Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Waterfox is extremely slow, privoxy virus?


  • This topic is locked This topic is locked
2 replies to this topic

#1 flyingcomputerRAM

flyingcomputerRAM

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 06 February 2016 - 08:27 PM

Virus installs privoxy and reroutes my IP through server.  127.0.0.1 port 8118
I end privoxy.exe in task manager and delete privoxy, but virus reinstalls at random times. 
I installed malwarebytes, which detected a backdoor trojan thing (i'm not very tech savvy) but virus still seems to be lurking as privoxy has been reinstalled even with malwarebytes.
Uncle installed IObit "Advanced SystemCare" as well as other IObit software, my computer seems really jacked up now.  I removed the IObit products, but I'm pretty sure they already messed with my registry. 
I have windows 10
i will attach farbar result and addition.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Austin (administrator) on AUSTINMONKEY (06-02-2016 17:10:22)
Running from C:\Users\Austin\Desktop
Loaded Profiles: Austin (Available Profiles: Austin)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Waterfox\waterfox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
() C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
() C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
(Flux Software LLC) C:\Users\Austin\AppData\Local\FluxSoftware\Flux\flux.exe
(Hammer & Chisel, Inc.) C:\Users\Austin\AppData\Local\Discord\app-0.0.283\Discord.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
() C:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe
(Hammer & Chisel, Inc.) C:\Users\Austin\AppData\Local\Discord\app-0.0.283\Discord.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Hammer & Chisel, Inc.) C:\Users\Austin\AppData\Local\Discord\app-0.0.283\Discord.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Waterfox) C:\Program Files\Waterfox\waterfox.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(LenovoEMC Products USA, LLC) C:\Program Files\LenovoEMC\StorageConnector\LenovoEMCDiscovery.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\PELMICED.EXE
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Mozilla Corporation) C:\Program Files\Waterfox\plugin-container.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.4733\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.6734\Battle.net.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [402344 2015-12-19] ()
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [255480 2013-06-19] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [384296 2013-10-28] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => rundll32.exe "C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll",AVStartupStub
HKLM\...\Run: [Daemon for Mouse Suite] => C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE [87040 2013-03-26] (Primax Electronics Ltd.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [561672 2016-01-30] (Vimicro)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [750320 2014-05-04] (Lenovo)
HKU\S-1-5-21-981410010-2095339458-668090811-1001\...\Run: [f.lux] => C:\Users\Austin\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-981410010-2095339458-668090811-1001\...\Run: [Discord] => C:\Users\Austin\AppData\Local\Discord\app-0.0.283\Discord.exe [51716784 2015-11-17] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-981410010-2095339458-668090811-1001\...\RunOnce: [Uninstall C:\Users\Austin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Austin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-981410010-2095339458-668090811-1001\...\MountPoints2: {24137e1f-b019-11e5-8290-54ee750fb1ef} - "E:\setup.exe"
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 75.75.76.76
Tcpip\..\Interfaces\{5cd591fb-0544-4c18-b10e-eaf1ec82ad92}: [DhcpNameServer] 172.168.123.2
Tcpip\..\Interfaces\{cbda4714-15cd-46dd-8b6f-045fc257dd75}: [DhcpNameServer] 192.168.1.1 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-981410010-2095339458-668090811-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-981410010-2095339458-668090811-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-981410010-2095339458-668090811-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
SearchScopes: HKU\S-1-5-21-981410010-2095339458-668090811-1001 -> DefaultScope {68BF8168-4235-4697-9CBA-83C85CE5E1AD} URL =
SearchScopes: HKU\S-1-5-21-981410010-2095339458-668090811-1001 -> {68BF8168-4235-4697-9CBA-83C85CE5E1AD} URL =
BHO: XFINITY Toolbar -> {4b9bcce8-a70b-402a-a7e1-db96831ee26f} -> C:\Program Files (x86)\xfin_portal\comcastdx64.dll [2015-12-04] ()
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: XFINITY Toolbar -> {4b9bcce8-a70b-402a-a7e1-db96831ee26f} -> C:\Program Files (x86)\xfin_portal\comcastdx.dll [2015-12-04] ()
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM - XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx64.dll [2015-12-04] ()
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll [2015-12-04] ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\ez33jvyk.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-15] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-15] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-08-17] (Nitro PDF)
FF user.js: detected! => C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\ez33jvyk.default\user.js [2016-01-30]
FF SearchPlugin: C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\ez33jvyk.default\searchplugins\search.xml [2016-01-05]
FF Extension: Google™ Hangouts - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\ez33jvyk.default\Extensions\jid1-uqbSKwXpf2K6yl@jetpack.xpi [2015-09-18]
