Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cdn.fastclick.net/js/adcodes/pubcode.min.js


  • This topic is locked This topic is locked
6 replies to this topic

#1 DavidP47

DavidP47

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario, Canada
  • Local time:11:53 AM

Posted 26 March 2016 - 02:11 PM

Hello.

about an hour or so ago, my computer asked for my permission to download or install something called pubcode.min.js.  I denied it, but since then it has asked for permission a few times again.  I ran Malwarebytes, but it didn't find anything.  I don't recall having installed anything recently, so I'm not sure how this could have happened.

I'm not sure what to do.

 

Thank you in advance.

DavidP



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,977 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:53 AM

Posted 27 March 2016 - 08:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

=======

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Please post the logs.

Let me know what problems persists.

#3 DavidP47

DavidP47
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario, Canada
  • Local time:11:53 AM

Posted 27 March 2016 - 10:50 AM

Hello again.  Thank you for the quick response.  Before I paste the logs, I should tell you that some time between when I posted the first time and the time you responded I ran CCleaner and it got rid of a few things.  I haven't seen the program try to install anything since I did that.  With that said, here are the logs.

 

============

Malwarebytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/27/2016
Scan Time: 11:26 AM
Logfile: MBAM Report.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.03.27.02
Rootkit Database: v2016.03.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: David

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 476277
Time Elapsed: 10 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

=======================================

AdwCleaner:

 

# AdwCleaner v5.106 - Logfile created 27/03/2016 at 11:40:55
# Updated 27/03/2016 by Xplode
# Database : 2016-03-27.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : David - DPICASSINOS-PC
# Running from : C:\Users\David\Downloads\adwcleaner_5.106.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1145 bytes] - [27/03/2016 11:40:55]
C:\AdwCleaner\AdwCleaner[S1].txt - [1184 bytes] - [27/03/2016 11:39:41]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1291 bytes] ##########
 

================================================

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by David (administrator) on DPICASSINOS-PC (27-03-2016 11:44:38)
Running from C:\Users\David\Desktop\New folder (5)
Loaded Profiles: David (Available Profiles: David & Angelo)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\SysWOW64\ASGT.exe
(Scarlet.Crush Productions) E:\PCSX2\SCP-DS3-Driver-Package-1.0.0.103\ScpServer\bin\ScpService.exe
() C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AviraSpeedup\Avira.SystemSpeedup.SpeedupService.exe
() C:\MSI\Smart Utilities\SuperRAIDSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
(Realtek Semiconductor) C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe
() C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
(MSI CO.,LTD.) C:\Program Files (x86)\MSI\Command Center\CPU\CPU_Ratio\CPU_Ratio.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AviraSpeedup\Avira.SystemSpeedup.UI.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Screenleap, Inc.) C:\Users\David\AppData\Local\Screenleap\Screenleap.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Micro-Star INT'L CO.,LTD.) C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update\Live Update.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_ep64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(LG Electronics Inc.) C:\Program Files (x86)\LG Software\LG Smart Share\Update\SmartShareTray.exe
(LG Electronics Inc.) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
() C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-06-18] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4887752 2015-12-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [764472 2012-09-19] ()
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [814064 2014-04-02] ()
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\StartLiveUpdate.exe [579056 2014-03-28] (Micro-Star International)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [807392 2016-03-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [477064 2013-12-22] (Autodesk Inc.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2015-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-11] (Dropbox, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [56592 2016-03-02] (Raptr, Inc)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\AviraSpeedup\Avira.SystemSpeedup.Core.Common.Starter.exe [14952 2016-03-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-03-10] (Plays.tv, LLC)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2016-03-22] (LogMeIn Inc.)
HKU\S-1-5-21-3970613556-3649599641-2596357327-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3970613556-3649599641-2596357327-1001\...\Run: [3DFE07AAA0B32A309ED9547B543D5CA16227B004._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-11-14] (Google Inc.)
HKU\S-1-5-21-3970613556-3649599641-2596357327-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3970613556-3649599641-2596357327-1001\...\Run: [Screenleap] => C:\Users\David\AppData\Local\Screenleap\Screenleap.exe [2895400 2016-03-23] (Screenleap, Inc.)
HKU\S-1-5-21-3970613556-3649599641-2596357327-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-3970613556-3649599641-2596357327-1001\...\MountPoints2: {dde14170-51e2-11e4-8254-448a5b9fc1a4} - "G:\AutoRun.exe"
HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [312120 2016-03-23] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe [2701048 2013-10-16] (ASUS)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{3B9643F7-81B2-4F90-A952-0F14DDF74099}: [DhcpNameServer] 64.71.255.204 64.71.255.198

