Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

On startup, browser opening new tab and redirecting to Russian site


  • This topic is locked This topic is locked
17 replies to this topic

#1 Zandaa

Zandaa

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 24 February 2016 - 04:13 PM

Upon startup, my internet browser (Google Chrome) opens by itself and opens a new tab redirecting it to a russian website "gameloft.name".
The website Has changed over 20 times while this problem has continued. With each change the adds around the body of the site change and the URL changes slightly.
 
My anti-virus (avast) never detected anything, also when the problem first arose I ran Malwarebytes, but it did not find any threats. Today I ran mbar, and did not find any threat's either.
 
Any Help Would be Greatly Appreciated.
 
mbar logs:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 8.0.7601.17514
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.199000 GHz
Memory total: 8526327808, free: 4876374016
 
Downloaded database version: v2016.02.24.07
Downloaded database version: v2016.02.17.01
Downloaded database version: v2016.02.22.02
Initializing...
=======================================
Driver version: 0.3.0.4
------------ Kernel report ------------
     02/24/2016 14:30:25
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\ngvss.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ISCTD64.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\VClone.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\ssdevfactory.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\MBfilt64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\sshid.sys
\SystemRoot\system32\DRIVERS\hidkmdf.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\drivers\PLTGC.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\WtfEngineDrv.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\lpk.dll
\Windows\System32\user32.dll
\Windows\System32\psapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\setupapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\shell32.dll
\Windows\System32\difxapi.dll
\Windows\System32\ole32.dll
\Windows\System32\kernel32.dll
\Windows\System32\iertutil.dll
\Windows\System32\urlmon.dll
\Windows\System32\wininet.dll
\Windows\System32\usp10.dll
\Windows\System32\nsi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\comdlg32.dll
\Windows\System32\normaliz.dll
\Windows\System32\advapi32.dll
\Windows\System32\msctf.dll
\Windows\System32\imm32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\gdi32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\sechost.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2016.02.24.07
  rootkit: v2016.02.17.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8006f76060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006f76b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006f76060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006d68060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006f75060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006e558c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006f75060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006bff060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BE81C3BF
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 3906818048
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 2000398934016 bytes
Sector size: 512 bytes
 
Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BE81C3C7
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 250064896
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 128035676160 bytes
Sector size: 512 bytes
 
Done!
File "C:\ProgramData\AVAST Software\Avast\log\AvastSvc.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\AvastUI.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\Cleanup.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\event_manager.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\StreamFilter.log" is compressed (flags = 1)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
 
 
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2016.02.24.07
  rootkit: v2016.02.17.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
ALEX :: ALEX-PC [administrator]
 
2/24/2016 2:30:32 PM
mbar-log-2016-02-24 (14-30-32).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 409491
Time elapsed: 7 minute(s), 26 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:11 AM

Posted 24 February 2016 - 11:15 PM

Greetings Zandaa and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I am ending for the evening but will check your reply first thing in the morning.

Please do this.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • RogueKiller log
  • FRST results
  • Addition log
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Zandaa

Zandaa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 25 February 2016 - 01:45 PM

Hey Gary, you can call me Alex. Thanks for responding! Here are the logs from AdwCleaner;

 

# AdwCleaner v5.036 - Logfile created 25/02/2016 at 12:41:59
# Updated 22/02/2016 by Xplode
# Database : 2016-02-24.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : ALEX - ALEX-PC
# Running from : C:\Users\ALEX\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : netflix.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1312 bytes] - [25/02/2016 12:41:59]
C:\AdwCleaner\AdwCleaner[S1].txt - [1342 bytes] - [25/02/2016 12:40:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1458 bytes] ##########
 

 



#4 Zandaa

Zandaa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 25 February 2016 - 01:50 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Professional x64 
Ran by ALEX (Administrator) on Thu 02/25/2016 at 12:47:05.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 17 
 
Successfully deleted: C:\Windows\system32\Tasks\MS (Task)
Successfully deleted: C:\Users\ALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\ALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\ALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\67AW7C0S (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\ALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGTQHYON (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\ALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\ALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\ALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTS9JSUQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\ALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QTPPUQ99 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\67AW7C0S (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGTQHYON (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTS9JSUQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QTPPUQ99 (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/25/2016 at 12:49:06.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#5 Zandaa

Zandaa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 25 February 2016 - 01:59 PM

RogueKiller V11.0.13.0 [Feb 22 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : ALEX [Administrator]
Started from : C:\Users\ALEX\Downloads\RogueKiller.exe
Mode : Scan -- Date : 02/25/2016 12:58:13
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 4 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3601172860-819855588-2790648827-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3601172860-819855588-2790648827-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD20EZRX-00D8PB0 ATA Device +++++
--- User ---
[MBR] 42f128b72f53afc3ee53ecaa45ec66f1
[BSP] 8566063a48bc699b6c0c5b7003c46c4b : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1907626 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Samsung SSD 840 PRO Series ATA Device +++++
--- User ---
[MBR] 498396bb2e423796a537e1c7d219c43d
[BSP] 406209d77b0b085034e1e3256245d9fc : Empty|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 122102 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