FF Extension: Adblock Plus - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\ez33jvyk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-01-14]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=27c76809aa4bec5958ce62743cca0ab1&c=p1&src=srch&inst=1452051001
CHR DefaultSearchKeyword: Default -> psearch
CHR Profile: C:\Users\Austin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Security Toolbar) - C:\Users\Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-10-22]
CHR Extension: (Norton Identity Safe) - C:\Users\Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-06-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\Exts\Chrome.crx [2016-01-07]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\Exts\Chrome.crx [2016-01-07]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [573488 2014-03-04] (Lenovo Corporation)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [140016 2014-05-04] (Lenovo)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [125168 2014-12-03] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-15] (Intel Corporation)
S2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-10-03] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-15] (Intel Corporation)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2085184 2014-03-10] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
R3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [702512 2014-03-04] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
R2 LenovoEMCDiscovery; C:\Program Files\LenovoEMC\StorageConnector\LenovoEMCDiscovery.exe [1410888 2014-04-08] (LenovoEMC Products USA, LLC)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [468288 2013-12-11] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2015-12-10] (Lenovo)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\N360.exe [282016 2015-11-20] (Symantec Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
R2 PelService; C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe [178688 2012-03-13] () [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [58360 2013-10-08] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [140280 2013-10-08] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2015-11-11] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255096 2015-11-27] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-29] (Microsoft Corporation)
S2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160119.001\BHDrvx64.sys [1665608 2016-01-04] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605050.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-01-02] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [46392 2016-01-02] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [531424 2016-01-30] (Intel Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-12] (Symantec Corporation)
S3 EraserUtilDrv11520; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11520.sys [157520 2015-11-12] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-05-08] (Symantec Corporation) [File not signed]
S3 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [65928 2014-05-04] (Windows ® Win 7 DDK provider)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-01-30] (REALiX™)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160120.001\IDSvia64.sys [767224 2016-01-06] (Symantec Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
S3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-07-02] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-06] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185088 2016-01-30] (Intel Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20160121.049\ENG64.SYS [138488 2015-10-16] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20160121.049\EX64.SYS [2148080 2015-10-16] (Symantec Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3497240 2016-01-30] (Intel Corporation)
R3 phidmice; C:\Windows\system32\DRIVERS\phidmice.sys [34816 2013-03-26] (TPMX Electronics Ltd.)
R3 pmouself; C:\Windows\system32\DRIVERS\pmouself.sys [23040 2013-03-26] (TPMX Electronics Ltd.)
R3 pvendrlf; C:\Windows\system32\DRIVERS\pvendrlf.sys [12288 2013-03-26] (TPMX Electronics Ltd.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [761560 2016-01-30] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2016-01-30] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605050.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
S3 SWIX64; C:\Program Files (x86)\Lenovo\System Update\tvsuhd64.sys [34976 2015-06-29] (Lenovo Group Limited)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\N360x64\1605050.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-01-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605050.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [640776 2016-01-30] (Vimicro Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-06 14:20 - 2016-02-06 15:05 - 00039353 _____ C:\Users\Austin\Desktop\Addition.txt
2016-02-06 14:18 - 2016-02-06 17:10 - 00023814 _____ C:\Users\Austin\Desktop\FRST.txt
2016-02-06 14:17 - 2016-02-06 17:10 - 00000000 ____D C:\FRST
2016-02-06 14:14 - 2016-02-06 14:17 - 02370560 _____ (Farbar) C:\Users\Austin\Desktop\FRST64.exe
2016-02-05 21:00 - 2016-02-05 21:00 - 00000000 ___HD C:\OneDriveTemp
2016-02-05 20:59 - 2016-02-05 20:59 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-04 20:33 - 2016-02-04 20:33 - 00002420 _____ C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-01-30 13:28 - 2016-02-06 13:41 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-30 13:28 - 2016-01-30 13:28 - 00001198 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-30 13:28 - 2016-01-30 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-30 13:27 - 2016-01-30 13:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-30 13:27 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-30 13:27 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-30 13:27 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-30 13:25 - 2016-01-30 13:26 - 22908888 _____ (Malwarebytes ) C:\Users\Austin\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-30 11:03 - 2016-01-30 11:03 - 76185600 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2016-01-30 11:03 - 2016-01-30 11:03 - 05357568 _____ C:\WINDOWS\system32\config\DRIVERS.iobit