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3970613556-3649599641-2596357327-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-27] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-27] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-27] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-27] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\5LxjwcaE.default
FF Homepage: hxxps://www.google.ca/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-21] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-27] (Oracle Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-27] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll [2014-10-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll [2014-10-12] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-02-17]
FF Extension: Avira Browser Safety - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\5LxjwcaE.default\Extensions\abs@avira.com [2016-03-15]
FF Extension: Adblock Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\5LxjwcaE.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn

Chrome:
=======
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-03]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-03]
CHR Extension: (Adblock Plus) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-10]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-03]
CHR Extension: (Store) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-02-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [576904 2013-12-22] (Autodesk Inc.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [955736 2016-03-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466504 2016-03-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466504 2016-03-12] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1424880 2016-03-12] (Avira Operations GmbH & Co. KG)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-15] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-15] (Dropbox, Inc.)
R2 Ds3Service; E:\PCSX2\SCP-DS3-Driver-Package-1.0.0.103\ScpServer\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
R2 ECOSERVICE; C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe [2126448 2014-04-10] ()
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-12-03] (Ellora Assets Corp.) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-06-18] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2016-03-22] (LogMeIn, Inc.)
S3 mi-raysat_3dsmax2015_64; C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [86016 2011-09-15] () [File not signed]
S3 MSIBIOSData_CC; C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe [2101248 2014-03-24] (MSI) [File not signed]
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [313856 2014-03-26] () [File not signed]
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2117120 2014-03-24] () [File not signed]
R3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4115456 2014-03-31] () [File not signed]
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [1990144 2014-04-02] () [File not signed]
S3 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2235904 2014-03-26] () [File not signed]
S3 MSISaveLoad_CC; C:\Program Files (x86)\MSI\Command Center\MSISaveLoadService.exe [3957760 2014-03-24] () [File not signed]
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [183808 2014-03-26] () [File not signed]
R3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [540672 2014-03-24] () [File not signed]
S3 MSIWMI_CC; C:\Program Files (x86)\MSI\Command Center\MSIWMIService.exe [183296 2014-03-24] () [File not signed]
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [83952 2014-03-27] (Micro-Star International)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-03-10] (Plays.tv, LLC)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-12-28] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2015-12-28] ()
R2 SpeedupService; C:\Program Files (x86)\Avira\AviraSpeedup\Avira.SystemSpeedup.SpeedupService.exe [24224 2016-03-23] (Avira Operations GmbH & Co. KG)
R2 SuperRAIDSvc; C:\MSI\Smart Utilities\SuperRAIDSvc.exe [24048 2014-04-03] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2015-10-02] (Wacom Technology, Corp.)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [18384 2014-03-14] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcpiCtlDrv; C:\Windows\System32\drivers\AcpiCtlDrv.sys [25880 2012-07-17] (Intel Corporation)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices)
S3 atillk64; C:\Program Files (x86)\ASUS\GPU Tweak\atillk64.sys [14608 2006-07-19] (ATI Technologies Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-12] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-10-12] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-03-22] (LogMeIn Inc.)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [22216 2014-05-27] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [22728 2014-05-27] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] ()
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [28912 2014-02-18] (Intel Corporation)
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-07-02] (ASUSTeK Computer Inc.)
R3 ISCT; C:\Windows\System32\drivers\ISCTD.sys [44744 2014-02-03] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