#6 Zandaa

Zandaa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 25 February 2016 - 02:04 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016
Ran by ALEX (administrator) on ALEX-PC (25-02-2016 13:01:28)
Running from C:\Users\ALEX\Desktop
Loaded Profiles: ALEX (Available Profiles: ALEX)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\D-Link\DWA-171\WlanWpsSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-28] (Realtek Semiconductor)
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe [817440 2014-01-21] ()
HKLM\...\Run: [NvBackend] => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-10] (Intel Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-23] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3601172860-819855588-2790648827-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation)
HKU\S-1-5-21-3601172860-819855588-2790648827-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23499656 2016-01-15] (Google)
HKU\S-1-5-21-3601172860-819855588-2790648827-1000\...\Run: [WTFast Tray] => E:\Program Files\WTFast\WTFast.exe [7390728 2016-02-04] (AAA Internet Publishing, Inc.)
HKU\S-1-5-21-3601172860-819855588-2790648827-1000\...\MountPoints2: {a48f2571-7221-11e5-82ea-d050992223d0} - D:\vs_community.exe
HKU\S-1-5-21-3601172860-819855588-2790648827-1000\...\MountPoints2: {d5934647-7290-11e5-8631-806e6f6e6963} - D:\ASRSetup.exe
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-23] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2015-10-27]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk [2015-10-14]
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-171\wirelesscm.exe (D-Link Corp.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{469830FB-994C-4857-85FA-BACB472E5CDA}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{4C54EEC6-6654-4382-8C68-492CC8F508AE}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{F6BEEC44-6960-4ECD-BB69-5CB19660E41C}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-22] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-23] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-02-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-22] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-22] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-23] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-02-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-22] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-10-15] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> E:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> E:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-10-15] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [No File]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-23]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-23]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.altonschools.org/
CHR StartupUrls: Default -> "hxxp://chrismckenzie.com/","hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-13]
CHR Extension: (BetterTTV) - C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-10-13]
CHR Extension: (From Dust) - C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2015-10-13]
CHR Extension: (Google Docs) - C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-13]
CHR Extension: (Google Drive) - C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-13]
CHR Extension: (Google Search) - C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Minesweeper) - C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhgbfcfepijohgeanmgjlhnhgjjpkna [2015-10-13]
CHR Extension: (Realm of the Mad God) - C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp [2015-10-13]
CHR Extension: (Free Rider 3) - C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\efgciaombdjbpmepfcndmfidlklafhcc [2015-10-13]
CHR Extension: (Free Rider HD) - C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\emikpifndnjfkgofoglceekhkbaicbde [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-13]
CHR Extension: (LoungeDestroyer) - C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2016-02-23]
CHR Extension: (Google Docs Offline) - C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Cut the Rope) - C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2015-10-13]
CHR Extension: (Avast Online Security) - C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-13]
CHR Extension: (Sudoku for Google Chrome™) - C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifaabgmcffhggbfgjknkgenljelbocin [2015-10-13]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-01-24]
CHR Extension: (Build with Chrome) - C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2015-10-13]
CHR Extension: (ButtonBass Player Piano) - C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmkonkgohgomnnkaclbiammkcjenfdi [2015-10-13]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-02-20]
CHR Extension: (The Fancy Pants Adventure: World 2) - C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\loamdenijebhollnjgehcfbnpeelfhlk [2015-10-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-13]
CHR Extension: (Gmail) - C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-13]
CHR Extension: (Canvas Rider) - C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-10-13]
CHR HKU\S-1-5-21-3601172860-819855588-2790648827-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-23]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-23] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5561368 2016-01-23] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3685968 2015-07-22] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
S3 Origin Client Service; E:\Program Files\Origin\OriginClientService.exe [2104840 2016-02-03] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-12-17] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService140; E:\Program Files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-171\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-23] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-23] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-03-14] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [147088 2016-01-23] (AVAST Software)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-10-02] (NVIDIA Corporation)
R3 PlantronicsGC; C:\Windows\System32\drivers\PLTGC.sys [1328128 2013-02-07] (C-Media Electronics Inc)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2013-09-18] (Realtek Semiconductor Corporation                           )