2016-01-30 11:03 - 2016-01-30 11:03 - 00389120 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2016-01-30 11:03 - 2016-01-30 11:03 - 00032768 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2016-01-30 11:03 - 2016-01-30 11:03 - 00032768 _____ C:\WINDOWS\system32\config\SAM.iobit
2016-01-30 11:01 - 2016-01-30 11:01 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2016-01-30 11:01 - 2016-01-30 11:01 - 00033960 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2016-01-30 10:52 - 2016-01-30 10:52 - 00003250 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_LENOVO_MICPKEY
2016-01-30 10:52 - 2016-01-30 10:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2016-01-30 10:52 - 2016-01-30 10:52 - 00000000 ____D C:\Program Files\Dolby Digital Plus
2016-01-30 10:51 - 2016-01-30 10:51 - 00071998 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2016-01-30 10:51 - 2016-01-30 10:51 - 00000000 ____D C:\WINDOWS\system32\DAX2
2016-01-30 10:50 - 2016-01-30 10:50 - 09890008 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2016-01-30 10:50 - 2016-01-30 10:50 - 07172920 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2016-01-30 10:50 - 2016-01-30 10:50 - 07096192 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2016-01-30 10:50 - 2016-01-30 10:50 - 05338936 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2016-01-30 10:50 - 2016-01-30 10:50 - 04307112 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2016-01-30 10:50 - 2016-01-30 10:50 - 03282032 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2016-01-30 10:50 - 2016-01-30 10:50 - 03271912 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2016-01-30 10:50 - 2016-01-30 10:50 - 03195648 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2016-01-30 10:50 - 2016-01-30 10:50 - 02893568 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2016-01-30 10:50 - 2016-01-30 10:50 - 02030208 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2016-01-30 10:50 - 2016-01-30 10:50 - 01356512 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2016-01-30 10:50 - 2016-01-30 10:50 - 00952984 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2016-01-30 10:50 - 2016-01-30 10:50 - 00447720 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2016-01-30 10:50 - 2016-01-30 10:50 - 00369296 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2016-01-30 10:50 - 2016-01-30 10:50 - 00343712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2016-01-30 10:50 - 2016-01-30 10:50 - 00151792 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2016-01-30 10:50 - 2016-01-30 10:50 - 00134208 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2016-01-30 10:50 - 2016-01-30 10:50 - 00122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2016-01-30 10:50 - 2016-01-30 10:50 - 00084624 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2016-01-30 10:49 - 2016-01-30 10:49 - 00531424 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\e1d65x64.sys
2016-01-30 10:49 - 2016-01-30 10:49 - 00125728 _____ (Intel Corporation) C:\WINDOWS\system32\NicCo4.dll
2016-01-30 10:49 - 2016-01-30 10:49 - 00090608 _____ (Intel Corporation) C:\WINDOWS\system32\NicInstD.dll
2016-01-30 10:49 - 2016-01-30 10:49 - 00075288 _____ (Intel Corporation) C:\WINDOWS\system32\e1dmsg.dll
2016-01-30 10:49 - 2016-01-30 10:49 - 00003130 _____ C:\WINDOWS\system32\e1d65x64.din
2016-01-30 10:47 - 2016-01-30 10:47 - 03548388 _____ C:\WINDOWS\system32\Drivers\Netwfw02.dat
2016-01-30 10:47 - 2016-01-30 10:47 - 03497240 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\Netwbw02.sys
2016-01-30 10:46 - 2016-01-30 10:46 - 01086984 _____ C:\WINDOWS\system32\331prx64.ax
2016-01-30 10:46 - 2016-01-30 10:46 - 00676360 _____ C:\WINDOWS\SysWOW64\vmprp331.ax
2016-01-30 10:46 - 2016-01-30 10:46 - 00185088 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys
2016-01-30 10:46 - 2016-01-30 10:46 - 00002065 _____ C:\WINDOWS\vm331Rmv.ini
2016-01-30 10:46 - 2016-01-30 10:46 - 00002065 _____ C:\WINDOWS\SysWOW64\vm331Rmv.ini
2016-01-30 10:32 - 2016-01-31 13:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-01-30 10:32 - 2016-01-30 10:32 - 00027552 _____ (REALiX™) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2016-01-30 10:31 - 2016-01-30 10:31 - 00000000 ____D C:\Users\Austin\AppData\Roaming\ProductData
2016-01-30 10:30 - 2016-02-06 13:03 - 00000000 ____D C:\ProgramData\ProductData
2016-01-30 10:30 - 2016-01-31 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2016-01-30 10:30 - 2016-01-30 10:31 - 00000000 ____D C:\Users\Austin\AppData\LocalLow\IObit
2016-01-30 10:30 - 2016-01-30 10:30 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2016-01-30 10:30 - 2016-01-30 10:30 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2016-01-30 10:28 - 2016-01-31 14:45 - 00000000 ____D C:\ProgramData\IObit
2016-01-30 10:28 - 2016-01-31 14:45 - 00000000 ____D C:\Program Files (x86)\IObit
2016-01-30 10:28 - 2016-01-30 10:32 - 00000000 ____D C:\Users\Austin\AppData\Roaming\IObit
2016-01-30 10:25 - 2016-01-30 10:28 - 41171496 _____ (IObit ) C:\Users\Austin\Downloads\advanced-systemcare-setup.exe
