C1-4B1C-B1FA-D4761A5725E6} - System32\Tasks\{9BCB8018-3898-4512-9C11-3FBB6684DD78} => pcalua.exe -a F:\autorun.exe -d F:\
Task: {61D97733-C5F3-4124-BB01-06A3858262B5} - \DealPlyUpdate -> No File <==== ATTENTION
Task: {BF997542-5DAD-446C-B7FA-EB4EE2E711C2} - \DealPly -> No File <==== ATTENTION
Task: {F75C5881-CD09-437D-B7CC-ABC1D50D4A25} - System32\Tasks\{CC3012D3-D4D3-4737-BD65-3F0EE7237CF8} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{B97A0C89-29C0-4682-902C-364109A9857C}\setup.exe" -c -runfromtemp -l0x0409
AlternateDataStreams: C:\Users\Alec\Cookies:wxnZnWqEnAKN0SFOgo5NoriJ
AlternateDataStreams: C:\Users\Alec\AppData\Local\K5QzDO6wn:1VZ48cJfwcbL0tVlFLA
AlternateDataStreams: C:\Users\Alec\AppData\Local\Temp:3aCe00V7RP9NXo6QnMB1FGCojO
AlternateDataStreams: C:\Users\Alec\AppData\Local\Temp:c6WmAwdcTDwxjRiBp
AlternateDataStreams: C:\Users\Alec\AppData\Local\Temp:eGjS8e09YamB1Z3czrkZX4Yl8Nhf
AlternateDataStreams: C:\Users\Alec\AppData\Local\Temp:QMFBVSAnCZZGEyO5Vlx8Bb7cdR9
AlternateDataStreams: C:\Users\Alec\AppData\Local\Temp:ScV8Tj9nfyYaJMF9RvUq8OC
AlternateDataStreams: C:\Users\Alec\AppData\Local\Temporary Internet Files:7S9A8HKQKvqgZ3QEsTJ
AlternateDataStreams: C:\Users\Alec\AppData\Local\zsEKRvIABbj:WjW0bqcKLY4jJksMyz37u9
AlternateDataStreams: C:\Users\Alec\AppData\Local\zXmJe3reAmT1l8:hd1vEmR8SwVcbBxiffs4BWB
AlternateDataStreams: C:\ProgramData\Microsoft:7z1wEv5Xzl6wT4GqmfGscWddkw
AlternateDataStreams: C:\ProgramData\Microsoft:sO4HPagV81CV11xiB67EUi
AlternateDataStreams: C:\ProgramData\Microsoft:x23L6PF4svAxYurrqGotCTCNL
AlternateDataStreams: C:\ProgramData\Microsoft:z1RmIroVh4ssfymkxpy8DNs
AlternateDataStreams: C:\ProgramData\TEMP:C8B8CEBD
CMD: type "C:\ComboFix.txt"
File: C:\ComboFix.txt
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Replies to questions
  • Fixlog
  • UPdate on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 AlecGordon

AlecGordon
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 08 February 2016 - 11:39 AM

The multibit files are not familiar. I installed multibit a few years ago and haven't used it since. If I search for those files, they don't appear anywhere, hidden or unhidden. 

 

I've uninstalled Bittorrent - I probably shouldn't have it anyway, it's kind of asking for trouble. 

 

When I run Malware Bytes it will come to the end of a scan, and then crash on heuristic analysis. If I uninstall it, the uninstalled crashes, and if I try to repair it, it also crashes. 

 

I've tried to update to Windows 10, but it doesn't work. I have the tray icon, but when I click upgrade to 10 it just tells me to wait until microsoft email me. 

 

Here is the contents of the fixlog - 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Alec (2016-02-08 16:28:03) Run:1
Running from C:\Users\Alec\Desktop
Loaded Profiles: Alec (Available Profiles: Alec & UpdatusUser & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-16190850-2541859866-396269904-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = 
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
S2 BTWSp50a64; SysWOW64\Drivers\BTWSp50a64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MFE_RR; \??\C:\Users\Alec\AppData\Local\Temp\mfe_rr.sys [X]
Task: {55693D8F-90C1-4B1C-B1FA-D4761A5725E6} - System32\Tasks\{9BCB8018-3898-4512-9C11-3FBB6684DD78} => pcalua.exe -a F:\autorun.exe -d F:\
Task: {61D97733-C5F3-4124-BB01-06A3858262B5} - \DealPlyUpdate -> No File <==== ATTENTION
Task: {BF997542-5DAD-446C-B7FA-EB4EE2E711C2} - \DealPly -> No File <==== ATTENTION
Task: {F75C5881-CD09-437D-B7CC-ABC1D50D4A25} - System32\Tasks\{CC3012D3-D4D3-4737-BD65-3F0EE7237CF8} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{B97A0C89-29C0-4682-902C-364109A9857C}\setup.exe" -c -runfromtemp -l0x0409
AlternateDataStreams: C:\Users\Alec\Cookies:wxnZnWqEnAKN0SFOgo5NoriJ
AlternateDataStreams: C:\Users\Alec\AppData\Local\K5QzDO6wn:1VZ48cJfwcbL0tVlFLA
AlternateDataStreams: C:\Users\Alec\AppData\Local\Temp:3aCe00V7RP9NXo6QnMB1FGCojO
AlternateDataStreams: C:\Users\Alec\AppData\Local\Temp:c6WmAwdcTDwxjRiBp
AlternateDataStreams: C:\Users\Alec\AppData\Local\Temp:eGjS8e09YamB1Z3czrkZX4Yl8Nhf
AlternateDataStreams: C:\Users\Alec\AppData\Local\Temp:QMFBVSAnCZZGEyO5Vlx8Bb7cdR9
AlternateDataStreams: C:\Users\Alec\AppData\Local\Temp:ScV8Tj9nfyYaJMF9RvUq8OC
AlternateDataStreams: C:\Users\Alec\AppData\Local\Temporary Internet Files:7S9A8HKQKvqgZ3QEsTJ
AlternateDataStreams: C:\Users\Alec\AppData\Local\zsEKRvIABbj:WjW0bqcKLY4jJksMyz37u9
AlternateDataStreams: C:\Users\Alec\AppData\Local\zXmJe3reAmT1l8:hd1vEmR8SwVcbBxiffs4BWB
AlternateDataStreams: C:\ProgramData\Microsoft:7z1wEv5Xzl6wT4GqmfGscWddkw
AlternateDataStreams: C:\ProgramData\Microsoft:sO4HPagV81CV11xiB67EUi
AlternateDataStreams: C:\ProgramData\Microsoft:x23L6PF4svAxYurrqGotCTCNL
AlternateDataStreams: C:\ProgramData\Microsoft:z1RmIroVh4ssfymkxpy8DNs
AlternateDataStreams: C:\ProgramData\TEMP:C8B8CEBD
CMD: type "C:\ComboFix.txt"
File: C:\ComboFix.txt
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => key removed successfully
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found. 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-16190850-2541859866-396269904-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
BTWSp50a64 => service removed successfully
catchme => service removed successfully
MFE_RR => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55693D8F-90C1-4B1C-B1FA-D4761A5725E6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55693D8F-90C1-4B1C-B1FA-D4761A5725E6}" => key removed successfully
C:\Windows\System32\Tasks\{9BCB8018-3898-4512-9C11-3FBB6684DD78} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9BCB8018-3898-4512-9C11-3FBB6684DD78}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61D97733-C5F3-4124-BB01-06A3858262B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61D97733-C5F3-4124-BB01-06A3858262B5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF997542-5DAD-446C-B7FA-EB4EE2E711C2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF997542-5DAD-446C-B7FA-EB4EE2E711C2}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F75C5881-CD09-437D-B7CC-ABC1D50D4A25}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F75C5881-CD09-437D-B7CC-ABC1D50D4A25}" => key removed successfully
C:\Windows\System32\Tasks\{CC3012D3-D4D3-4737-BD65-3F0EE7237CF8} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CC3012D3-D4D3-4737-BD65-3F0EE7237CF8}" => key removed successfully
"C:\Users\Alec\Cookies" => ":wxnZnWqEnAKN0SFOgo5NoriJ" ADS not found.
C:\Users\Alec\AppData\Local\K5QzDO6wn => ":1VZ48cJfwcbL0tVlFLA" ADS removed successfully.
C:\Users\Alec\AppData\Local\Temp => ":3aCe00V7RP9NXo6QnMB1FGCojO" ADS removed successfully.
C:\Users\Alec\AppData\Local\Temp => ":c6WmAwdcTDwxjRiBp" ADS removed successfully.
C:\Users\Alec\AppData\Local\Temp => ":eGjS8e09YamB1Z3czrkZX4Yl8Nhf" ADS removed successfully.
C:\Users\Alec\AppData\Local\Temp => ":QMFBVSAnCZZGEyO5Vlx8Bb7cdR9" ADS removed successfully.
C:\Users\Alec\AppData\Local\Temp => ":ScV8Tj9nfyYaJMF9RvUq8OC" ADS removed successfully.
"C:\Users\Alec\AppData\Local\Temporary Internet Files" => ":7S9A8HKQKvqgZ3QEsTJ" ADS not found.
C:\Users\Alec\AppData\Local\zsEKRvIABbj => ":WjW0bqcKLY4jJksMyz37u9" ADS removed successfully.
C:\Users\Alec\AppData\Local\zXmJe3reAmT1l8 => ":hd1vEmR8SwVcbBxiffs4BWB" ADS removed successfully.
C:\ProgramData\Microsoft => ":7z1wEv5Xzl6wT4GqmfGscWddkw" ADS removed successfully.
C:\ProgramData\Microsoft => ":sO4HPagV81CV11xiB67EUi" ADS removed successfully.
C:\ProgramData\Microsoft => ":x23L6PF4svAxYurrqGotCTCNL" ADS removed successfully.
C:\ProgramData\Microsoft => ":z1RmIroVh4ssfymkxpy8DNs" ADS removed successfully.
C:\ProgramData\TEMP => ":C8B8CEBD" ADS removed successfully.
 