R3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [32792 2015-09-29] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [42672 2015-09-29] (SteelSeries ApS)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-02-25] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2016-01-23] (Avast Software)
R2 WtfEngineDrv; C:\Windows\System32\DRIVERS\WtfEngineDrv.sys [27392 2016-02-01] (AAA Internet Publishing, Inc.)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-25 13:01 - 2016-02-25 13:01 - 00022550 _____ C:\Users\ALEX\Desktop\FRST.txt
2016-02-25 13:01 - 2016-02-25 13:01 - 00000000 ____D C:\FRST
2016-02-25 13:00 - 2016-02-25 13:00 - 02371072 _____ (Farbar) C:\Users\ALEX\Desktop\FRST64.exe
2016-02-25 12:51 - 2016-02-25 13:00 - 00000000 ____D C:\ProgramData\RogueKiller
2016-02-25 12:51 - 2016-02-25 12:51 - 20959304 _____ C:\Users\ALEX\Downloads\RogueKiller.exe
2016-02-25 12:51 - 2016-02-25 12:51 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-02-25 12:49 - 2016-02-25 12:49 - 00003237 _____ C:\Users\ALEX\Desktop\JRT.txt
2016-02-25 12:45 - 2016-02-25 12:45 - 01609216 _____ (Malwarebytes) C:\Users\ALEX\Downloads\JRT.exe
2016-02-25 12:39 - 2016-02-25 12:41 - 00000000 ____D C:\AdwCleaner
2016-02-25 12:39 - 2016-02-25 12:39 - 01511936 _____ C:\Users\ALEX\Downloads\AdwCleaner.exe
2016-02-24 14:30 - 2016-02-24 14:38 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-02-24 14:29 - 2016-02-24 14:29 - 16563352 _____ (Malwarebytes Corp.) C:\Users\ALEX\Downloads\mbar-1.09.3.1001.exe
2016-02-21 19:35 - 2016-02-21 19:35 - 00000000 ____D C:\Users\ALEX\AppData\Local\AAA_Internet_Publishing,_
2016-02-21 19:35 - 2016-02-21 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WTFast
2016-02-21 19:35 - 2016-02-01 12:17 - 00027392 _____ (AAA Internet Publishing, Inc.) C:\Windows\system32\Drivers\WtfEngineDrv.sys
2016-02-21 19:33 - 2016-02-21 19:33 - 25862544 _____ (Initex & AAA Internet Publishing ) C:\Users\ALEX\Downloads\WTFastSetup.4.0.6.679.exe
2016-02-19 00:05 - 2016-02-25 12:42 - 00000000 ___RD C:\Users\ALEX\Google Drive
2016-02-19 00:05 - 2016-02-19 00:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-02-18 18:38 - 2016-02-18 18:38 - 00001243 _____ C:\Users\ALEX\Documents\donations.txt
2016-02-14 01:39 - 2016-02-23 19:28 - 00000000 ____D C:\ProgramData\Celavimus
2016-02-03 21:44 - 2016-02-03 21:44 - 00000000 ____D C:\Users\ALEX\Documents\Criterion Games
2016-02-03 21:09 - 2016-02-04 18:35 - 00000000 ____D C:\Users\ALEX\AppData\Roaming\Origin
2016-02-03 21:09 - 2016-02-03 21:44 - 00000000 ____D C:\Users\ALEX\AppData\Local\Origin
2016-02-03 21:08 - 2016-02-08 21:27 - 00000000 ____D C:\ProgramData\Origin
2016-02-03 21:08 - 2016-02-03 21:44 - 00000000 ____D C:\ProgramData\Electronic Arts
2016-02-03 21:08 - 2016-02-03 21:08 - 00000669 _____ C:\Users\Public\Desktop\Origin.lnk
2016-01-29 01:49 - 2016-01-29 01:49 - 00000000 ____D C:\Users\Default\AppData\Roaming\AVAST Software
2016-01-29 01:49 - 2016-01-29 01:49 - 00000000 ____D C:\Users\Default User\AppData\Roaming\AVAST Software
2016-01-28 16:21 - 2016-01-28 16:21 - 00000000 ____D C:\Users\ALEX\AppData\LocalLow\Temp
2016-01-28 16:02 - 2016-01-28 16:02 - 00000000 ____D C:\Users\ALEX\AppData\Roaming\Microsoft FxCop
2016-01-28 15:44 - 2016-01-28 15:44 - 00000000 ____D C:\Program Files (x86)\HTML Help Workshop
2016-01-28 15:39 - 2016-01-28 15:39 - 00000000 ____D C:\ProgramData\Windows App Certification Kit
2016-01-28 15:39 - 2016-01-28 15:39 - 00000000 ____D C:\Program Files\Application Verifier
2016-01-28 15:39 - 2016-01-28 15:39 - 00000000 ____D C:\Program Files (x86)\Application Verifier
2016-01-28 15:38 - 2016-01-28 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2016-01-28 15:29 - 2016-01-28 15:29 - 00000000 ____D C:\Users\ALEX\AppData\Roaming\NuGet
2016-01-28 15:21 - 2016-01-28 15:21 - 00000000 ____D C:\Users\ALEX\.dnx
2016-01-28 14:55 - 2016-02-19 00:04 - 00000000 ____D C:\Users\ALEX\Documents\Visual Studio 2015
2016-01-28 14:52 - 2016-01-28 14:52 - 00000000 ____D C:\ProgramData\PreEmptive Solutions
2016-01-28 14:52 - 2016-01-28 14:52 - 00000000 ____D C:\Program Files (x86)\AppInsights
2016-01-28 14:46 - 2016-01-28 14:46 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2016-01-28 14:46 - 2016-01-28 14:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2016-01-28 14:45 - 2015-07-18 07:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-01-28 14:45 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-01-28 14:44 - 2016-01-28 14:44 - 00000000 ____D C:\ProgramData\NuGet
2016-01-28 14:44 - 2016-01-28 14:44 - 00000000 ____D C:\Program Files\IIS Express
2016-01-28 14:44 - 2016-01-28 14:44 - 00000000 ____D C:\Program Files (x86)\IIS Express
2016-01-28 14:43 - 2016-01-28 14:43 - 00000000 ____D C:\Users\ALEX\AppData\Local\VSIXInstaller
2016-01-28 14:43 - 2016-01-28 14:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Office365 Tools
2016-01-28 14:38 - 2016-01-28 14:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-28 14:38 - 2016-01-28 14:38 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2016-01-28 14:38 - 2016-01-28 14:38 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-01-28 14:38 - 2016-01-28 14:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-28 14:38 - 2013-08-28 20:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-28 14:38 - 2013-08-28 20:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-28 14:38 - 2013-08-28 20:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2016-01-28 14:38 - 2013-08-28 20:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-28 14:38 - 2013-08-28 20:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-28 14:38 - 2013-08-28 19:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-28 14:38 - 2013-08-28 19:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-28 14:38 - 2013-08-28 19:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-28 14:38 - 2013-08-28 19:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2016-01-28 14:38 - 2013-08-28 19:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-28 14:38 - 2013-08-28 19:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-28 14:38 - 2013-08-28 18:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-28 14:38 - 2013-08-28 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-28 14:38 - 2013-08-28 18:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-28 14:38 - 2013-08-28 18:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-28 14:38 - 2013-03-18 23:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-28 14:38 - 2013-03-18 22:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-28 14:38 - 2013-03-18 21:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-28 14:38 - 2013-01-03 23:46 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-28 14:38 - 2012-11-29 23:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-28 14:38 - 2012-11-29 23:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-28 14:38 - 2012-11-29 23:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-28 14:38 - 2012-11-29 23:41 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-28 14:38 - 2012-11-29 23:41 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 22:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-28 14:38 - 2012-11-29 22:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-28 14:38 - 2012-11-29 22:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 22:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 22:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 22:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 22:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 22:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 22:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 22:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 22:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 22:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 22:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 22:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 22:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 21:23 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-28 14:38 - 2012-11-29 20:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-28 14:38 - 2012-11-29 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-28 14:37 - 2016-01-28 14:47 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-01-28 14:37 - 2016-01-28 14:37 - 00000000 ____D C:\ProgramData\Microsoft DNX
2016-01-28 14:37 - 2016-01-28 14:37 - 00000000 ____D C:\Program Files\Microsoft DNX
2016-01-28 14:37 - 2016-01-28 14:37 - 00000000 ____D C:\Program Files (x86)\ShellDir
2016-01-28 14:36 - 2016-01-28 14:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2016-01-28 14:35 - 2016-01-28 14:43 - 00001190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
2016-01-28 14:35 - 2016-01-28 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2016-01-28 14:35 - 2016-01-28 14:35 - 00000000 ____D C:\Program Files\IIS
2016-01-28 14:35 - 2016-01-28 14:35 - 00000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services
2016-01-28 14:35 - 2016-01-28 14:35 - 00000000 ____D C:\Program Files (x86)\IIS
2016-01-28 14:34 - 2016-01-28 15:36 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-01-28 14:34 - 2016-01-28 14:34 - 00000000 ____D C:\Windows\symbols
2016-01-28 14:34 - 2016-01-28 14:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2016-01-28 14:34 - 2016-01-28 14:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2016-01-28 14:33 - 2016-01-28 15:36 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-01-28 14:33 - 2016-01-28 14:41 - 00001189 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
2016-01-28 14:33 - 2016-01-28 14:41 - 00000000 ____D C:\Windows\SysWOW64\1033
2016-01-28 14:33 - 2016-01-28 14:41 - 00000000 ____D C:\Windows\system32\1033
2016-01-28 14:33 - 2016-01-28 14:38 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-01-28 14:33 - 2016-01-28 14:38 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-01-28 14:29 - 2016-01-28 14:29 - 00000000 ____D C:\ProgramData\VsTelemetry
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-25 12:48 - 2009-07-13 23:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-25 12:48 - 2009-07-13 22:45 - 00020400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-25 12:48 - 2009-07-13 22:45 - 00020400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-25 12:48 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-02-25 12:43 - 2015-10-13 21:35 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2016-02-25 12:42 - 2015-10-27 15:02 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-25 12:42 - 2015-10-13 21:07 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-25 12:42 - 2015-10-13 21:07 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-25 12:42 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-25 01:21 - 2015-11-11 18:51 - 00000000 ____D C:\Users\ALEX\AppData\Roaming\TS3Client
2016-02-25 00:25 - 2015-10-13 21:07 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-24 15:29 - 2016-01-25 19:05 - 00000000 ____D C:\Windows\SysWOW64\vbox
2016-02-24 15:29 - 2016-01-25 19:05 - 00000000 ____D C:\Windows\system32\vbox
2016-02-24 14:40 - 2015-11-26 15:41 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-24 14:29 - 2015-10-13 21:10 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-24 13:39 - 2016-01-23 15:13 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-02-23 18:33 - 2015-11-25 00:33 - 00007598 _____ C:\Users\ALEX\AppData\Local\Resmon.ResmonCfg
2016-02-22 14:31 - 2015-10-15 20:00 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-22 14:31 - 2015-10-14 19:57 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-20 21:29 - 2015-10-13 21:07 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-20 21:29 - 2015-10-13 21:07 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-20 20:51 - 2015-10-13 21:07 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-19 01:55 - 2015-10-13 21:07 - 00000000 ____D C:\Program Files\TeraCopy
2016-02-19 01:54 - 2015-10-27 15:02 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-02-19 00:05 - 2015-10-14 08:33 - 00000000 ____D C:\Users\ALEX
2016-02-19 00:05 - 2015-10-13 21:07 - 00000000 ____D C:\Users\ALEX\AppData\Local\Google
2016-02-17 00:22 - 2015-10-16 22:00 - 00000000 ____D C:\Users\ALEX\AppData\Local\Battle.net
2016-02-13 20:34 - 2015-11-19 09:24 - 00000000 ____D C:\Users\ALEX\AppData\Roaming\vlc
2016-02-12 02:06 - 2015-10-13 21:41 - 00000000 ____D C:\Users\ALEX\AppData\Roaming\Curse Client
2016-02-03 21:43 - 2009-07-13 23:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-02-02 19:20 - 2015-10-13 21:07 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 19:20 - 2015-10-13 21:07 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-28 15:47 - 2015-12-17 21:26 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-28 15:43 - 2015-10-13 21:33 - 00773536 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-01-28 14:34 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-01-28 14:33 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
 