2016-01-30 09:42 - 2016-01-15 22:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-30 09:42 - 2016-01-15 22:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-30 09:42 - 2016-01-15 21:44 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-30 09:41 - 2016-01-15 22:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-30 09:41 - 2016-01-15 22:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-30 09:41 - 2016-01-15 22:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-30 09:41 - 2016-01-15 22:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-30 09:41 - 2016-01-15 22:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-30 09:41 - 2016-01-15 22:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-30 09:41 - 2016-01-15 22:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-30 09:41 - 2016-01-15 22:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-30 09:41 - 2016-01-15 22:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-30 09:41 - 2016-01-15 22:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-30 09:41 - 2016-01-15 22:21 - 22572624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-01-30 09:41 - 2016-01-15 22:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-30 09:41 - 2016-01-15 22:20 - 06600904 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-01-30 09:41 - 2016-01-15 22:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-30 09:41 - 2016-01-15 22:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-30 09:41 - 2016-01-15 22:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-30 09:41 - 2016-01-15 22:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-30 09:41 - 2016-01-15 22:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-30 09:41 - 2016-01-15 22:17 - 21125400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-01-30 09:41 - 2016-01-15 22:16 - 05238360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-01-30 09:41 - 2016-01-15 22:13 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-01-30 09:41 - 2016-01-15 22:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-01-30 09:41 - 2016-01-15 22:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-30 09:41 - 2016-01-15 22:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-30 09:41 - 2016-01-15 22:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-30 09:41 - 2016-01-15 22:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-30 09:41 - 2016-01-15 21:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-30 09:41 - 2016-01-15 21:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-30 09:41 - 2016-01-15 21:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-30 09:41 - 2016-01-15 21:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-30 09:41 - 2016-01-15 21:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-30 09:41 - 2016-01-15 21:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-30 09:41 - 2016-01-15 21:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-30 09:41 - 2016-01-15 21:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-30 09:41 - 2016-01-15 21:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-30 09:41 - 2016-01-15 21:40 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-01-30 09:41 - 2016-01-15 21:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-30 09:41 - 2016-01-15 21:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-30 09:41 - 2016-01-15 21:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-30 09:41 - 2016-01-15 21:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-30 09:41 - 2016-01-15 21:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-30 09:41 - 2016-01-15 21:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-30 09:41 - 2016-01-15 21:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-30 09:41 - 2016-01-15 21:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-30 09:41 - 2016-01-15 21:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-30 09:41 - 2016-01-15 21:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-30 09:41 - 2016-01-15 21:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-30 09:41 - 2016-01-15 21:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-30 09:41 - 2016-01-15 21:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-30 09:41 - 2016-01-15 21:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-30 09:41 - 2016-01-15 21:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-30 09:41 - 2016-01-15 21:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-30 09:41 - 2016-01-15 21:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-30 09:41 - 2016-01-15 21:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-30 09:41 - 2016-01-15 21:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-30 09:41 - 2016-01-15 21:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-30 09:41 - 2016-01-15 21:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-30 09:41 - 2016-01-15 21:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-30 09:41 - 2016-01-15 21:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-30 09:41 - 2016-01-15 21:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-30 09:41 - 2016-01-15 21:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-30 09:41 - 2016-01-15 21:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-30 09:41 - 2016-01-15 21:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-30 09:41 - 2016-01-15 21:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-30 09:41 - 2016-01-15 21:32 - 24602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-30 09:41 - 2016-01-15 21:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-30 09:41 - 2016-01-15 21:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-30 09:41 - 2016-01-15 21:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-30 09:41 - 2016-01-15 21:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-30 09:41 - 2016-01-15 21:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-30 09:41 - 2016-01-15 21:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-30 