R3 NTIOLib_ECO; C:\Program Files (x86)\MSI\ECO Center\NTIOLib_X64.sys [13808 2014-01-06] (MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
S3 NTIOLib_MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
S3 NTIOLib_MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
R3 NTIOLib_MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
S3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI)
S3 NTIOLib_MSIFrequency_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\CPU_Frequency\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
R3 NTIOLib_MSIRatio_CC; C:\Program Files (x86)\MSI\Command Center\CPU\CPU_Ratio\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
S3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
R3 NTIOLib_MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
R3 NTIOLib_MSI_RAID; C:\MSI\Smart Utilities\NTIOLib_X64.sys [13808 2014-03-17] (MSI)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WinRing0_1_2_0; E:\Chrome Downloads\RealTemp_370\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-27 11:44 - 2016-03-27 11:44 - 00000000 ____D C:\FRST
2016-03-27 11:43 - 2016-03-27 11:44 - 00000000 ____D C:\Users\David\Desktop\New folder (5)
2016-03-27 11:42 - 2016-03-27 11:42 - 00001370 _____ C:\Users\David\Desktop\AdwCleaner[C1].txt
2016-03-27 11:39 - 2016-03-27 11:39 - 00003713 _____ C:\Users\David\Desktop\Instructions.txt
2016-03-27 11:38 - 2016-03-27 11:38 - 01538560 _____ C:\Users\David\Downloads\adwcleaner_5.106.exe
2016-03-27 11:37 - 2016-03-27 11:37 - 00001047 _____ C:\Users\David\Desktop\MBAM Report.txt
2016-03-27 00:50 - 2016-03-27 00:50 - 00000000 ____D C:\Users\David\AppData\LocalLow\uTorrent
2016-03-26 14:05 - 2016-03-26 14:05 - 06868672 _____ (Piriform Ltd) C:\Users\David\Downloads\ccsetup516.exe
2016-03-26 14:05 - 2016-03-26 14:05 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-03-26 14:05 - 2016-03-26 14:05 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-26 14:05 - 2016-03-26 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-03-26 14:05 - 2016-03-26 14:05 - 00000000 ____D C:\Program Files\CCleaner
2016-03-25 19:35 - 2016-03-25 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-03-25 19:35 - 2016-03-25 19:35 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-03-25 11:52 - 2016-03-26 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zuma Deluxe RA
2016-03-25 00:29 - 2016-03-25 00:29 - 00016418 _____ C:\Users\David\Downloads\orthanc_4579409.schematic
2016-03-24 10:33 - 2016-03-26 10:02 - 00000000 ____D C:\Users\Public\Speedup Sessions
2016-03-23 19:05 - 2016-03-23 19:07 - 00000000 ____D C:\Users\David\Documents\GHOSTBUSTERS ™
2016-03-23 19:05 - 2016-03-23 19:05 - 00000000 ____D C:\Users\David\AppData\Local\GHOSTBUSTERS ™
2016-03-23 12:00 - 2016-03-23 12:00 - 00000000 ____D C:\Program Files (x86)\Atari
2016-03-22 16:16 - 2016-03-22 16:16 - 00045680 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys
2016-03-20 10:38 - 2013-07-02 19:29 - 00024824 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys
2016-03-19 17:52 - 2016-03-19 17:52 - 00000000 ____D C:\Users\David\AppData\Local\PAYDAY 2
2016-03-19 17:42 - 2016-03-19 17:42 - 00000898 _____ C:\Users\David\Desktop\PayDay 2.lnk
2016-03-19 16:18 - 2016-03-19 16:18 - 03756405 _____ C:\Users\David\Desktop\Keyboard_UV_Map.psd
2016-03-19 16:09 - 2016-03-19 16:11 - 16777260 _____ C:\Users\David\Desktop\Keyboard_Diffuse_v1.tga
2016-03-19 16:09 - 2016-03-19 16:11 - 00000132 _____ C:\Users\David\AppData\Roaming\Adobe Targa Format CC Prefs
2016-03-19 14:44 - 2016-03-19 14:44 - 16777755 _____ C:\Users\David\Desktop\Keyboard_UV_Map.tga
2016-03-19 13:20 - 2016-03-25 19:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-18 16:42 - 2016-03-18 16:42 - 00000000 ____D C:\Users\David\Documents\Battlestations-Midway
2016-03-18 12:19 - 2016-03-18 12:19 - 00000000 ____D C:\Users\David\Desktop\New folder (4)
2016-03-18 12:16 - 2016-03-18 12:16 - 00000000 ____D C:\Users\David\Downloads\new ps2
2016-03-17 22:29 - 2016-03-17 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-17 21:19 - 2016-03-26 22:54 - 00000076 _____ C:\Users\David\.screenleap
2016-03-17 21:14 - 2016-03-27 11:42 - 00000000 ____D C:\ProgramData\Screenleap
2016-03-17 21:14 - 2016-03-17 21:18 - 00002008 _____ C:\Users\David\Desktop\Screenleap.lnk
2016-03-17 21:14 - 2016-03-17 21:18 - 00000000 ____D C:\Users\David\AppData\Local\Screenleap
2016-03-17 14:09 - 2016-03-17 14:09 - 00000000 ____D C:\Users\David\Downloads\uLaunchELF_v4.42b
2016-03-17 14:08 - 2016-03-17 14:08 - 01505403 _____ C:\Users\David\Downloads\uLaunchELF_v4.42b.zip
2016-03-17 13:50 - 2016-03-17 18:01 - 00000000 ____D C:\Users\David\Downloads\uLaunchELF_v3.42
2016-03-17 13:50 - 2016-03-17 13:50 - 00686271 _____ C:\Users\David\Downloads\uLaunchELF_v3.42.zip
2016-03-16 14:40 - 2016-03-16 14:40 - 00102226 _____ C:\Users\David\Downloads\Preplacement Medical Form.zip
2016-03-16 14:40 - 2016-03-16 14:40 - 00000000 ____D C:\Users\David\Downloads\Preplacement Medical Form
2016-03-16 14:39 - 2016-03-16 14:46 - 00000000 ____D C:\Users\David\Downloads\HR Induction & Health Assessment
2016-03-16 14:39 - 2016-03-16 14:39 - 01273191 _____ C:\Users\David\Downloads\HR Induction & Health Assessment.zip
2016-03-15 17:47 - 2016-03-20 16:07 - 00000000 ____D C:\Users\David\Desktop\New folder (3)