==================== Files in the root of some directories =======
 
2015-11-25 00:33 - 2016-02-23 18:33 - 0007598 _____ () C:\Users\ALEX\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\ALEX\AppData\Local\Temp\dllnt_dump.dll
C:\Users\ALEX\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-08 10:57
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-02-2016
Ran by ALEX (2016-02-25 13:01:44)
Running from C:\Users\ALEX\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-10-14 14:33:36)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3601172860-819855588-2790648827-500 - Administrator - Disabled)
ALEX (S-1-5-21-3601172860-819855588-2790648827-1000 - Administrator - Enabled) => C:\Users\ALEX
Guest (S-1-5-21-3601172860-819855588-2790648827-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.14 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version:  - Reloaded Productions)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{B87B45A1-B23C-48DC-8857-9B619B420925}) (Version: 4.1.60107.3 - Microsoft Corporation)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.237 - NC Interactive, LLC) Hidden
Blade & Soul Closed Beta Test (HKLM-x32\...\{F7DBB870-787A-4B0E-A314-C931522A5859}) (Version: 4.0.0.6 - NC Interactive, LLC)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
CEVO CS:GO Client Beta version 2.0 (HKLM-x32\...\CEVO CS:GO Client Beta_is1) (Version: 2.0 - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
D-Link DWA-171 Wireless AC Dual Band Adapter (HKLM-x32\...\{98B82958-1DCA-4504-BE88-C91F1C7A7225}) (Version: 1 - D-Link)
Dotfuscator and Analytics Community Edition 5.19.0 (x32 Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - Trendy Entertainment)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.2.929 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\{E8C84C71-B29A-3EA7-8E47-539E15666508}) (Version: 46.0.2490.71 - Google, Inc.)
Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Guild Wars (HKLM-x32\...\Guild Wars) (Version:  - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
IIS 10.0 Express (HKLM\...\{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}) (Version: 10.0.1735 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)
Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java SE Development Kit 7 Update 80 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170800}) (Version: 1.7.0.800 - Oracle)
Java SE Development Kit 8 Update 65 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180650}) (Version: 8.0.650.17 - Oracle Corporation)
Killing Floor 2 (HKLM-x32\...\Steam App 232090) (Version:  - Tripwire Interactive)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4797.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{10569041-3f7b-4637-80ae-53dd6f8aed08}) (Version: 14.0.23107.156 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.3 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.91 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Plantronics® GameCom 780/788 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 3.20.0001 - Plantronics)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PuTTY release 0.65 (HKLM-x32\...\PuTTY_is1) (Version: 0.65 - Simon Tatham)
qBittorrent 3.2.4 (HKLM-x32\...\qBittorrent) (Version: 3.2.4 - The qBittorrent project)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.68.201.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.24728 - Microsoft Corporation) Hidden
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.5.2 (HKLM\...\SteelSeries Engine 3) (Version: 3.5.2 - SteelSeries ApS)
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.24712 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
TypeScript Power Tool (x32 Version: 1.7.6.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.7.6.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.7.6.0 (HKLM-x32\...\{5ee9a47a-3630-4016-b76d-dc752e9218dd}) (Version: 1.7.24809.0 - Microsoft Corporation)
Universal CRT Extension SDK (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes)
Visual Studio 2015 Update 1 (KB3022398) (HKLM-x32\...\{fcaa9dba-9438-48b6-ad91-4e9b4cc7084a}) (Version: 14.0.24720 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VS Update core components (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windows Driver Package - Microsoft (xusb21) XnaComposite  (08/13/2009 2.1.0.1349) (HKLM\...\0AEBEF6F936CFE16E003F7E141631FAB754D9816) (Version: 08/13/2009 2.1.0.1349 - Microsoft)
WinSCP 5.7.5 (HKLM-x32\...\winscp3_is1) (Version: 5.7.5 - Martin Prikryl)
WTFast 4.0 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 4.0.6.679 - Initex & AAA Internet Publishing)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {4B630CE8-E2CB-4B80-AEC1-00A931928109} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {5AAFC208-4BAE-4E8C-BB01-B4900334FB43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-13] (Google Inc.)
Task: {64ACB8C4-06A5-4FCF-B393-C7A19EEBC4A1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {6D943002-69A7-4AC9-9573-211CE22D6196} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-02-17] (AVAST Software)
Task: {ADA8ACCE-077C-4CB4-AF21-7CD471B5C11E} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {AE674117-8207-4EC3-ABDA-E2B5AF5786C4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-23] (AVAST Software)
Task: {B1C50DCD-826F-4B5E-9650-F50BEBCD2A35} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-15] (Microsoft Corporation)
Task: {B8E720B8-4484-4E82-A57F-4B05E95D7C74} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-13] (Google Inc.)
Task: {BADE26DB-AE90-4888-842C-4E073BA9210D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-15] (Microsoft Corporation)
Task: {D409C21E-48C3-4CC7-89EA-31D28120C215} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-02-22] (Microsoft Corporation)
Task: {D44FC512-1D18-4257-A929-59D1F10A9336} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-10-13] ()