=========  type "C:\ComboFix.txt" =========
 
The system cannot find the file specified.
 
========= End of CMD: =========
 
 
========================= File: C:\ComboFix.txt ========================
 
"C:\ComboFix.txt" => not found.
====== End of File: ======
 
 
 
The system needed a reboot.
 
==== End of Fixlog 16:28:04 ====
 
 
Also, after I ran that, CCleaner alerted me that I could clear 4gbs of space. I'm not sure if I trust it though, so I'm leaving well alone. 


#7 AlecGordon

AlecGordon
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 08 February 2016 - 11:42 AM

I received the "Windows is not Genuine warning" on Saturday morning. The first boot, it wouldn't load windows, the desktop was just back and around the edges it said something like "This is not a genuine copy of Windows". The second load gave me a pop-up telling me to connect to the internet to make windows genuine. Now when I load, it doesn't tell me that it isn't, but my desktop background is black. 



#8 AlecGordon

AlecGordon
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 08 February 2016 - 11:55 AM

Also, I forgot to mention, Malware Bytes has a bunch of web exclusions added that I cannot remove. 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:09 PM

Posted 08 February 2016 - 03:21 PM

Thanks for the information.

The Mulitbit entry appears to be a leftover.
 

but my desktop background is black.

Do you have you desktop icons?

Please do this.

===================================================

MGADiag Tool

-------------------
  • Download MGADiag Tool and save it to your desktop
  • Double click the icon then if necessary click OK on the Executable File warning
  • Click Run, then Continue
  • Once completed a Microsoft Genuine Advantage Diagnostic Tool screen will open and be populated with system information
  • Click Copy
  • Press the Windows Key + R at the same time
  • Type Notepad and press Enter
  • Right click inside the Notepad document and select Paste
  • Save the file on your Desktop as WGA.txt
  • Upload the file here
  • Let me know when the file has been uploaded
===================================================

Malwarebytes Cleanup Utility and Reinstall

--------------------===================================================

Zoek by Smeenk

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected then click Run Script
  • Type 3 in the lower box to Perform only a Deep Scan then click OK
  • Wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Icons?
  • Uploaded WGA.txt file
  • Did Malwarebytes uninstall and reinstall?
  • Zoek report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:09 PM

Posted 08 February 2016 - 03:58 PM

Thanks for uploading the file. I wanted to verify your Windows is considered genuine and it is. :thumbsup2:
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 AlecGordon

AlecGordon
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 08 February 2016 - 04:33 PM

The icons are still there, and malware bytes has uninstalled/reinstalled. Zoek was taking a while, but it's going now. When I checked task manager to see if it was running I spotted PEVZ.exe in my temp files.

 

Here are the zoek results -

 
 
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Alec on 08/02/2016 at 21:11:16.22.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Alec\Desktop\zoek.exe [Scan all users]   [Deep Scan] 
 
==== System Restore Info ======================
 
08/02/2016 21:24:08 Zoek.exe System Restore Point Created Successfully.
 
==== Running Processes ======================
 
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Users\Alec\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
 
==== System Specs ======================
 
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8110 MB
CPU Info: Intel® Core™ i3-2100 CPU @ 3.10GHz
CPU Speed: 3089.7 MHz
Sound Card: Speakers (High Definition Audio | 
Display Adapters: Intel® HD Graphics | Intel® HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; LG E2251(Analog) | 
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) | VirtualBox Host-Only Ethernet Adapter
CD / DVD Drives: 1x (F: | ) F: MagicISOVirtual DVD-ROM
Ports: COM1 | COM2 LPT1
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  232.9GB | D:  465.8GB | E:  931.5GB
Hard Disks - Free: C:  33.9GB | D:  89.4GB | E:  114.7GB
Manufacturer *: Award Software International, Inc.
BIOS Info: AT/AT COMPATIBLE | 10/12/11 | ACRSYS - 42302e31
Time Zone: GMT Standard Time
Motherboard *: Gigabyte Technology Co., Ltd. H61M-USB3-B3
Country: United Kingdom 
Language: ENG 
 