2016-03-14 17:09 - 2016-03-14 17:09 - 01064091 _____ C:\Users\David\Downloads\uLaunchELF_v4.11.zip
2016-03-09 21:35 - 2016-03-09 21:35 - 00899414 _____ C:\Users\David\Downloads\SetupDVDDecrypter_3.5.4.0.exe
2016-03-09 21:35 - 2016-03-09 21:35 - 00001948 _____ C:\Users\David\Desktop\DVD Decrypter.lnk
2016-03-09 21:35 - 2016-03-09 21:35 - 00001948 _____ C:\Users\Angelo\Desktop\DVD Decrypter.lnk
2016-03-09 21:35 - 2016-03-09 21:35 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVD Decrypter
2016-03-09 21:35 - 2016-03-09 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Decrypter
2016-03-09 21:35 - 2016-03-09 21:35 - 00000000 ____D C:\Program Files (x86)\DVD Decrypter
2016-03-09 21:26 - 2016-03-09 21:26 - 00000000 ____D C:\Users\David\Downloads\PS2-Hackpack_0
2016-03-09 19:32 - 2016-03-09 19:33 - 00000000 ____D C:\Users\David\Documents\LoversInADangerousSpacetime
2016-03-09 13:38 - 2016-03-09 13:38 - 00000222 _____ C:\Users\David\Desktop\Lovers in a Dangerous Spacetime.url
2016-03-09 11:19 - 2016-02-20 11:45 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-09 11:19 - 2016-02-20 11:45 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-09 11:19 - 2016-02-20 11:45 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-09 11:19 - 2016-02-20 11:45 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-09 11:19 - 2016-02-20 11:45 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-09 11:19 - 2016-02-20 11:45 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-09 11:19 - 2016-02-12 15:14 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-09 11:19 - 2016-02-12 11:14 - 03708416 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-09 11:19 - 2016-02-12 10:55 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-03-09 11:19 - 2016-02-12 10:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-09 11:19 - 2016-02-12 10:54 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-09 11:19 - 2016-02-12 10:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-09 11:19 - 2016-02-12 10:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-09 11:19 - 2016-02-12 10:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-09 11:19 - 2016-02-12 10:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-09 11:19 - 2016-02-12 10:48 - 02244096 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-09 11:19 - 2016-02-12 10:47 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-09 11:19 - 2016-02-12 10:46 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-09 11:19 - 2016-02-11 10:21 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2016-03-09 11:19 - 2016-02-11 10:21 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2016-03-09 11:19 - 2016-02-11 10:20 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2016-03-09 11:19 - 2016-02-11 10:20 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2016-03-09 11:19 - 2016-02-08 17:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-09 11:19 - 2016-02-08 16:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-09 11:19 - 2016-02-08 16:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-09 11:19 - 2016-02-08 16:29 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-03-09 11:19 - 2016-02-08 16:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-09 11:19 - 2016-02-08 16:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-09 11:19 - 2016-02-08 16:07 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-03-09 11:19 - 2016-02-08 16:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-09 11:19 - 2016-02-08 16:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-09 11:19 - 2016-02-08 16:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-09 11:19 - 2016-02-08 16:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-09 11:19 - 2016-02-08 16:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-09 11:19 - 2016-02-08 15:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-09 11:19 - 2016-02-08 15:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-09 11:19 - 2016-02-08 15:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-09 11:19 - 2016-02-08 14:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-09 11:19 - 2016-02-08 14:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-09 11:19 - 2016-02-08 14:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-09 11:19 - 2016-02-08 14:14 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-03-09 11:19 - 2016-02-08 14:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-09 11:19 - 2016-02-08 13:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-09 11:19 - 2016-02-08 13:42 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-03-09 11:19 - 2016-02-08 13:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-09 11:19 - 2016-02-08 13:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-09 11:19 - 2016-02-08 13:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-09 11:19 - 2016-02-08 13:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-09 11:19 - 2016-02-08 13:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-09 11:19 - 2016-02-08 13:15 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-03-09 11:19 - 2016-02-08 13:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-09 11:19 - 2016-02-08 12:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-09 11:19 - 2016-02-06 14:08 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 11:19 - 2016-02-06 12:58 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-09 11:19 - 2016-02-06 12:32 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-09 11:19 - 2016-02-05 15:07 - 00292696 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