Task: {EA1FA765-7AD9-404A-B840-FCDCF5E0070A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-14 19:57 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-12-17 21:26 - 2015-12-17 21:37 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-10-14 17:30 - 2008-06-26 18:09 - 00167936 _____ () C:\Program Files (x86)\D-Link\DWA-171\WlanWpsSvc.exe
2015-10-15 20:06 - 2015-10-15 20:06 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-13 21:07 - 2012-01-29 15:55 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2016-02-20 21:29 - 2016-02-18 06:15 - 02046616 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-20 21:29 - 2016-02-18 06:15 - 00097944 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
2016-01-23 15:13 - 2016-01-23 15:13 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-01-23 15:13 - 2016-01-23 15:13 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-25 12:34 - 2016-02-25 12:34 - 02836480 _____ () C:\Program Files\AVAST Software\Avast\defs\16022501\algo.dll
2016-01-23 15:13 - 2016-01-23 15:13 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-23 15:13 - 2016-01-23 15:13 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3601172860-819855588-2790648827-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{6B9C62FD-915C-49FB-9D2C-DC71611C101E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B94C7D55-B9FC-4E83-A7F5-2700DC698E36}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F9BE5F07-9EBD-4B9B-8B3B-869F866DC523}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{1682FFCA-0321-41A2-A698-12BE7D54BC01}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{B9620C2D-9493-424F-8B97-177763FACB94}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{96AF9C2B-DB5C-4AB8-8C8F-F8AA9BF2321D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DEE7F928-CE61-42A4-95EB-11AB44E22EBE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{36B6BE20-89E4-4868-A5AC-0BCCF89ECEB6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{B44A2CA1-820A-4F3D-92EF-04F5A11F9084}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{13B1BEF9-0622-4E66-BAEA-1D22984F1E65}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{26E6BDE4-78EB-4973-B1E0-D3BD7EC9B606}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{40D26988-24AA-4BCB-95EF-4E5A3DB3907A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{47EC49BB-72BB-49F5-94B6-BAEE16E4331E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{837D876F-ABB7-42F6-A218-F62FF77E4C2F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{9E1BEC1A-EEB3-4A6A-B99D-42953FF58534}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AC9B7459-7BB1-41CA-AB8C-73B7D5BB3CAF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FC581F35-D70F-453F-BD8C-CD1748E95B85}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F57BD254-5FC5-4270-85EE-A21C7FDCB115}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{2279CA7C-47D8-48BF-8DAB-BF90B9891DA8}] => (Allow) E:\SteamLibrary\steamapps\common\APB Reloaded\Launcher\APBLauncher.exe
FirewallRules: [{243A3B4A-75AD-45D1-A08B-B940FA5F3185}] => (Allow) E:\SteamLibrary\steamapps\common\APB Reloaded\Launcher\APBLauncher.exe
FirewallRules: [{E1A9D285-6A5A-473D-AC7B-AF2AB7F4E587}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{AB738401-541C-41D0-A6ED-5522D11F9DCD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{06595F27-43DF-453A-B13C-1E8DFDCCAD2C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{10A8C946-4462-4FB6-9CEA-417F94F46BE8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B799C36B-78FA-454B-85C6-944DF3BBD1C0}] => (Allow) E:\SteamLibrary\steamapps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{66BA2445-45E4-4AC0-89A6-87582D180C94}] => (Allow) E:\SteamLibrary\steamapps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{B2FAE470-6D26-4266-B836-FAE74037B0D1}] => (Allow) E:\SteamLibrary\steamapps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{9A365795-972C-46EB-9551-03F1BCC86F1B}] => (Allow) E:\SteamLibrary\steamapps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{406677F7-B9D6-44B4-82F4-6F3D6D3ECAE6}] => (Allow) E:\SteamLibrary\steamapps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{4B457E4E-6AA7-45C2-BDBA-EFAEE68DD3AE}] => (Allow) E:\SteamLibrary\steamapps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{03C57C53-4E3A-4D84-B0EF-BD7E55E7DE3A}] => (Allow) E:\SteamLibrary\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{65BCA657-373A-4F35-A953-CB10E7A6CCE7}] => (Allow) E:\SteamLibrary\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{56B81CA6-9C72-4E6E-B754-1F3BA70C7DDE}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{2EBC484D-8F88-4C1E-B1C0-61DAED94E03E}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{391DD714-1AA5-4077-8062-98E0D3C798E7}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C65966D5-0411-4A93-838A-14EA7B808A4A}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{CEE21716-F276-47CD-999A-A939B05B8BA7}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{90904995-C984-4B38-BB76-B9882788153C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{FFD45834-4D6B-49B3-82B6-E32CD4FC1AC4}] => (Allow) E:\Program Files\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{48903F1D-C624-471E-9136-DC3E40792155}] => (Allow) E:\Program Files (x86)\Origin Games\Need for Speed™ Most Wanted\NFS13.exe
FirewallRules: [{C5CBFEC7-DF39-467E-A4C0-64C08BD366B0}] => (Allow) E:\Program Files (x86)\Origin Games\Need for Speed™ Most Wanted\NFS13.exe
FirewallRules: [{BDBD7BDA-463C-4D9A-A26A-9CEEE7C0F9A1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CF40AB62-0856-438C-A457-BB58288ADAAA}] => (Allow) E:\Program Files\WTFast\WTFast.exe
FirewallRules: [{CE16C915-E5B3-4B09-A1C1-EF207DD6A174}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{99ACA5D2-C4CE-4F5B-9874-47155950DECF}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{873291D0-BB60-4454-A411-1F0C90F98567}] => (Allow) E:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{252B4EAD-DB21-42F7-9B42-0B977FC23D34}] => (Allow) E:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
 