==== System Specs (Software) ======================
 
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Internet Explorer Version: 11.0.9600.17801 
Mozilla Firefox version: 41.0.1 (x86 en-GB)
Google Chrome version: 48.0.2564.97
Adobe Reader version: 10.1.6.1
Sun Java version: 1.7.0_71 (32-bit) 
Sun Java version: 1.7.0_01 (64-bit) 
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
2016-02-05 10:45:49 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2016-02-05 10:45:49 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2016-02-05 10:45:49 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2016-02-05 10:45:49 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2016-02-05 10:45:49 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
2016-02-05 02:46:56 BC98497FAB0EF348EBDE237F5BF52B64 67584 --s-a-w- C:\Windows\BootStat.dat
2016-02-04 22:09:29 093679E9CA5CB41661F9068FB22D406F 2243 ----a-w- C:\Windows\epplauncher.mif
2016-02-01 13:52:25 B32189BDFF6E577A92BAA61AD49264E6 193536 ----a-w- C:\Windows\notepad.exe
====== C:\Users\Alec\AppData\Local\Temp ====
2016-02-07 21:50:49 2F9C7FDA92C346CB5AA32091536AE0CB 43520 ----a-w- C:\Users\Alec\AppData\Local\Temp\jrt\nfo\nircmdc.exe
2016-02-06 22:05:02 6C6BD2CFDAE5B2704E213DA766558706 637440 ----a-w- C:\Users\Alec\AppData\Local\Temp\sqlite-3.8.0-x86-sqlitejdbc.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2016-02-06 22:11:52 0D0FF2A38473552DDFF4F21756700F9B 50688 ----a-w- C:\Windows\SysWOW64\appidapi.dll
2016-02-06 22:11:39 C1096DA4634AD3356A10C00B24F53393 22368 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-02-06 22:11:39 B23936CF83DAC4B64660A88711B5234A 12128 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-02-06 22:11:39 9D66FCC681389EC619D4E801F1DDBB2F 17760 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-02-06 22:11:39 8E534F49C77D787DB69BABFF931A497A 12640 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-02-06 22:11:39 85CEBA9A21CE5D51B35EF2DE9EBFBAC4 12128 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-02-06 22:11:39 80BEB858D2EEE9CA657647B599E5D844 11616 ----a-w- C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-02-06 22:11:39 6C7F782FDBF9AEFFE7663FA1579A610E 17760 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-02-06 22:11:39 4669249FB01EA369C7FD40A530966FA1 12640 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-02-06 22:11:39 00A0A24BB2E9AADE11494B627EB164C4 12640 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-02-06 22:11:38 CBF3CFC9EE1FD29707D95C63A5E7A78B 19808 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-02-06 22:11:38 9F9FE5F52E9B2AD655C896B849883B1A 12128 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-02-06 22:11:38 94FEB4417CF3E39C8C58A1B73620687E 66400 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-02-06 22:11:38 73CED8B30963E54D262DAE2559116E46 13664 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-02-06 22:11:38 5B55E9A1360A6C52CC988DA6804D6CA2 901264 ----a-w- C:\Windows\SysWOW64\ucrtbase.dll
2016-02-06 22:11:38 408019E57D3D2DA62A9F28389EED0AC1 16224 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-02-06 22:11:38 39F9D0F1B698D53D78C79576C7C60526 14176 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-02-06 22:11:38 33E8CCBE05123C8146CD16293B688417 15712 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-02-06 22:10:12 D7C4ABB0F1FFA371928EED0C7A6E24DC 2364416 ----a-w- C:\Windows\SysWOW64\msi.dll
2016-02-06 22:10:12 7B4277F9E9F48D5D8E6AEA341F8048E8 1805824 ----a-w- C:\Windows\SysWOW64\authui.dll
2016-02-06 22:10:10 F61A069A5517F85662ED9A6C5AD5445A 73216 ----a-w- C:\Windows\SysWOW64\msiexec.exe
2016-02-06 22:10:10 C08582E7F8EA706A2D4A3C7BD5AC35C1 337408 ----a-w- C:\Windows\SysWOW64\msihnd.dll
2016-02-06 22:10:09 A344B1EFA7DB86AE1407039CD596FB1E 25088 ----a-w- C:\Windows\SysWOW64\msimsg.dll
2016-02-06 22:09:53 CE21524C53E9671A7108B28FB9B4E474 1251328 ----a-w- C:\Windows\SysWOW64\DWrite.dll
2016-02-06 22:09:52 680D463893C9846CC6A1DA6012DD0FE5 299520 ----a-w- C:\Windows\SysWOW64\atmfd.dll
2016-02-06 22:09:47 965CFC7687F0D188F215DC142FC8F6A1 1987584 ----a-w- C:\Windows\SysWOW64\d3d10warp.dll
2016-02-06 22:09:47 7983F3481E89B96074FAE9AFCC24079C 70656 ----a-w- C:\Windows\SysWOW64\fontsub.dll
2016-02-06 22:09:47 520AEC6C64AF2CFD74B469DB98611D4A 10240 ----a-w- C:\Windows\SysWOW64\dciman32.dll
2016-02-06 22:09:47 400C20D6967A83EA69D6953EBB8D3FA3 34304 ----a-w- C:\Windows\SysWOW64\atmlib.dll
2016-02-06 22:09:46 9E2F12744DD9810961031C56FBB691F4 25600 ----a-w- C:\Windows\SysWOW64\lpk.dll
2016-02-06 21:34:19 D5AFC3A476925CE740B7079D9BD2D269 295936 ----a-w- C:\Windows\SysWOW64\apphelp.dll
2016-02-06 21:34:19 2996B3E7BBA42BEA62D386D9386EDE97 20992 ----a-w- C:\Windows\SysWOW64\sdbinst.exe
2016-02-06 21:34:19 15DDF8D059752C6CBE3DCDCAA1264F45 5120 ----a-w- C:\Windows\SysWOW64\shimeng.dll
2016-02-06 21:34:13 6E91F67335D57DDFFE798C815444B0E3 210432 ----a-w- C:\Windows\SysWOW64\cewmdm.dll
2016-02-06 21:34:08 4489D5077C5D2396E3A94D652ADAE1CA 14336 ----a-w- C:\Windows\SysWOW64\fixmapi.exe
2016-02-06 21:34:08 2BB34CC2D6DF7194F46C6508589EF8FD 76800 ----a-w- C:\Windows\SysWOW64\mapistub.dll
2016-02-06 21:34:08 2BB34CC2D6DF7194F46C6508589EF8FD 76800 ----a-w- C:\Windows\SysWOW64\mapi32.dll
2016-02-06 21:32:05 E8D68D619AAF4E78850DF96B5E53EA03 641536 ----a-w- C:\Windows\SysWOW64\advapi32.dll
2016-02-06 21:31:27 7FD1DCF4F11C61621AE9279E26FADCF3 312320 ----a-w- C:\Windows\SysWOW64\gdi32.dll
2016-02-06 21:31:15 A8D4C2B034947F2445F5099E6B3173C8 3938240 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-06 21:31:15 1615874D0262DA99E565D4FE6F74F7DD 3993536 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-06 21:31:14 AFCF45621028D4B6D252B1429A07A530 251392 ----a-w- C:\Windows\SysWOW64\schannel.dll
2016-02-06 21:31:14 68EC4300B8EF8D7E2B857FABB91F3EFB 552960 ----a-w- C:\Windows\SysWOW64\kerberos.dll
2016-02-06 21:31:13 9E02351A74A6F1FA0F46405583525959 1311768 ----a-w- C:\Windows\SysWOW64\ntdll.dll
2016-02-06 21:31:13 678A679C5E416A93A71DA3D4241692B0 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll
2016-02-06 21:31:12 D92212049589535FBB25B806FF8A20C5 665088 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll
2016-02-06 21:31:11 B9E8D6170C3325895EF3E1E5699A6F8B 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll
2016-02-06 21:31:10 CE283E9E462E8FC95F7DC5DAF39D09FA 223232 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2016-02-06 21:31:09 E149FE1FD23748986551F4E1F5752090 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll
2016-02-06 21:31:09 BC5142F61047916EA677908F98F3A7C2 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll
2016-02-06 21:31:09 63F52FF6FCA2C492F4FB7EE545319FA8 251000 ----a-w- C:\Windows\SysWOW64\bcryptprimitives.dll
2016-02-06 21:31:08 DC9222A325ACFC29E019013505AE33DB 171520 ----a-w- C:\Windows\SysWOW64\wdigest.dll
2016-02-06 21:31:08 16A3C3CCDB7ECFD2A72DAFED734B22BB 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll
2016-02-06 21:31:06 ECA0236432A1C2E695FD50C3AC4CAFCE 36352 ----a-w- C:\Windows\SysWOW64\cryptbase.dll
2016-02-06 21:31:04 AE6E759632A0F931CFB626EED55C3E99 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe
2016-02-06 21:31:04 80497842956847806BC7DAD11A18D9D4 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll
2016-02-06 21:31:04 4743B91B77F4B8CEF891ABF00C1E0055 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll
2016-02-06 21:31:03 ED43479669D84DC8A4385E6AC2CF5A7F 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2016-02-06 21:31:03 BFDCF4944CC86AB5A59B605637C82090 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll
2016-02-06 21:31:03 8E3915AF90315E4ED96D4CAE316E8F21 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe
2016-02-06 21:31:03 69048141035DEDA0D3AFB28367622130 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll
2016-02-06 21:31:03 41560C9C4CCA31FC3B0CA192B113F68F 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
2016-02-06 21:31:03 1418C1A502A9540A4726B4935229E7B9 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe
2016-02-06 21:31:03 119F46197BABD04BE1E2DDD50E782DAC 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll
2016-02-06 21:31:01 5A3BF056627B6A7C348FD7AF420741E1 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll
2016-02-06 21:31:00 EA5A0A356F6DB3D4177568FF084AD367 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll
2016-02-06 21:31:00 59541469E828B311B1E5EEA77E6F6BE7 2048 ----a-w- C:\Windows\SysWOW64\user.exe
2016-02-01 13:52:28 F60154A0DD1DCCF2EE75BE45A676BA51 1242624 ---ha-w- C:\Windows\SysWOW64\comsvcs.dll
2016-02-01 13:52:27 169BDD4EF6E99E43720534E07798400C 487936 ---ha-w- C:\Windows\SysWOW64\catsrvut.dll
2016-02-01 13:52:25 A4F6DF0E33E644E802C8798ED94D80EA 179712 ----a-w- C:\Windows\SysWOW64\notepad.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2016-02-07 22:46:18 A020434F0BA29D1E09978E69CEAF6CE7 5155512 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT
2016-02-06 22:11:56 7030F95F994B2F2CCC1C521E342369DB 147456 ----a-w- C:\Windows\Sysnative\appidpolicyconverter.exe
2016-02-06 22:11:53 87FEDB1FF42C3A10FFE2CE95AB2AF306 616360 ----a-w- C:\Windows\Sysnative\winresume.efi
2016-02-06 22:11:53 541B7C53EDA8F84790A593B13FB32E56 692672 ----a-w- C:\Windows\Sysnative\winload.efi
2016-02-06 22:11:52 B6C85437FDC8EC6464BE359D41BBC3F7 59392 ----a-w- C:\Windows\Sysnative\appidapi.dll
2016-02-06 22:11:52 ABC373B9C6275D45F17DB559408FFD1B 32768 ----a-w- C:\Windows\Sysnative\appidsvc.dll
2016-02-06 22:11:51 B17B1E5FB5CE63DA4DB4D49E3683487F 17920 ----a-w- C:\Windows\Sysnative\appidcertstorecheck.exe
2016-02-06 22:11:50 7503BAD9B2A08B8A95319F7C0CA9F869 63488 ----a-w- C:\Windows\Sysnative\setbcdlocale.dll
2016-02-06 22:11:39 ED14B64C94F543974B7FDC592FA0594B 12640 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-conio-l1-1-0.dll
2016-02-06 22:11:39 CC337898E64D9078CB697AC19F995C7F 12128 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-utility-l1-1-0.dll
2016-02-06 22:11:39 BBAE7B5436D6D1B0FC967FF67E35415F 16224 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-runtime-l1-1-0.dll
2016-02-06 22:11:39 6631C212F79350458589A5281374B38B 12640 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-process-l1-1-0.dll
2016-02-06 22:11:39 56556659C691DD043DBE24B0A195D64C 20832 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-math-l1-1-0.dll
2016-02-06 22:11:39 53E9526AF1FDCE39F799BFE9217397A8 17760 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-stdio-l1-1-0.dll
2016-02-06 22:11:39 32B2264317EA6200DA5DEEEC7DCB0EEB 11616 ----a-w- C:\Windows\Sysnative\api-ms-win-eventing-provider-l1-1-0.dll
2016-02-06 22:11:39 2381E189321EAD521FF71E72D08A6B17 984448 ----a-w- C:\Windows\Sysnative\ucrtbase.dll
2016-02-06 22:11:39 1908861649E67CDC20C563C234A89914 15712 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-convert-l1-1-0.dll
2016-02-06 22:11:39 090DD0BB2BDDEE3EAAE5B6FF15FAE209 14176 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-time-l1-1-0.dll
2016-02-06 22:11:38 F97E7878A2B372291B1269D80327BBF6 12640 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-heap-l1-1-0.dll
2016-02-06 22:11:38 ECCF5973B80D771A79643732017CEA9A 17760 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-string-l1-1-0.dll
2016-02-06 22:11:38 E9F6D776545843A9817D8ACF38D06D09 19808 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-multibyte-l1-1-0.dll
2016-02-06 22:11:38 AF851DFD0D9FECB76FF2B403F3C30F5B 12128 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-environment-l1-1-0.dll
2016-02-06 22:11:38 761DDD8669A661D57D9CF9C335949C06 12128 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-locale-l1-1-0.dll
2016-02-06 22:11:38 653CB5DF3CEC6A4A0E402B33D8AA5C08 63840 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-private-l1-1-0.dll
2016-02-06 22:11:38 0F143310FADE4DE116070A3917A79C18 13664 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-filesystem-l1-1-0.dll
2016-02-06 22:10:12 D9A91A779B5059E72D7FAD2B38275EA4 3242496 ----a-w- C:\Windows\Sysnative\msi.dll
2016-02-06 22:10:12 5489E74E56C0255159C8AE2C70744458 1941504 ----a-w- C:\Windows\Sysnative\authui.dll
2016-02-06 22:10:11 81CB8D34112178CE1826C86BA5F268C3 128000 ----a-w- C:\Windows\Sysnative\msiexec.exe
2016-02-06 22:10:11 0D9514850CC3A99A6600643F2888858B 112064 ----a-w- C:\Windows\Sysnative\consent.exe
2016-02-06 22:10:10 CDAD406033C31DB34185DDAECDD35FE2 504320 ----a-w- C:\Windows\Sysnative\msihnd.dll
2016-02-06 22:10:09 978DC0A1FBE9CC91B21B40AF66CB396A 70656 ----a-w- C:\Windows\Sysnative\appinfo.dll
2016-02-06 22:10:09 91593D4FB7D89249014564A5F3EC389B 25088 ----a-w- C:\Windows\Sysnative\msimsg.dll
2016-02-06 22:09:54 DB94C47BD7F2AD9C58DEC46026D5FD08 1648128 ----a-w- C:\Windows\Sysnative\DWrite.dll
2016-02-06 22:09:54 D5A775990A7C202A037378FDBCDB6141 1180160 ----a-w- C:\Windows\Sysnative\FntCache.dll
2016-02-06 22:09:53 F97A0CFC495C92FF2F6A03933157D115 3208192 ----a-w- C:\Windows\Sysnative\win32k.sys
2016-02-06 22:09:53 F8C0AF84AB602D395FFC89BC7CF3CE18 372736 ----a-w- C:\Windows\Sysnative\atmfd.dll
2016-02-06 22:09:47 D4FB2E00F49711C9DD3E2C2646D7C767 2565120 ----a-w- C:\Windows\Sysnative\d3d10warp.dll
2016-02-06 22:09:47 B45F7BC413F905ECA9DE679E3FF09472 100864 ----a-w- C:\Windows\Sysnative\fontsub.dll
2016-02-06 22:09:47 52DE81006E192EAA09B3BDE763D80BC8 14336 ----a-w- C:\Windows\Sysnative\dciman32.dll
2016-02-06 22:09:47 15113A4CD09E0F06894495FCE8BF2BF8 46080 ----a-w- C:\Windows\Sysnative\atmlib.dll
2016-02-06 22:09:47 0365E7AED8A38CB5FFF1DFB4458C0593 41984 ----a-w- C:\Windows\Sysnative\lpk.dll
2016-02-06 21:34:45 168EA9CD9BD6056BB6F60B57D5304BBE 52736 ----a-w- C:\Windows\Sysnative\basesrv.dll
2016-02-06 21:34:19 E9DE8D0A3A7306AF26B25F52F13A9234 23552 ----a-w- C:\Windows\Sysnative\sdbinst.exe
2016-02-06 21:34:19 BBD257696E3FB0B8B1D3C115072116C6 6656 ----a-w- C:\Windows\Sysnative\shimeng.dll
2016-02-06 21:34:19 262D7C87D0AC20B96EF9877D3CA478A0 72192 ----a-w- C:\Windows\Sysnative\aelupsvc.dll
2016-02-06 21:34:19 07EAEA9D3E09340E64918EED526A5FFE 342016 ----a-w- C:\Windows\Sysnative\apphelp.dll
2016-02-06 21:34:13 60696836CAD56F1B47059E1BA739787D 254976 ----a-w- C:\Windows\Sysnative\cewmdm.dll
2016-02-06 21:34:08 73DC9840FE246158ECCBC8270847CCBC 91648 ----a-w- C:\Windows\Sysnative\mapistub.dll
2016-02-06 21:34:08 73DC9840FE246158ECCBC8270847CCBC 91648 ----a-w- C:\Windows\Sysnative\mapi32.dll
2016-02-06 21:34:08 2FFBA1EAE28B45A92E2EA70C61C66F14 17920 ----a-w- C:\Windows\Sysnative\fixmapi.exe
2016-02-06 21:32:05 35A6E891DF89085216F18F5B998D6CB4 879104 ----a-w- C:\Windows\Sysnative\advapi32.dll
2016-02-06 21:31:27 AD46BED774CF502E9C0100CFC29C1F82 405504 ----a-w- C:\Windows\Sysnative\gdi32.dll
2016-02-06 21:31:17 2E4FF62CC7B88ABBF59C242DED7F919F 5572544 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe
2016-02-06 21:31:16 FAF7892DD731F0649046B3AA3A5166AA 1730496 ----a-w- C:\Windows\Sysnative\ntdll.dll
2016-02-06 21:31:16 6872BBF984E6FA0AA910926D2F127372 1461248 ----a-w- C:\Windows\Sysnative\lsasrv.dll
2016-02-06 21:31:16 1E22F3C99BB02A51179F9CCFEE242925 1214464 ----a-w- C:\Windows\Sysnative\rpcrt4.dll
2016-02-06 21:31:14 FE0C67D8D5D54F37B3A92E129A15C03A 1163264 ----a-w- C:\Windows\Sysnative\kernel32.dll
2016-02-06 21:31:14 CD2249AEDD225CAB5CC88B40126C987F 344064 ----a-w- C:\Windows\Sysnative\schannel.dll
2016-02-06 21:31:14 35D570D5191EE48A6D5091033C71B7CE 729600 ----a-w- C:\Windows\Sysnative\kerberos.dll
2016-02-06 21:31:13 FA3E172432AFA1A7D43847C7AC58812B 424448 ----a-w- C:\Windows\Sysnative\KernelBase.dll
2016-02-06 21:31:13 28E55B4DA450C29326A25BE29C72FB1B 315392 ----a-w- C:\Windows\Sysnative\msv1_0.dll