2016-03-09 11:19 - 2016-02-05 15:07 - 00243032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMASF.DLL
2016-03-09 11:19 - 2016-02-05 15:06 - 00046768 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-09 11:19 - 2016-02-05 11:03 - 15432704 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-09 11:19 - 2016-02-05 11:00 - 13318144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-09 11:19 - 2016-02-05 10:59 - 07784960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-03-09 11:19 - 2016-02-05 10:55 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 11:19 - 2016-02-05 10:48 - 07075840 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-03-09 11:19 - 2016-02-05 10:47 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-03-09 11:19 - 2016-02-04 14:18 - 04174336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-09 11:19 - 2016-02-04 14:18 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-09 11:19 - 2016-02-04 14:12 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-09 11:19 - 2016-02-04 13:44 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-09 11:19 - 2016-02-04 13:39 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-09 11:19 - 2016-02-04 13:24 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-09 11:19 - 2016-02-04 13:02 - 00483328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-09 11:19 - 2016-02-03 16:37 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-03-09 11:19 - 2016-02-03 16:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-03-09 11:19 - 2016-02-03 11:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-03-09 11:19 - 2016-02-03 11:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-09 11:19 - 2016-02-03 11:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-09 11:19 - 2016-01-31 15:16 - 00148832 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-09 11:19 - 2016-01-24 14:19 - 00419160 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2016-03-09 11:19 - 2016-01-24 14:19 - 00378712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-03-09 11:19 - 2016-01-24 14:19 - 00331608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2016-03-09 11:19 - 2016-01-24 07:57 - 01335296 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2016-03-09 11:19 - 2016-01-24 07:45 - 01063424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2016-03-09 11:19 - 2016-01-10 12:41 - 01707008 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-03-09 11:19 - 2016-01-10 12:31 - 01344512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-03-09 11:19 - 2016-01-08 21:49 - 00218448 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2016-03-09 11:19 - 2016-01-08 21:49 - 00192120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2016-03-09 11:19 - 2016-01-08 21:38 - 00091992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-03-09 11:19 - 2016-01-06 19:46 - 00148752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2016-03-09 11:19 - 2016-01-06 19:45 - 00177712 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2016-03-09 11:19 - 2016-01-06 14:25 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-03-09 11:19 - 2016-01-06 12:47 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2016-03-09 11:19 - 2016-01-05 11:00 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-03-09 11:19 - 2015-12-30 17:53 - 02017624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-09 11:19 - 2015-12-30 16:49 - 00470360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-03-09 11:19 - 2015-12-20 10:57 - 00839168 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-03-09 11:19 - 2015-12-20 10:56 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2016-03-09 11:19 - 2015-12-20 10:43 - 00696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2016-03-09 11:19 - 2015-11-19 10:33 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-09 11:19 - 2015-11-19 10:26 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-03-09 11:18 - 2016-01-15 12:56 - 02487296 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2016-03-09 11:18 - 2016-01-15 12:45 - 01482240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2016-03-09 11:17 - 2016-03-27 11:42 - 00000000 ____D C:\Users\David\AppData\Roaming\PlaysTV
2016-03-09 11:16 - 2016-03-09 11:17 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-03-07 21:12 - 2016-03-23 11:39 - 00001444 _____ C:\Users\David\Desktop\Clandestine - Shortcut.lnk
2016-03-07 21:02 - 2016-03-07 21:02 - 00000000 ____D C:\Users\David\AppData\LocalLow\Logic Artists
2016-03-07 20:44 - 2016-03-07 21:02 - 00000000 ____D C:\Program Files\Clandestine
2016-03-02 13:18 - 2016-03-02 13:18 - 05078344 _____ C:\Users\David\Downloads\PS2-Hackpack_0.rar
2016-02-29 18:17 - 2016-03-07 11:07 - 00000034 _____ C:\Users\David\AppData\Roaming\AdobeWLCMCache.dat
2016-02-29 18:13 - 2016-02-29 18:13 - 00001733 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2015 (32 Bit).lnk
2016-02-29 18:13 - 2016-02-29 18:13 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2015.lnk
2016-02-29 18:13 - 2016-02-29 18:13 - 00000000 ____D C:\ProgramData\ALM