==================== Restore Points =========================
 
25-02-2016 12:47:05 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/18/2016 11:58:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Homework1.exe, version: 0.0.0.0, time stamp: 0x56c6af23
Faulting module name: Homework1.exe, version: 0.0.0.0, time stamp: 0x56c6af23
Exception code: 0xc0000005
Fault offset: 0x0001ac27
Faulting process id: 0x1e88
Faulting application start time: 0xHomework1.exe0
Faulting application path: Homework1.exe1
Faulting module path: Homework1.exe2
Report Id: Homework1.exe3
 
Error: (02/18/2016 11:58:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Homework1.exe, version: 0.0.0.0, time stamp: 0x56c6aef5
Faulting module name: Homework1.exe, version: 0.0.0.0, time stamp: 0x56c6aef5
Exception code: 0xc0000005
Fault offset: 0x0001ac20
Faulting process id: 0x2320
Faulting application start time: 0xHomework1.exe0
Faulting application path: Homework1.exe1
Faulting module path: Homework1.exe2
Report Id: Homework1.exe3
 
Error: (02/18/2016 11:56:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Homework1.exe, version: 0.0.0.0, time stamp: 0x56c6ae9b
Faulting module name: Homework1.exe, version: 0.0.0.0, time stamp: 0x56c6ae9b
Exception code: 0xc0000005
Fault offset: 0x0001ac20
Faulting process id: 0x25f0
Faulting application start time: 0xHomework1.exe0
Faulting application path: Homework1.exe1
Faulting module path: Homework1.exe2
Report Id: Homework1.exe3
 
Error: (02/18/2016 11:55:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Homework1.exe, version: 0.0.0.0, time stamp: 0x56c6996c
Faulting module name: Homework1.exe, version: 0.0.0.0, time stamp: 0x56c6996c
Exception code: 0xc0000005
Fault offset: 0x00019f20
Faulting process id: 0x490
Faulting application start time: 0xHomework1.exe0
Faulting application path: Homework1.exe1
Faulting module path: Homework1.exe2
Report Id: Homework1.exe3
 
Error: (02/18/2016 10:26:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Homework1.exe, version: 0.0.0.0, time stamp: 0x56c6996c
Faulting module name: Homework1.exe, version: 0.0.0.0, time stamp: 0x56c6996c
Exception code: 0xc0000005
Fault offset: 0x00019f20
Faulting process id: 0x2118
Faulting application start time: 0xHomework1.exe0
Faulting application path: Homework1.exe1
Faulting module path: Homework1.exe2
Report Id: Homework1.exe3
 