2016-02-06 21:31:12 10DDB11D4451AAB9A32FFCEE8045BA6F 312320 ----a-w- C:\Windows\Sysnative\ncrypt.dll
2016-02-06 21:31:11 FACF1586F756E0B154EE6887FA017446 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll
2016-02-06 21:31:11 BBF3E0FAFE3179FFED231D2266247476 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll
2016-02-06 21:31:09 D55C59AD1C93B728AB508F4F6529ED8F 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll
2016-02-06 21:31:09 CE14A4BBF890A7D4C898CF886D145EC9 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll
2016-02-06 21:31:09 5CB16703E4E4203C5B1D0717D16D48D6 503808 ----a-w- C:\Windows\Sysnative\srcore.dll
2016-02-06 21:31:09 2E479BB995A0C130D6FF9F55E7DDA61F 243712 ----a-w- C:\Windows\Sysnative\wow64.dll
2016-02-06 21:31:08 F557804C926BE42B0DCF0CB2AC138156 210432 ----a-w- C:\Windows\Sysnative\wdigest.dll
2016-02-06 21:31:08 BA6F0BC094ABBB9EFA3BB636D032C403 299632 ----a-w- C:\Windows\Sysnative\bcryptprimitives.dll
2016-02-06 21:31:08 7AC830607D940A3DABB8E5EB6EB22DF2 338432 ----a-w- C:\Windows\Sysnative\conhost.exe
2016-02-06 21:31:07 8645BD647D1ECEB0E6F90E01A4C412EA 43520 ----a-w- C:\Windows\Sysnative\cryptbase.dll
2016-02-06 21:31:07 56157CA130B661080B9DC97FE63F6D50 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll
2016-02-06 21:31:06 FA792622268EE423FC5E6AE23FB43599 112640 ----a-w- C:\Windows\Sysnative\smss.exe
2016-02-06 21:31:06 CB0E57424A776C51EF42469064ADBF08 30720 ----a-w- C:\Windows\Sysnative\lsass.exe
2016-02-06 21:31:06 50AC63ADB9F92D5141703986C66AB61C 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe
2016-02-06 21:31:05 B29C53B81C690394A2327AB2609B55FE 28160 ----a-w- C:\Windows\Sysnative\secur32.dll
2016-02-06 21:31:04 F6BD25ED678D2A5866FFC3355EC1E2C2 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll
2016-02-06 21:31:04 CB2A49FFC4390EC0C757B1FC07A07E17 135680 ----a-w- C:\Windows\Sysnative\sspicli.dll
2016-02-06 21:31:04 B25B3DE2FA73735074CA62AFEFE4AE47 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll
2016-02-06 21:31:04 5EBDD597DDCD94AE47CEFE6AFE41874A 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe
2016-02-06 21:31:03 D23C252F866CE3599336D547722B4A9D 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll
2016-02-06 21:31:03 928F79CDCE323CFEB221C7D2D539F86A 22016 ----a-w- C:\Windows\Sysnative\credssp.dll
2016-02-06 21:31:03 5124EA325CF0806FFA9514DC11593DA9 28672 ----a-w- C:\Windows\Sysnative\sspisrv.dll
2016-02-06 21:31:03 499545FF756FA6AFFB4F6679EA88BCB1 50176 ----a-w- C:\Windows\Sysnative\srclient.dll
2016-02-06 21:31:01 A582574464654555D17338C6657EF69B 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll
2016-02-06 21:31:00 377FEC833CC924E83029A83F99230663 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll
2016-02-04 18:41:40 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\Windows\Sysnative\bootdelete.exe
2016-02-04 01:01:22 389BC2DD64DDA77F30D70D4D3994E1DF 14992 ---ha-w- C:\Windows\Sysnative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-04 01:01:22 389BC2DD64DDA77F30D70D4D3994E1DF 14992 ---ha-w- C:\Windows\Sysnative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-03 18:02:12 24D13A3CF65E0ABBB320B6FCB7273C74 891210 ----a-w- C:\Windows\Sysnative\PerfStringBackup.TMP
2016-02-03 14:17:50 14366981CEE311C6E58FB2383EA25D71 106000 ----a-w- C:\Windows\Sysnative\GDIPFONTCACHEV1.DAT
2016-02-01 13:52:28 E385472FF300F2BFD323B667EBAE93C7 1735680 ---ha-w- C:\Windows\Sysnative\comsvcs.dll
2016-02-01 13:52:28 75DFE3CE6A8BFC995CC1D615B74DF8B0 525312 ---ha-w- C:\Windows\Sysnative\catsrvut.dll
2016-02-01 13:52:25 B32189BDFF6E577A92BAA61AD49264E6 193536 ----a-w- C:\Windows\Sysnative\notepad.exe
====== C:\Windows\Sysnative\drivers =====
2016-02-08 21:10:24 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2016-02-08 21:09:40 D61070CFAD43038DC56AEAD9BFE9CE2A 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2016-02-08 21:09:40 CFBC6C6D8A492697CABD1D353EE64933 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2016-02-08 21:09:40 42B3F5C9FBC9B3F0E0BA6B5D7FC8E849 109272 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2016-02-07 23:28:27 BEE1682DA217A4AD46C36896769AA580 478392 ----a-w- C:\Windows\Sysnative\drivers\4E5B0CDE61.sys
2016-02-06 22:11:50 27DABFB4A6B0140C34DBEC713469592B 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys
2016-02-06 22:11:40 AA77EB517D2F07A947294F260E3ACA83 118272 ----a-w- C:\Windows\Sysnative\drivers\tdx.sys
2016-02-06 22:11:40 9A4A1EEE802BF2F878EE8EAB407B21B7 497664 ----a-w- C:\Windows\Sysnative\drivers\afd.sys
2016-02-06 21:31:12 A572BEF41F3C55D7DAF24D2340C91FEC 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys
2016-02-06 21:31:12 28E75F316CCCD79337E4957C53017D4B 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2016-02-06 21:31:11 EC0511BB85BAA42A9734011685A6732C 460776 ----a-w- C:\Windows\Sysnative\drivers\cng.sys
2016-02-06 21:31:09 C49F1C4CA74FC52AFB2E892D8E50EA39 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys
2016-02-06 21:31:09 32B85C4923D895B2FB35821A799BA38D 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys
2016-02-06 21:31:07 0F776895884B8DC430A307D57FD867BB 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
2016-02-05 16:03:38 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\404B58AC.sys
2016-02-05 16:01:46 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\61DD573E.sys
2016-02-05 16:00:52 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\069F568E.sys
2016-02-05 16:00:32 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\3EE7564C.sys
2016-02-05 15:59:57 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\016555DA.sys
2016-02-05 15:56:56 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\51EF538B.sys
2016-02-05 15:56:33 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\0C425340.sys
2016-02-05 15:26:15 47701ECA633574E122687693B5C5D35C 109272 ----a-w- C:\Windows\Sysnative\drivers\61C73C0F.sys
2016-02-05 15:24:43 47701ECA633574E122687693B5C5D35C 109272 ----a-w- C:\Windows\Sysnative\drivers\4B123AE3.sys
2016-02-05 15:23:14 47701ECA633574E122687693B5C5D35C 109272 ----a-w- C:\Windows\Sysnative\drivers\325239C0.sys
2016-02-05 15:21:24 47701ECA633574E122687693B5C5D35C 109272 ----a-w- C:\Windows\Sysnative\drivers\27DD3859.sys
2016-02-05 15:17:57 47701ECA633574E122687693B5C5D35C 109272 ----a-w- C:\Windows\Sysnative\drivers\34C535B5.sys
2016-02-05 15:15:56 47701ECA633574E122687693B5C5D35C 109272 ----a-w- C:\Windows\Sysnative\drivers\5C78342A.sys
2016-02-05 15:14:14 47701ECA633574E122687693B5C5D35C 109272 ----a-w- C:\Windows\Sysnative\drivers\21E632DD.sys
2016-02-05 15:12:13 47701ECA633574E122687693B5C5D35C 109272 ----a-w- C:\Windows\Sysnative\drivers\49993151.sys
2016-02-05 10:44:25 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\0327645A.sys
2016-02-05 02:30:13 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\5B656A1B.sys
2016-02-05 02:30:00 47701ECA633574E122687693B5C5D35C 109272 ----a-w- C:\Windows\Sysnative\drivers\399469F1.sys
2016-02-04 22:36:40 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\1E1A375B.sys
2016-02-04 22:36:25 47701ECA633574E122687693B5C5D35C 109272 ----a-w- C:\Windows\Sysnative\drivers\2850372A.sys
2016-02-04 22:11:38 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\47302432.sys
2016-02-04 22:11:35 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\493B2428.sys
2016-02-04 21:44:19 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\78320F49.sys
2016-02-04 21:44:09 47701ECA633574E122687693B5C5D35C 109272 ----a-w- C:\Windows\Sysnative\drivers\54560F29.sys
2016-02-04 21:17:26 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\6CD67AB6.sys
2016-02-04 21:17:23 47701ECA633574E122687693B5C5D35C 109272 ----a-w- C:\Windows\Sysnative\drivers\6EE17AAC.sys