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-27 11:44 - 2014-10-22 20:24 - 00000000 ____D C:\Users\David\AppData\Local\LogMeIn Hamachi
2016-03-27 11:44 - 2014-10-14 22:01 - 00000000 ____D C:\Users\David\AppData\Roaming\Skype
2016-03-27 11:42 - 2015-12-01 12:44 - 00000000 ____D C:\Users\David\AppData\Roaming\Raptr
2016-03-27 11:42 - 2015-07-15 20:41 - 00000000 ___RD C:\Users\David\Dropbox
2016-03-27 11:42 - 2015-07-15 20:40 - 00000000 ____D C:\Users\David\AppData\Local\Dropbox
2016-03-27 11:42 - 2014-10-12 03:58 - 00014480 _____ C:\Windows\SysWOW64\Utility.xml
2016-03-27 11:41 - 2015-07-15 20:40 - 00000932 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-03-27 11:41 - 2015-02-14 17:40 - 00000000 ___DO C:\Users\David\OneDrive
2016-03-27 11:41 - 2014-10-12 03:25 - 00000306 _____ C:\Windows\Tasks\RtlNetworkGenieVistaStart.job
2016-03-27 11:41 - 2014-10-12 03:20 - 00002163 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-27 11:41 - 2014-10-12 03:20 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-27 11:41 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-27 11:41 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-03-27 11:40 - 2015-08-14 12:10 - 00000000 ____D C:\AdwCleaner
2016-03-27 11:30 - 2014-10-12 03:19 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3970613556-3649599641-2596357327-1001
2016-03-27 11:26 - 2015-12-04 21:11 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-27 11:25 - 2015-12-04 21:11 - 00001078 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-27 11:25 - 2015-12-04 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-27 11:25 - 2015-12-04 21:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-27 11:25 - 2014-10-12 03:20 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-27 10:50 - 2015-07-15 20:40 - 00000936 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-03-27 10:15 - 2015-03-28 21:11 - 00000000 ____D C:\Users\David\AppData\Local\Adobe
2016-03-27 10:15 - 2014-10-14 18:38 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CD37F2D2-3CD1-4606-86FB-29B92DEFC551}
2016-03-27 01:57 - 2014-10-12 08:46 - 00000000 ____D C:\Users\David\AppData\Roaming\uTorrent
2016-03-27 01:57 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf
2016-03-27 01:32 - 2014-10-12 08:48 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-26 15:28 - 2015-12-28 13:23 - 00000000 ____D C:\Users\David\AppData\Local\ftblauncher
2016-03-26 15:28 - 2015-12-28 13:23 - 00000000 ____D C:\ftb
2016-03-26 14:55 - 2014-10-14 23:51 - 02654208 ___SH C:\Users\David\Desktop\Thumbs.db
2016-03-26 14:49 - 2014-10-12 07:25 - 00000000 ____D C:\Users\David\AppData\Roaming\vlc
2016-03-26 14:10 - 2015-11-21 11:53 - 00000000 ____D C:\Users\David\AppData\Roaming\TeamViewer
2016-03-26 14:10 - 2015-11-21 11:20 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-03-26 14:10 - 2014-10-12 11:58 - 00000000 ____D C:\Users\David\AppData\Roaming\DAEMON Tools Lite
2016-03-26 14:09 - 2015-10-08 18:12 - 00000000 ____D C:\Windows\Minidump
2016-03-26 14:09 - 2014-10-12 04:11 - 00000000 ____D C:\Windows\Panther
2016-03-26 14:09 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\ModemLogs
2016-03-26 14:05 - 2015-06-12 17:14 - 00000000 ____D C:\Users\Angelo