09:41 - 2016-01-15 21:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-30 09:41 - 2016-01-15 21:30 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-30 09:41 - 2016-01-15 21:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-30 09:41 - 2016-01-15 21:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-30 09:41 - 2016-01-15 21:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-30 09:41 - 2016-01-15 21:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-30 09:41 - 2016-01-15 21:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-30 09:41 - 2016-01-15 21:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-30 09:41 - 2016-01-15 21:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-30 09:41 - 2016-01-15 21:28 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-01-30 09:41 - 2016-01-15 21:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-30 09:41 - 2016-01-15 21:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-30 09:41 - 2016-01-15 21:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-30 09:41 - 2016-01-15 21:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-30 09:41 - 2016-01-15 21:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-30 09:41 - 2016-01-15 21:26 - 19338752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-30 09:41 - 2016-01-15 21:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-30 09:41 - 2016-01-15 21:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-30 09:41 - 2016-01-15 21:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-30 09:41 - 2016-01-15 21:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-30 09:41 - 2016-01-15 21:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-30 09:41 - 2016-01-15 21:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-30 09:41 - 2016-01-15 21:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-30 09:41 - 2016-01-15 21:24 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-30 09:41 - 2016-01-15 21:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-30 09:41 - 2016-01-15 21:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-30 09:41 - 2016-01-15 21:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-30 09:41 - 2016-01-15 21:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-30 09:41 - 2016-01-15 21:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-30 09:41 - 2016-01-15 21:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-30 09:41 - 2016-01-15 21:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-30 09:41 - 2016-01-15 21:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-30 09:41 - 2016-01-15 21:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-30 09:41 - 2016-01-15 21:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-30 09:41 - 2016-01-15 21:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-30 09:41 - 2016-01-15 21:19 - 12126208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-30 09:41 - 2016-01-15 21:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-30 09:41 - 2016-01-15 21:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-30 09:41 - 2016-01-15 21:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-30 09:41 - 2016-01-15 21:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-30 09:41 - 2016-01-15 21:18 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-01-30 09:41 - 2016-01-15 21:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-30 09:41 - 2016-01-15 21:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-30 09:41 - 2016-01-15 21:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-30 09:41 - 2016-01-15 21:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-30 09:41 - 2016-01-15 21:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-30 09:41 - 2016-01-15 21:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-30 09:41 - 2016-01-15 21:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-30 09:41 - 2016-01-15 21:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-30 09:41 - 2016-01-15 21:09 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-01-18 14:31 - 2016-01-18 14:31 - 00002292 _____ C:\Users\Austin\Desktop\Discord.lnk
2016-01-18 14:30 - 2016-01-18 14:31 - 00000000 ____D C:\Users\Austin\AppData\Local\Discord
2016-01-18 14:30 - 2016-01-18 14:30 - 49419440 _____ (Hammer & Chisel, Inc.) C:\Users\Austin\Downloads\DiscordSetup.exe
2016-01-18 11:07 - 2016-01-18 14:28 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel
2016-01-18 11:06 - 2016-01-18 14:31 - 00000000 ____D C:\Users\Austin\AppData\Local\SquirrelTemp
2016-01-18 10:58 - 2012-12-28 17:30 - 00167480 _____ (Hewlett-Packard) C:\WINDOWS\SysWOW64\hppccompio.dll
2016-01-13 06:57 - 2016-01-13 06:57 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-01-13 06:23 - 2016-01-04 18:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-13 06:23 - 2016-01-04 18:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-13 06:23 - 2016-01-04 17:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-13 06:23 - 2016-01-04 17:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-13 06:22 - 2016-01-04 18:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-13 06:22 - 2016-01-04 18:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-13 06:22 - 2016-01-04 18:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-13 06:22 - 2016-01-04 18:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-13 06:22 - 2016-01-04 18:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-13 06:22 - 2016-01-04 18:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-13 06:22 - 2016-01-04 18:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-13 06:22 - 2016-01-04 18:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-13 06:22 - 2016-01-04 18:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-13 