2016-02-04 20:44:12 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\64D46146.sys
2016-02-04 20:44:09 47701ECA633574E122687693B5C5D35C 109272 ----a-w- C:\Windows\Sysnative\drivers\66DF613D.sys
2016-02-04 20:20:33 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\2ABF4F2D.sys
2016-02-04 20:20:30 47701ECA633574E122687693B5C5D35C 109272 ----a-w- C:\Windows\Sysnative\drivers\2CCA4F23.sys
2016-02-04 19:57:22 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\08463D6E.sys
2016-02-04 19:57:19 47701ECA633574E122687693B5C5D35C 109272 ----a-w- C:\Windows\Sysnative\drivers\0A513D64.sys
2016-02-04 19:48:28 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\73C5369E.sys
2016-02-04 19:48:25 47701ECA633574E122687693B5C5D35C 109272 ----a-w- C:\Windows\Sysnative\drivers\75D03695.sys
2016-02-04 19:12:34 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\2E021B24.sys
2016-02-04 19:12:31 47701ECA633574E122687693B5C5D35C 109272 ----a-w- C:\Windows\Sysnative\drivers\300C1B1A.sys
2016-02-04 19:10:00 47701ECA633574E122687693B5C5D35C 109272 ----a-w- C:\Windows\Sysnative\drivers\6C2B192D.sys
2016-02-04 19:09:41 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\4E6F18EF.sys
2016-02-04 18:23:14 47701ECA633574E122687693B5C5D35C 109272 ----a-w- C:\Windows\Sysnative\drivers\378F7562.sys
2016-02-04 18:03:26 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\603C663B.sys
2016-02-04 18:03:24 47701ECA633574E122687693B5C5D35C 109272 ----a-w- C:\Windows\Sysnative\drivers\0C436634.sys
2016-02-04 18:01:47 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\23A064F7.sys
2016-02-04 18:01:45 47701ECA633574E122687693B5C5D35C 109272 ----a-w- C:\Windows\Sysnative\drivers\4FA764F1.sys
2016-02-04 18:00:15 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\0CEA63CB.sys
2016-02-04 18:00:11 47701ECA633574E122687693B5C5D35C 109272 ----a-w- C:\Windows\Sysnative\drivers\64F963BE.sys
2016-02-04 14:17:13 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\4CC43917.sys
2016-02-04 14:16:48 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\331E38C5.sys
2016-02-04 14:16:32 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\13573891.sys
2016-02-04 14:13:49 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\57A1367D.sys
2016-02-04 14:12:38 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\32A03595.sys
2016-02-04 11:42:56 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\14B64301.sys
2016-02-04 11:38:41 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\424A3FC1.sys
2016-02-04 11:38:10 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\2CBA3F5B.sys
2016-02-04 01:04:33 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\18645A68.sys
2016-02-04 01:04:14 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\7AA85A2A.sys
2016-02-03 14:06:58 BEE1682DA217A4AD46C36896769AA580 478392 ----a-w- C:\Windows\Sysnative\drivers\4E5B0CDE6.sys
2016-02-03 13:30:40 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\76D14754.sys
2016-01-15 20:47:00 DCFF72B73160E24CCC3904071DCD5454 54000 ---ha-w- C:\Windows\Sysnative\drivers\nvnusbaudio.sys
2016-01-15 01:30:42 402529953F5BCA8F540A67AE686E7758 127280 ---ha-w- C:\Windows\Sysnative\drivers\ffusb2audio.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2016-01-15 20:47:00 -------- d-----w- C:\Program Files\Novation
2016-01-15 01:31:25 -------- d-----w- C:\Program Files\DIFX
2016-01-15 01:23:46 -------- d-----w- C:\Program Files\Focusrite
======= C:\PROGRA~2 =====
2016-02-07 21:29:21 -------- d-----w- C:\PROGRA~2\Windows Resource Kits
2016-01-15 01:23:41 -------- d-----w- C:\PROGRA~2\Focusrite
2016-01-10 18:23:01 -------- d-----w- C:\PROGRA~2\Calibre2
======= C: =====
====== C:\Users\Alec\AppData\Roaming ======
2016-02-08 16:38:40 -------- d-----w- C:\Users\Alec\AppData\Local\ElevatedDiagnostics
2016-02-07 23:37:05 44820457E586DC49D255B2905D53853F 106000 ----a-w- C:\Users\Alec\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-06 14:49:51 9A8092D3731B2F0988308478A2719FE9 7607 ----a-w- C:\Users\Alec\AppData\Local\Resmon.ResmonCfg
2016-02-06 14:00:55 -------- d-----w- C:\Users\Alec\AppData\Local\Adobe
2016-02-05 14:47:25 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp
2016-02-05 14:47:25 -------- d-----w- C:\Users\Public\AppData\Local\temp
2016-02-05 14:47:25 -------- d-----w- C:\Users\Guest\AppData\Local\temp
2016-02-05 14:47:25 -------- d-----w- C:\Users\Default\AppData\Local\temp
2016-02-05 14:47:25 -------- d-----w- C:\Users\Default User\AppData\Local\temp
2016-01-10 18:27:38 -------- d-----w- C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Arturia
2016-01-10 18:24:34 -------- d-----w- C:\Users\Alec\AppData\Local\calibre-cache
2016-01-10 18:24:17 -------- d-----w- C:\Users\Alec\AppData\Roaming\calibre
====== C:\Users\Alec ======
2016-02-08 21:08:33 49E3825ACB348F848D9B841E4D48FD3B 22908888 ----a-w- C:\Users\Alec\Downloads\mbam-setup-bc.1878-2.2.0.1024.exe
2016-02-08 21:02:46 3C7707013DEEA5ED7F68A29A007A7D57 321848 ----a-w- C:\Users\Alec\Downloads\mbam-clean-2.1.1.1001.exe
2016-02-08 20:51:33 -------- d-----w- C:\ProgramData\Office Genuine Advantage
2016-02-08 20:51:06 722812A9EF151C0D77CFBCF6D12B7BCF 2031992 ----a-w- C:\Users\Alec\Downloads\MGADiag.exe
2016-02-08 16:23:44 3E4C7B50A560A8A3FDA4CA295B477985 2370560 ----a-w- C:\Users\Alec\Desktop\FRST64.exe
2016-02-08 16:23:41 3E4C7B50A560A8A3FDA4CA295B477985 2370560 ----a-w- C:\Users\Alec\Downloads\FRST64 (1).exe
2016-02-08 12:20:01 621F6C89349D136DD8D95149EC7BF1F3 13163744 ----a-w- C:\Users\Alec\Downloads\Silverlight_x64.exe
2016-02-08 10:51:02 3E4C7B50A560A8A3FDA4CA295B477985 2370560 ----a-w- C:\Users\Alec\Downloads\FRST64 (2).exe
2016-02-08 10:51:02 3E4C7B50A560A8A3FDA4CA295B477985 2370560 ----a-w- C:\Users\Alec\Desktop\FRST64 (1).exe
2016-02-07 23:40:02 0FED72A09265A54B63E278E7E96B8720 90645400 ----a-w- C:\Users\Alec\Downloads\KVRT (1).exe
2016-02-07 19:48:14 35D60FD322B1A61AAE7ADF909B6C0B26 7635472 ----a-w- C:\Users\Alec\Downloads\GetWindows10-sds_____________.exe
2016-02-07 19:42:58 EC8CAFDF7DA32C0B106A5A3A49AE473C 7692 ----a-w- C:\Users\Alec\Downloads\win10fix_full.bat
2016-02-06 21:00:38 35D60FD322B1A61AAE7ADF909B6C0B26 7635472 ----a-w- C:\Users\Alec\Downloads\GetWindows10-Web_Default_Attr.exe
2016-02-06 14:54:26 31DE4060509A34DC8FF2E517A056F09C 886256 ----a-w- C:\Users\Alec\Downloads\mssstool64.exe
2016-02-06 14:07:47 67B0906B68164E807BD5691C67696DA4 16563352 ----a-w- C:\Users\Alec\Downloads\mbar-1.09.3.1001.exe
2016-02-05 15:32:50 CCD68CE7C6BB3AF4254964E3AF738120 3840080 ----a-w- C:\Users\Alec\Downloads\avast-browser-cleanup-sfx.exe
2016-02-05 15:32:06 49E3825ACB348F848D9B841E4D48FD3B 22908888 ----a-w- C:\Users\Alec\Downloads\mbam-setup-2.2.0.1024.exe
2016-02-05 14:55:29 A677F1A50AD97F33A1668E0559238FE1 1609032 ----a-w- C:\Users\Alec\Desktop\JRT.exe
2016-02-05 14:54:56 3934AF4E3543EAA1344DCCD0CAA96A30 2032072 ----a-w- C:\Users\Alec\Downloads\rkill.com
2016-02-05 10:58:57 -------- d-----w- C:\Users\Public\AppData
2016-02-05 10:33:16 E38F964D09275CAB0DA2383F5BBC0868 6828320 ----a-w- C:\Users\Alec\Downloads\ccsetup514 (1).exe
2016-02-05 10:33:10 E38F964D09275CAB0DA2383F5BBC0868 6828320 ----a-w- C:\Users\Alec\Downloads\ccsetup514.exe
2016-02-05 10:32:43 E69E774B542236A4676FD58DB7926093 2370560 ----a-w- C:\Users\Alec\Downloads\FRST64.exe
2016-02-01 23:11:05 9F17F95D3114BD14DAB9BEE42D172D82 91546008 ----a-w- C:\Users\Alec\Downloads\KVRT.exe
2016-01-31 23:31:13 1DA73677B6207FD6A0F35F28632D828D 14243008 ----a-w- C:\Users\Alec\Downloads\mseinstall.exe
2016-01-30 21:57:17 -------- d--h--w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focusrite
2016-01-15 20:47:00 -------- d--h--w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Novation
2016-01-10 18:23:01 -------- d--h--w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
 