2016-03-26 10:08 - 2014-03-18 06:03 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-25 21:13 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2016-03-25 19:35 - 2014-10-22 20:24 - 00000898 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2016-03-25 19:34 - 2015-07-28 21:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-25 15:12 - 2015-04-04 18:19 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-25 15:12 - 2015-04-04 18:19 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-25 15:12 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2016-03-25 03:19 - 2014-10-15 13:39 - 00000000 ____D C:\Users\David\AppData\Roaming\.minecraft
2016-03-24 10:33 - 2016-01-19 10:50 - 00003360 _____ C:\Windows\System32\Tasks\Avira System Speedup Tray
2016-03-24 10:33 - 2016-01-19 10:50 - 00001181 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2016-03-24 10:33 - 2014-10-12 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-03-24 10:33 - 2014-10-12 11:53 - 00000000 ____D C:\Program Files (x86)\Avira
2016-03-23 12:12 - 2014-10-12 03:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-23 11:34 - 2015-01-02 19:40 - 00000000 ____D C:\Users\David\Desktop\New folder
2016-03-17 22:29 - 2015-07-15 20:40 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-03-17 21:19 - 2014-10-12 03:14 - 00000000 ____D C:\Users\David
2016-03-14 11:33 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2016-03-14 10:49 - 2013-08-22 10:44 - 05029536 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-14 03:14 - 2014-12-10 21:27 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-13 10:11 - 2014-10-12 12:47 - 00000000 ____D C:\Windows\system32\MRT
2016-03-13 10:08 - 2014-10-12 12:47 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-12 10:43 - 2014-10-12 11:54 - 00137952 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-03-12 10:43 - 2014-10-12 11:54 - 00128664 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-03-12 10:43 - 2014-10-12 11:54 - 00068936 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-03-10 14:09 - 2015-12-04 21:11 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-10 14:08 - 2015-12-04 21:11 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-10 14:08 - 2015-12-04 21:11 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-09 21:59 - 2015-05-07 15:40 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-03-09 21:59 - 2015-03-28 21:12 - 00001446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-03-09 11:26 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-09 11:18 - 2015-12-09 10:40 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-09 11:18 - 2015-12-09 10:40 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-09 11:18 - 2015-12-09 10:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-08 03:00 - 2013-08-22 11:38 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-08 03:00 - 2013-08-22 11:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-07 21:02 - 2014-10-13 02:34 - 00000000 ____D C:\Users\David\Documents\My Games
2016-03-02 10:21 - 2014-10-12 03:16 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-29 18:18 - 2014-10-12 03:14 - 00000000 ____D C:\Users\David\AppData\Roaming\Adobe
2016-02-29 18:13 - 2015-03-28 21:14 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-02-29 18:13 - 2015-03-28 21:14 - 00000000 ____D C:\Program Files\Adobe
2016-02-29 18:13 - 2015-03-28 21:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-29 18:13 - 2015-03-28 21:12 - 00000000 ____D C:\Program Files\Common Files\Adobe