06:22 - 2016-01-04 18:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-13 06:22 - 2016-01-04 18:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-13 06:22 - 2016-01-04 18:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-13 06:22 - 2016-01-04 18:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-13 06:22 - 2016-01-04 18:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-13 06:22 - 2016-01-04 18:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-13 06:22 - 2016-01-04 18:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-13 06:22 - 2016-01-04 18:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-13 06:22 - 2016-01-04 18:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-13 06:22 - 2016-01-04 18:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-13 06:22 - 2016-01-04 18:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-13 06:22 - 2016-01-04 18:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-13 06:22 - 2016-01-04 18:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-13 06:22 - 2016-01-04 18:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-13 06:22 - 2016-01-04 18:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-13 06:22 - 2016-01-04 18:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-13 06:22 - 2016-01-04 18:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-13 06:22 - 2016-01-04 17:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-13 06:22 - 2016-01-04 17:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-13 06:22 - 2016-01-04 17:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-13 06:22 - 2016-01-04 17:54 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-01-13 06:22 - 2016-01-04 17:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-13 06:22 - 2016-01-04 17:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-13 06:22 - 2016-01-04 17:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-13 06:22 - 2016-01-04 17:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-13 06:22 - 2016-01-04 17:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-13 06:22 - 2016-01-04 17:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-13 06:22 - 2016-01-04 17:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-13 06:22 - 2016-01-04 17:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-13 06:22 - 2016-01-04 17:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-13 06:22 - 2016-01-04 17:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-13 06:22 - 2016-01-04 17:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-13 06:22 - 2016-01-04 17:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-13 06:22 - 2016-01-04 17:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-13 06:22 - 2016-01-04 17:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-13 06:22 - 2016-01-04 17:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-13 06:22 - 2016-01-04 17:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-13 06:22 - 2016-01-04 17:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-13 06:22 - 2016-01-04 17:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-13 06:22 - 2016-01-04 17:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-13 06:22 - 2016-01-04 17:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-13 06:22 - 2016-01-04 17:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-13 06:22 - 2016-01-04 17:43 - 00953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-01-13 06:22 - 2016-01-04 17:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-13 06:22 - 2016-01-04 17:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-13 06:22 - 2016-01-04 17:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-13 06:22 - 2016-01-04 17:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-13 06:22 - 2016-01-04 17:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-13 06:22 - 2016-01-04 17:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-13 06:22 - 2016-01-04 17:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-13 06:22 - 2016-01-04 17:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-13 06:22 - 2016-01-04 17:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-13 06:22 - 2016-01-04 17:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-13 06:22 - 2016-01-04 17:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-13 06:22 - 2016-01-04 17:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-13 06:22 - 2016-01-04 17:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-13 06:22 - 2016-01-04 17:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-13 06:22 - 2016-01-04 17:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-13 06:22 - 2016-01-04 17:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-13 06:22 - 2016-01-04 17:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-13 06:22 - 2016-01-04 17:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-13 06:22 - 2016-01-04 17:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-10 14:59 - 2016-01-10 14:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-08 19:28 - 2016-01-08 19:28 - 00001171 _____ C:\Users\Public\Desktop\StarCraft II.lnk
2016-01-08 19:28 - 2016-01-08 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2016-01-08 19:01 - 2016-02-06 17:09 - 00000000 ____D C:\Users\Austin\AppData\Local\Battle.net
2016-01-08 19:01 - 2016-01-08 19:01 - 00001224 _____ C:\Users\Public\Desktop\Battle.net.lnk
2016-01-08 19:01 - 2016-01-08 19:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-01-08 19:00 - 2016-02-06 14:57 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-01-08 18:59 - 2016-01-08 19:01 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Battle.net
2016-01-07 20:32 - 2016-01-07 20:32 - 00000000 ____D C:\Users\Austin\AppData\Local\ActiveSync