====== C: exe-files ==
=== C: other files ==
2016-02-08 16:21:27 286F9816B311D6E8378434E8473BF3A9 53 ----a-w- C:\Users\Alec\AppData\Local\Temp\uttCE63.tmp.bat
2016-02-08 12:23:13 512358208F54FA7FDD1759EEF4C5622C 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-16190850-2541859866-396269904-1000\$IM59L98.zip
2016-02-08 12:21:05 4EBFB483AEB081BC645A257EDE207416 263902 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-16190850-2541859866-396269904-1000\$RM59L98.zip
2016-02-05 10:46:53 F370F49B7496CCA0B489DC7CFB7646EF 5900 ----a-w- C:\Qoobox\BackEnv\SetPath.bat
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-21-16190850-2541859866-396269904-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files (x86)\BitTorrent\BitTorrent.exe  /MINIMIZED"
"f.lux"="C:\Users\Alec\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"osk.exe"="osk.exe"
 
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"osk.exe"="osk.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files (x86)\BitTorrent\BitTorrent.exe  /MINIMIZED"
"f.lux"="C:\Users\Alec\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
 
==== Startup Registry Disabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Creative Cloud]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Creative Cloud"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Adobe Creative Cloud\\ACC\\Creative Cloud.exe\" --showwindow=false --onOSstartup=true"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BitTorrent"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\BitTorrent\\BitTorrent.exe\"  /MINIMIZED"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Boxoft Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Boxoft Tools"
"hkey"="HKCU"
"command"="\"C:\\ProgramData\\Boxtools\\Boxofttoolbox.exe\" -autorun"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\F.lux]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="F.lux"
"hkey"="HKCU"
"command"="\"C:\\Users\\Alec\\AppData\\Local\\FluxSoftware\\Flux\\flux.exe\" /noshow"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Facebook Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Alec\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FormAutoFill]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FormAutoFill"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\FormAutoFill\\faf.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleDriveSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDriveSync"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Google\\Drive\\googledrivesync.exe\" /autostart"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogMeIn Hamachi Ui"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\LogMeIn Hamachi\\hamachi-2-ui.exe\" --auto-start"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PrivitizeVPN]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PrivitizeVPN"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\PrivitizeVPN\\PrivitizeVPN.exe /autorun"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify"
"hkey"="HKCU"
"command"="\"C:\\Users\\Alec\\AppData\\Roaming\\Spotify\\Spotify.exe\" /uri spotify:autostart"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify Web Helper"
"hkey"="HKCU"
"command"="\"C:\\Users\\Alec\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Steam\\Steam.exe\" -silent"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SwitchBoard"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Unified Remote v2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Unified Remote v2"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Unified Remote\\RemoteServer.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VirtualCloneDrive]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VirtualCloneDrive"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinampAgent"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Winamp\\winampa.exe\""
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Alec^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
"path"="C:\\Users\\Alec\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk"
"backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\Alec\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe /systemstartup"
"item"="Dropbox"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Alec^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
"path"="C:\\Users\\Alec\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MagicDisc.lnk"
"backup"="C:\\Windows\\pss\\MagicDisc.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\MAGICD~1\\MAGICD~1.EXE "
"item"="MagicDisc"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Alec^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
"path"="C:\\Users\\Alec\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.3.lnk"
"backup"="C:\\Windows\\pss\\OpenOffice.org 3.3.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\OPENOF~1.ORG\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 3.3"
 
 
==== Startup Folders ======================
 
2013-06-17 00:19:09 1380 ----a-w- C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
2013-10-16 16:48:15 1234 ----a-w- C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-DeathMachine500-Alec" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Run RoboForm TaskBar Icon" [C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe]
"C:\Windows\SysNative\tasks\{DB0D4F12-B628-4EDD-ADBA-3FB35C34F106}" [C:\Users\Alec\Desktop\lololololol.exe]
 
==== Firefox Extensions ======================
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\032vbpnx.default
F6D12679B9112358AC705A1308156F59 - C:\Users\Alec\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
 
 
==== Chromium Look ======================
 
Google Chrome Version: 46.0.2490.86
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[02/03/2012 18:53]
 
Chrome Web Store Payments - Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Skype Click to Call - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
==== IE Start and Search Settings ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{66A24455-CDF3-4258-B00D-F89F5D57A356}"
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{66A24455-CDF3-4258-B00D-F89F5D57A356}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{66A24455-CDF3-4258-B00D-F89F5D57A356} - http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
 
==== HijackThis Entries ======================
 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [f.lux] "C:\Users\Alec\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\RunOnce: [osk.exe] osk.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [osk.exe] osk.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on 08/02/2016 at 21:31:39.19 ======================
 


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:09 PM

Posted 08 February 2016 - 06:56 PM

Thank you Alec.
 

PEVZ.exe

This is a legitimate file.

-----

It looks like your wallpaper was removed. There should be an entry at the end of the line below. Please set your Desktop wallpaper to whatever you would like.
 

HKU\S-1-5-21-16190850-2541859866-396269904-1000\Control Panel\Desktop\\Wallpaper ->


-----
 

Do these look familiar to you?

MultiBit
C:\Users\Alec\Desktop\lololololol.exe
C:\Users\Alec\Desktop\New folder\Archives\bf1942\Levels\abtf.exe


-----

Please do this.

===================================================

Running a Zoek Script

--------------------
  • Double click ZOEK.exe
  • Copy and paste the following into the white input window
autoclean;
C:\Windows\sys;fnative\drivers\404B58AC.sys;f
C:\Windows\sys;fnative\drivers\61DD573E.sys;f
C:\Windows\sys;fnative\drivers\069F568E.sys;f
C:\Windows\sys;fnative\drivers\3EE7564C.sys;f
C:\Windows\sys;fnative\drivers\016555DA.sys;f
C:\Windows\sys;fnative\drivers\51EF538B.sys;f
C:\Windows\sys;fnative\drivers\0C425340.sys;f
C:\Windows\sys;fnative\drivers\61C73C0F.sys;f
C:\Windows\sys;fnative\drivers\4B123AE3.sys;f
C:\Windows\sys;fnative\drivers\325239C0.sys;f
C:\Windows\sys;fnative\drivers\27DD3859.sys;f
C:\Windows\sys;fnative\drivers\34C535B5.sys;f
C:\Windows\sys;fnative\drivers\5C78342A.sys;f
C:\Windows\sys;fnative\drivers\21E632DD.sys;f
C:\Windows\sys;fnative\drivers\49993151.sys;f
C:\Windows\sys;fnative\drivers\0327645A.sys;f
C:\Windows\sys;fnative\drivers\5B656A1B.sys;f
C:\Windows\sys;fnative\drivers\399469F1.sys;f
C:\Windows\sys;fnative\drivers\1E1A375B.sys;f
C:\Windows\sys;fnative\drivers\2850372A.sys;f
C:\Windows\sys;fnative\drivers\47302432.sys;f
C:\Windows\sys;fnative\drivers\493B2428.sys;f
C:\Windows\sys;fnative\drivers\54560F29.sys;f
C:\Windows\sys;fnative\drivers\6CD67AB6.sys;f
C:\Windows\sys;fnative\drivers\6EE17AAC.sys;f
C:\Windows\sys;fnative\drivers\64D46146.sys;f
C:\Windows\sys;fnative\drivers\66DF613D.sys;f
C:\Windows\sys;fnative\drivers\2ABF4F2D.sys;f
C:\Windows\sys;fnative\drivers\2CCA4F23.sys;f
C:\Windows\sys;fnative\drivers\08463D6E.sys;f
C:\Windows\sys;fnative\drivers\0A513D64.sys;f
C:\Windows\sys;fnative\drivers\73C5369E.sys;f
C:\Windows\sys;fnative\drivers\75D03695.sys;f
C:\Windows\sys;fnative\drivers\2E021B24.sys;f
C:\Windows\sys;fnative\drivers\300C1B1A.sys;f
C:\Windows\sys;fnative\drivers\6C2B192D.sys;f
C:\Windows\sys;fnative\drivers\4E6F18EF.sys;f
C:\Windows\sys;fnative\drivers\378F7562.sys;f
C:\Windows\sys;fnative\drivers\603C663B.sys;f
C:\Windows\sys;fnative\drivers\0C436634.sys;f
C:\Windows\sys;fnative\drivers\23A064F7.sys;f
C:\Windows\sys;fnative\drivers\4FA764F1.sys;f
C:\Windows\sys;fnative\drivers\0CEA63CB.sys;f
C:\Windows\sys;fnative\drivers\4CC43917.sys;f
C:\Windows\sys;fnative\drivers\331E38C5.sys;f
C:\Windows\sys;fnative\drivers\13573891.sys;f
C:\Windows\sys;fnative\drivers\57A1367D.sys;f
C:\Windows\sys;fnative\drivers\32A03595.sys;f
C:\Windows\sys;fnative\drivers\14B64301.sys;f
C:\Windows\sys;fnative\drivers\424A3FC1.sys;f
C:\Windows\sys;fnative\drivers\2CBA3F5B.sys;f
C:\Windows\sys;fnative\drivers\18645A68.sys;f
C:\Windows\sys;fnative\drivers\7AA85A2A.sys;f
C:\Windows\sys;fnative\drivers\4E5B0CDE6.sys;f
C:\Windows\sys;fnative\drivers\76D14754.sys;f
C:\Users\Alec\AppData\Local\Temp\uttCE63.tmp.bat;f
C:\Users\Alec\Desktop\lololololol.exe;i
C:\Users\Alec\Desktop\New folder\Archives\bf1942\Levels\abtf.exe;i