Error: (02/18/2016 10:26:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Homework1.exe, version: 0.0.0.0, time stamp: 0x56c69958
Faulting module name: Homework1.exe, version: 0.0.0.0, time stamp: 0x56c69958
Exception code: 0xc0000005
Fault offset: 0x00019f1d
Faulting process id: 0x22f8
Faulting application start time: 0xHomework1.exe0
Faulting application path: Homework1.exe1
Faulting module path: Homework1.exe2
Report Id: Homework1.exe3
 
Error: (02/18/2016 10:25:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Homework1.exe, version: 0.0.0.0, time stamp: 0x56c6993d
Faulting module name: Homework1.exe, version: 0.0.0.0, time stamp: 0x56c6993d
Exception code: 0xc0000005
Fault offset: 0x00019f20
Faulting process id: 0x2b84
Faulting application start time: 0xHomework1.exe0
Faulting application path: Homework1.exe1
Faulting module path: Homework1.exe2
Report Id: Homework1.exe3
 
Error: (02/18/2016 10:20:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Homework1.exe, version: 0.0.0.0, time stamp: 0x56c69811
Faulting module name: Homework1.exe, version: 0.0.0.0, time stamp: 0x56c69811
Exception code: 0xc0000005
Fault offset: 0x00019f1d
Faulting process id: 0x25dc
Faulting application start time: 0xHomework1.exe0
Faulting application path: Homework1.exe1
Faulting module path: Homework1.exe2
Report Id: Homework1.exe3
 
Error: (02/18/2016 10:11:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Homework1.exe, version: 0.0.0.0, time stamp: 0x56c695f2
Faulting module name: Homework1.exe, version: 0.0.0.0, time stamp: 0x56c695f2
Exception code: 0xc0000005
Fault offset: 0x00019f1d
Faulting process id: 0x27f8
Faulting application start time: 0xHomework1.exe0
Faulting application path: Homework1.exe1
Faulting module path: Homework1.exe2
Report Id: Homework1.exe3
 
Error: (02/18/2016 10:10:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Homework1.exe, version: 0.0.0.0, time stamp: 0x56c691b7
Faulting module name: Homework1.exe, version: 0.0.0.0, time stamp: 0x56c691b7
Exception code: 0xc0000005
Fault offset: 0x00019f1d
Faulting process id: 0x2778
Faulting application start time: 0xHomework1.exe0
Faulting application path: Homework1.exe1
Faulting module path: Homework1.exe2
Report Id: Homework1.exe3
 
 
System errors:
=============
Error: (02/25/2016 12:51:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (02/25/2016 12:50:43 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.
 
Error: (02/25/2016 12:47:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/25/2016 12:41:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/25/2016 12:41:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® ME Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/25/2016 12:41:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (02/25/2016 12:41:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (02/25/2016 12:41:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WlanWpsSvc service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (02/25/2016 12:41:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PnkBstrA service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/25/2016 12:41:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 28%
Total physical RAM: 8131.34 MB
Available physical RAM: 5853.16 MB
Total Virtual: 16260.86 MB
Available Virtual: 14147.31 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.24 GB) (Free:25.77 GB) NTFS
Drive e: (STORAGE) (Fixed) (Total:1862.92 GB) (Free:1739.93 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: BE81C3BF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: BE81C3C7)
Partition 1: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



#7 Zandaa

Zandaa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 25 February 2016 - 02:09 PM

Hey thanks for all the trouble, here's the last file! I'm going to reboot now and see if anything happens while doing some school work.

Attached Files



#8 Zandaa

Zandaa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 25 February 2016 - 02:56 PM

It's been roughly an hour and no problems so far! I also find it hilarious that it saw that my homework program didn't work I laughed a bit harder than I should have at that. 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:11 AM

Posted 25 February 2016 - 04:16 PM

Greetings,

Can you confirm you are talking about Homework1.exe?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Zandaa

Zandaa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 25 February 2016 - 05:42 PM

Yeah homework1.exe was a program(non functioning) that I made.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:11 AM

Posted 25 February 2016 - 05:45 PM

OK, thanks,

Please run these while we monitor your computer.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Zandaa

Zandaa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 25 February 2016 - 09:14 PM

ESET log: (not sure why it was so short)

 

C:\Windows\AutoKMS\AutoKMS.exe a variant of MSIL/HackKMS.G potentially unsafe application deleted



#13 Zandaa

Zandaa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 25 February 2016 - 09:17 PM

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Microsoft VisualStudio JavaScript Language Service 
 Microsoft VisualStudio JavaScript Project System 
 Java version 32-bit out of Date! 
 Google Chrome (48.0.2564.109) 
 Google Chrome (48.0.2564.116) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 37% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 


#14 Zandaa

Zandaa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 25 February 2016 - 09:19 PM

After uninstalling ESET Online Scanner v3, my avast alerted me that ESET left behind 4 files after being uninstalled, should I remove the files manually or let avast remove them?



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:11 AM

Posted 25 February 2016 - 10:45 PM

I am not sure what files Avast has identified but the ESET file is related to an illegal copy of Microsoft Office. Everything else looks fine.

Normally I would require the removal of the illegal software but assuming you are not having any issues I think we are done. If there is more stuff that needs to be done that program will have to be removed.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users