2016-01-07 20:28 - 2016-02-06 13:04 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2016-01-07 19:45 - 2016-01-07 19:45 - 00000974 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
2016-01-07 19:45 - 2016-01-07 19:45 - 00000962 _____ C:\Users\Public\Desktop\Waterfox.lnk
2016-01-07 18:59 - 2016-01-07 19:00 - 75741320 _____ C:\Users\Austin\Downloads\Waterfox 43.0.1 Setup.exe
2016-01-07 17:45 - 2016-01-07 17:45 - 00000000 ____D C:\Users\Austin\AppData\Local\NPE
2016-01-07 08:51 - 2016-01-07 20:22 - 00003398 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-01-07 08:51 - 2016-01-07 20:22 - 00002446 _____ C:\Users\Public\Desktop\Norton Security Suite.LNK
2016-01-07 08:51 - 2016-01-07 08:51 - 00111344 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2016-01-07 08:51 - 2016-01-07 08:51 - 00008214 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2016-01-07 08:51 - 2016-01-07 08:51 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-01-07 08:48 - 2016-01-07 20:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2016-01-07 08:48 - 2016-01-07 20:22 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
2016-01-07 08:48 - 2016-01-07 08:48 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite
2016-01-07 08:41 - 2016-01-07 08:41 - 00000000 ____D C:\ProgramData\PCSettings
2016-01-07 08:26 - 2016-01-07 08:26 - 00000000 ____D C:\Users\Austin\AppData\Roaming\comcasttb
2016-01-07 08:25 - 2016-01-07 08:27 - 00000000 ____D C:\Users\Austin\AppData\LocalLow\xfin_portal
2016-01-07 08:25 - 2016-01-07 08:26 - 00000000 ____D C:\Program Files (x86)\xfin_portal
2016-01-07 08:24 - 2016-01-07 08:24 - 00000000 ____D C:\Users\Austin\AppData\LocalLow\CallingID
2016-01-07 08:11 - 2016-01-07 08:22 - 00640408 _____ (Comcast Corporation) C:\Users\Austin\Downloads\xfinitymasterinstaller_constantguard.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-06 16:30 - 2014-05-08 16:12 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-06 15:04 - 2014-05-17 16:15 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-02-06 13:05 - 2014-05-08 16:00 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1F886882-18EF-4066-84EF-4C389252B6DB}
2016-02-06 13:03 - 2015-10-29 23:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-06 13:03 - 2015-10-19 13:48 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-06 13:03 - 2014-05-08 15:50 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Nitro PDF
2016-02-05 21:01 - 2015-10-29 22:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-05 21:00 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-05 21:00 - 2014-05-08 15:51 - 00000000 __RDO C:\Users\Austin\SkyDrive
2016-02-05 20:59 - 2015-10-19 17:06 - 00000000 __SHD C:\Users\Austin\IntelGraphicsProfiles
2016-02-05 20:58 - 2015-12-16 08:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-05 20:57 - 2015-10-29 22:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-05 17:46 - 2015-10-29 23:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-02 16:42 - 2014-07-21 07:14 - 00000000 ____D C:\Users\Austin\AppData\Local\CrashDumps
2016-01-31 19:00 - 2015-12-16 08:05 - 00000000 ____D C:\Users\Austin
2016-01-31 18:59 - 2015-09-09 21:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-31 14:43 - 2015-10-29 23:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-31 14:43 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-31 14:43 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-31 14:43 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-31 14:43 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-31 14:43 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-31 14:43 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-30 11:21 - 2015-10-29 23:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-30 10:53 - 2015-12-16 08:02 - 00000000 ____D C:\Program Files (x86)\USB Camera
2016-01-30 10:53 - 2015-12-16 07:57 - 00241664 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-30 10:52 - 2014-08-02 21:17 - 00003220 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_Dolby
2016-01-30 10:52 - 2014-08-02 21:17 - 00003194 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2016-01-30 10:51 - 2015-12-16 08:02 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-01-30 10:50 - 2015-12-16 08:02 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-01-30 10:50 - 2015-06-15 06:53 - 00761560 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsPer.sys
2016-01-30 10:50 - 2015-06-15 06:53 - 00083160 _____ (Realtek Semiconductor.) C:\WINDOWS\system32\RtCRX64.dll
2016-01-30 10:50 - 2015-05-19 03:46 - 03040488 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2016-01-30 10:50 - 2015-05-19 03:46 - 01965816 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2016-01-30 10:50 - 2015-05-19 03:46 - 00327456 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2016-01-30 10:50 - 2015-05-19 03:46 - 00272720 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2016-01-30 10:50 - 2015-05-19 03:46 - 00192984 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2016-01-30 10:50 - 2015-05-19 03:43 - 04686592 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2016-01-30 10:50 - 2015-05-19 03:43 - 00023704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2016-01-30 10:47 - 2014-05-04 19:09 - 01462720 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaStorA.sys
2016-01-30 10:46 - 2014-05-04 18:29 - 00640776 _____ (Vimicro Corporation) C:\WINDOWS\system32\Drivers\vm331avs.sys
2016-01-30 10:46 - 2014-05-04 18:29 - 00367624 _____ (Vimicro Corporation) C:\WINDOWS\system32\VmCoinst.dll
2016-01-30 10:44 - 2015-12-16 07:57 - 00000000 ___DC C:\WINDOWS\Panther
2016-01-30 10:16 - 2015-12-16 08:02 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-01-18 18:47 - 2014-05-08 17:04 - 00006395 _____ C:\WINDOWS\system32\Debug.txt