[HKEY_USERS\S-1-5-21-16190850-2541859866-396269904-1000\Software\Microsoft\Windows\CurrentVersion\Run];r
"BitTorrent"="C:\Program Files (x86)\BitTorrent\BitTorrent.exe  /MINIMIZED";r

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
"BitTorrent"="C:\Program Files (x86)\BitTorrent\BitTorrent.exe  /MINIMIZED";r

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent];r

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes];r
"DefaultScope"="{66A24455-CDF3-4258-B00D-F89F5D57A356}";r
  • Click Run Script and wait patiently for the program to run
  • Upon completion copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to questions
  • Were you able to set a wallpaper?
  • Zoek report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 AlecGordon

AlecGordon
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 09 February 2016 - 04:38 AM

C:\Users\Alec\Desktop\lololololol.exe
C:\Users\Alec\Desktop\New folder\Archives\bf1942\Levels\abtf.exe

Aren't familiar, and I can't find them anywhere on my computer. 

I was able to set a wallpaper, so that's all good.

Here are the Zoek results -

 

 
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Alec on 09/02/2016 at  0:18:55.42.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Alec\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2016-02-08-213139.log 54408 bytes
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Aimersoft deleted successfully
C:\PROGRA~2\Paradox Entertainment deleted successfully
C:\PROGRA~2\Tobias Erichsen deleted successfully
C:\PROGRA~2\Winamp deleted successfully
C:\PROGRA~2\COMMON~1\Merge Modules deleted successfully
C:\PROGRA~3\Guitar Pro 6 deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\Alec\AppData\Roaming\Publish Providers deleted successfully
C:\Users\Alec\AppData\Local\calibre-cache deleted successfully
C:\Users\Alec\AppData\Local\K5QzDO6wn deleted successfully
C:\Users\Alec\AppData\Local\PACE Anti-Piracy deleted successfully
C:\Users\Alec\AppData\Local\zsEKRvIABbj deleted successfully
C:\Users\Alec\AppData\Local\zXmJe3reAmT1l8 deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-16190850-2541859866-396269904-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== File Information Results ======================
 
 
==== Deleting Services ======================
 
 
==== Registry Fix Code ======================
 
Windows Registry Editor Version 5.00
 
[HKEY_USERS\S-1-5-21-16190850-2541859866-396269904-1000\Software\Microsoft\Windows\CurrentVersion\Run] 
"BitTorrent"="C:\Program Files (x86)\BitTorrent\BitTorrent.exe  /MINIMIZED" 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 
"BitTorrent"="C:\Program Files (x86)\BitTorrent\BitTorrent.exe  /MINIMIZED" 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent] 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] 
"DefaultScope"="{66A24455-CDF3-4258-B00D-F89F5D57A356}" 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\Aimersoft not found
C:\PROGRA~2\Paradox Entertainment not found
C:\PROGRA~2\Tobias Erichsen not found
C:\PROGRA~2\Winamp not found
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Windows\sys" not found
"C:\Users\Alec\AppData\Local\Temp\uttCE63.tmp.bat" not found
C:\PROGRA~2\SystemRequirementsLab deleted
C:\Users\Alec\AppData\Roaming\calibre deleted
C:\windows\SysNative\Tasks\Open URL by RoboForm deleted
C:\EU2.exe deleted
C:\Scenario Editor.exe deleted
C:\Users\Alec\AppData\Roaming\AvidLicenseControl_Install.log deleted
C:\PROGRA~3\InstallMate deleted
C:\Users\Alec\AppData\Local\Unity deleted
C:\Users\Alec\AppData\LocalLow\Unity deleted
"C:\PROGRA~2\MagicISO\misosh64.dll" deleted
"C:\PROGRA~2\MagicISO" not deleted
"C:\PROGRA~3\Package Cache" deleted
 
==== Orphaned Tasks deleted from Registry ======================
 
AdobeAAMUpdater-1.0 Fallback-DeathMachine500-Alec deleted
Open URL by RoboForm deleted
 
==== Firefox Extensions ======================
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
 
==== Chromium Look ======================
 
Google Chrome Version: 46.0.2490.86
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[02/03/2012 18:53]
 
AdBlock - Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Skype Click to Call - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
 
==== Chromium Fix ======================
 
C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adjourne.com_0.localstorage deleted successfully
C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adjourne.com_0.localstorage-journal deleted successfully
C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{66A24455-CDF3-4258-B00D-F89F5D57A356}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{66A24455-CDF3-4258-B00D-F89F5D57A356} - http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A34D2120-9DEB-AED5-C870-F9FD51EFF2B1} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E320289D-A60A-7A34-C598-141C0E450EDC} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E69C98D3-AA51-3DFA-FDBB-1C7352C7023A} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{02E8ED82-10DE-5468-CD31-750FADF4317E} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12C7558B-EDEA-5316-4722-78B0A8390C74} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FormAutoFill deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivitizeVPN deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Unified Remote v2 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Alec\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Alec\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
C:\Users\Alec\AppData\Local\Mozilla\Firefox\Profiles\032vbpnx.default\cache2 emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=124 folders=124 318579845 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Alec\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Guest\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Alec\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\PROGRA~2\MagicISO"  not found
 
==== EOF on 09/02/2016 at  9:30:48.42 ======================


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:09 PM

Posted 09 February 2016 - 09:57 AM

Looks like several things aren't there.

Please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 AlecGordon

AlecGordon
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 09 February 2016 - 02:16 PM

ESET log
 
C:\Users\Guest\Downloads\cbsidlm-cbsi134-Free_MP4_to_MOV_Converter-ORG-75891447.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\zoek_backup\C_PROGRA~3_InstallMate\{6415AC79-A427-D46B-3680-EC05BFF68E8F}\_Setupx.dll Win32/InstalleRex.T potentially unwanted application
D:\Local Disk\Program Files\Application Updater\ApplicationUpdater.exe a variant of Win32/Toolbar.Widgi potentially unwanted application
D:\Local Disk\Program Files\Search Settings\SearchSettingsRes409.dll Win32/Toolbar.Widgi potentially unwanted application
D:\Local Disk\Users\Alec\Documents\Downloads\Setup_FreeConverter.exe Win32/Toolbar.Widgi potentially unwanted application
E:\c\ha\Rob Papen Predator v1.6.3 READNFO - R2R [deepstatus][H33T]\setup.exe a variant of Win32/Packed.Themida suspicious application
 
Security Check
 
 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java 7 Update 71  
 Java™ 6 Update 31  
 Java version 32-bit out of Date! 
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox 41.0.1 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Bitdefender Agent ProductAgentService.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
My computer is running ok at the moment.It's still slow sometimes, but it is definitely better than two days ago.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users