==================== Files in the root of some directories =======

2015-05-10 17:44 - 2016-01-29 17:53 - 0000132 _____ () C:\Users\David\AppData\Roaming\Adobe PNG Format CC Prefs
2016-03-19 16:09 - 2016-03-19 16:11 - 0000132 _____ () C:\Users\David\AppData\Roaming\Adobe Targa Format CC Prefs
2016-02-29 18:17 - 2016-03-07 11:07 - 0000034 _____ () C:\Users\David\AppData\Roaming\AdobeWLCMCache.dat
2015-07-25 00:11 - 2015-07-25 00:11 - 0000112 _____ () C:\Users\David\AppData\Roaming\JP2K CS6 Prefs
2015-04-12 22:48 - 2015-04-12 22:48 - 0044818 _____ () C:\Users\David\AppData\Local\4A594BA6_stp.CIS
2015-04-12 22:48 - 2015-04-12 22:56 - 0000289 _____ () C:\Users\David\AppData\Local\4A594BA6_stp.CIS.part
2015-04-12 22:48 - 2015-04-12 22:48 - 0043347 _____ () C:\Users\David\AppData\Local\59ED2468_stp.CIS
2015-04-12 22:48 - 2015-04-12 22:56 - 0000289 _____ () C:\Users\David\AppData\Local\59ED2468_stp.CIS.part
2015-04-12 22:48 - 2015-04-12 22:48 - 0385602 _____ () C:\Users\David\AppData\Local\5D515C96_stp.CIS
2015-04-12 22:48 - 2015-04-12 22:56 - 0000220 _____ () C:\Users\David\AppData\Local\5D515C96_stp.CIS.part
2014-10-12 03:19 - 2014-10-12 03:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Angelo\AppData\Local\Temp\avgnt.exe
C:\Users\David\AppData\Local\Temp\avgnt.exe
C:\Users\David\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-25 20:00

==================== End of FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,977 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:53 AM

Posted 27 March 2016 - 01:35 PM

Looking good. This is just a minor fix.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CustomCLSID: HKU\S-1-5-21-3970613556-3649599641-2596357327-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-3970613556-3649599641-2596357327-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-3970613556-3649599641-2596357327-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
Shortcut: C:\Users\David\Desktop\Start.lnk -> C:\Users\David\Desktop\Server\Start.bat (No File)
HKLM-x32\...\Run: [] => [X]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features applet.

Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java SE Development Kit 7 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle) <- keep if needed for development purposes.
===

Please let me know what problem persists with this computer.

#5 DavidP47

DavidP47
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario, Canada
  • Local time:11:53 AM

Posted 27 March 2016 - 01:58 PM

I ran the fix and everything seems to be in working order.  I updated my version of Java as well.

Thank you for all of the help!  Here is the fixlog from Farbar:

 

=========

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by David (2016-03-27 14:49:58) Run:1
Running from C:\Users\David\Desktop\New folder (5)
Loaded Profiles: David (Available Profiles: David & Angelo)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CustomCLSID: HKU\S-1-5-21-3970613556-3649599641-2596357327-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-3970613556-3649599641-2596357327-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-3970613556-3649599641-2596357327-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
Shortcut: C:\Users\David\Desktop\Start.lnk -> C:\Users\David\Desktop\Server\Start.bat (No File)
HKLM-x32\...\Run: [] => [X]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-3970613556-3649599641-2596357327-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}" => key removed successfully
"HKU\S-1-5-21-3970613556-3649599641-2596357327-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}" => key removed successfully
"HKU\S-1-5-21-3970613556-3649599641-2596357327-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}" => key removed successfully
Shortcut: C:\Users\David\Desktop\Start.lnk -> C:\Users\David\Desktop\Server\Start.bat (No File) => Error: No automatic fix found for this entry.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
MSICDSetup => service removed successfully
NTIOLib_1_0_C => service removed successfully
"C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
EmptyTemp: => 1.5 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 14:50:08 ====



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,977 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:53 AM

Posted 28 March 2016 - 06:50 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,977 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:53 AM

Posted 03 April 2016 - 07:40 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users