2016-01-18 14:31 - 2016-01-02 19:06 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-01-15 19:40 - 2014-05-17 16:15 - 00000000 ____D C:\Users\Austin\Documents\StarCraft II
2016-01-15 04:58 - 2014-05-08 16:03 - 00000000 ____D C:\Program Files\Waterfox
2016-01-14 02:48 - 2014-05-20 03:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-14 02:48 - 2014-05-20 03:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 06:56 - 2014-05-20 03:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 06:47 - 2014-05-16 03:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-13 06:37 - 2014-05-16 03:46 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-10 15:17 - 2015-10-29 23:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-01-10 15:17 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\Web
2016-01-08 18:07 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-07 20:21 - 2014-05-04 18:51 - 760176640 ___SH C:\WINDOWS\lenovo_fastboot.img
2016-01-07 18:08 - 2014-05-17 11:26 - 00000000 ____D C:\Users\Austin\AppData\Local\Google
2016-01-07 18:01 - 2015-06-14 18:21 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-07 18:01 - 2014-12-10 23:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-07 17:59 - 2014-05-08 16:03 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Mozilla
2016-01-07 09:12 - 2016-01-02 11:27 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Windows Cleaner
2016-01-07 09:08 - 2014-05-04 18:55 - 00000000 ____D C:\ProgramData\Norton
2016-01-07 08:48 - 2015-10-21 18:09 - 00001401 _____ C:\Users\Austin\Desktop\Norton Installation Files.lnk
2016-01-07 08:48 - 2014-05-04 18:55 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-01-07 08:45 - 2015-10-19 17:21 - 00000000 ____D C:\Users\Austin\AppData\Local\MicrosoftEdge
2016-01-07 08:30 - 2015-07-30 15:32 - 00000000 ____D C:\Users\Public\Downloads\Norton

==================== Files in the root of some directories =======

2015-10-31 10:10 - 2015-10-31 10:10 - 0000000 _____ () C:\Users\Austin\AppData\Roaming\Microsoft\2C75.tmp
2014-10-26 16:24 - 2014-10-26 16:24 - 0000218 _____ () C:\Users\Austin\AppData\Local\recently-used.xbel
2014-05-08 15:50 - 2014-06-13 22:39 - 0000193 _____ () C:\Users\Austin\AppData\Local\RegisteredPackageInformation.xml
2015-12-16 08:02 - 2015-12-16 08:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-04 18:54 - 2014-05-04 18:54 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2014-05-04 18:52 - 2014-05-04 18:53 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-05-04 18:53 - 2014-05-04 18:53 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2014-05-04 18:53 - 2014-05-04 18:54 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-30 17:24

==================== End of FRST.txt ============================

Attached Files


Edited by nasdaq, 08 February 2016 - 09:37 AM.
FRST log posted


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:47 AM

Posted 08 February 2016 - 10:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF user.js: detected! => C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\ez33jvyk.default\user.js [2016-01-30]
FF SearchPlugin: C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\ez33jvyk.default\searchplugins\search.xml [2016-01-05]
CHR DefaultSearchURL: Default -> hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=27c76809aa4bec5958ce62743cca0ab1&c=p1&src=srch&inst=1452051001
CHR Extension: (Norton Security Toolbar) - C:\Users\Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-10-22]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\Exts\Chrome.crx [2016-01-07]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\Exts\Chrome.crx [2016-01-07]
S2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [X]
Start Menu (HKU\S-1-5-21-981410010-2095339458-668090811-1001\...\Pokki_Start_Menu) (Version: 0.269.7.783 - Pokki)
Task: {0DCE65C1-996B-4FB0-A8AC-4B9429D9E6E3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {20313633-9C3A-4F8B-A548-166549D9FE9E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {283247C7-0BF2-4B0C-B47E-8072C50A7B10} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3E9398A3-9CB4-4518-BAA0-DE56D2DDF183} - System32\Tasks\Maintenance Defender Uninstaller => C:\Program Files (x86)\Maintenance Defender\MaintenanceDefender.exe [2016-01-05] (Backup Updater) <==== ATTENTION
Task: {74FF4188-00F6-4262-90F7-EDD9D1CAA4F3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8B8CCE40-F6ED-41B6-BA9F-2E6EC15253B7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9ACECBBE-CF83-496D-84D0-26085D7F44FC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A7E2EF9E-CC6F-44AF-8DD0-CACD7ED71816} - System32\Tasks\Windows Cleaner => C:\Users\Austin\AppData\Roaming\Windows Cleaner\Windows Cleaner.exe <==== ATTENTION
Task: {AE6FED41-6697-43F6-9A4B-7BB8FE680062} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C85D6B81-58E6-495D-BF55-1FF9F0536964} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {DDCF4602-45FA-4D41-8812-01ADF0F2AA22} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F8920AF0-C7B5-4572-B259-2027142684DB} - System32\Tasks\Pokki => C:\Users\Austin\AppData\Local\Pokki\Engine\ServiceHostAppUpdater.exe
Task: {FCD660C7-7713-4BD2-A059-0FEC254E2411} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FF861D5C-2409-44E2-A5B6-61F234F071D0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
C:\Program Files (x86)\Maintenance Defender
C:\Users\Austin\AppData\Roaming\Windows Cleaner
C:\Users\Austin\AppData\Local\Pokki

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs and let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:47 AM

Posted 13 February 2016 - 11:06 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users