Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downloaded a torrent, ended up being a virus


  • Please log in to reply
7 replies to this topic

#1 dirtcobain

dirtcobain

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 12 April 2016 - 03:23 PM

downloaded a virus from tpb the other day. 
been trying to rid of it with anti-malware programs and deleting programs but this pop up 
continues to appear about ever 10 minutes. 
anyone think they can help out and idiot? 
http://imgur.com/5gIMUcG

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum. ~ Animal

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 AM

Posted 12 April 2016 - 08:18 PM

Hello dirtcobain and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
 

In the meantime, do not do any operation, yourself for harmful

=====================================================
Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely  . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 dirtcobain

dirtcobain
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 12 April 2016 - 09:02 PM

Couldn't get the files attached to my reply but i uploaded them.

URLs: 

 

http://www112.zippyshare.com/v/zWuMbfF8/file.html (FRST.txt)

 

http://www112.zippyshare.com/v/V2Ut1MI2/file.html (Addition.txt)

 

Appreciate the help!



#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 AM

Posted 13 April 2016 - 12:21 PM

Your logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016 01
Ran by Tanner (administrator) on TANNERS-PC (12-04-2016 21:45:19)
Running from C:\Users\Tanner\Downloads
Loaded Profiles: Tanner (Available Profiles: Tanner)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Psyonix, Inc) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Thorvald Natvig) C:\Program Files (x86)\Mumble\mumble.exe
(Mikkel Krautz) C:\Program Files (x86)\Mumble\mumble-g15-helper.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-11] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2015-07-01] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13318424 2015-03-12] (Logitech Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-07-01] (Intel Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-11] (Dropbox, Inc.)
HKU\S-1-5-21-4108400595-3291431857-3349966480-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-4108400595-3291431857-3349966480-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-03-01] (Electronic Arts)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224 2010-11-20] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224 2009-07-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024 2009-07-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024 2009-07-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448 2010-11-20] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992 2009-07-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{3DD3CC28-3A9F-464C-9B4C-16BC114B3383}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F7E52A77-9681-477E-90B5-92F63B492B1B}: [DhcpNameServer] 192.168.0.1
ManualProxies:

Internet Explorer:
==================
HKU\S-1-5-21-4108400595-3291431857-3349966480-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www-searching.com/?pid=s&s=g4czftpbl0cshmoak,78ad0b13-9cba-4eb4-af64-0894e6bddf34,&vp=ch&prd=set_ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4108400595-3291431857-3349966480-1000 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www-searching.com/search.aspx?s=g4czftpbl0cshmoak,78ad0b13-9cba-4eb4-af64-0894e6bddf34,&site=shyosie&prd=setgo&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4108400595-3291431857-3349966480-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www-searching.com/search.aspx?s=g4czftpbl0cshmoak,78ad0b13-9cba-4eb4-af64-0894e6bddf34,&site=shyosie&prd=setgo&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4108400595-3291431857-3349966480-1000 -> {AC44C0F8-C006-4319-8924-B7FCBFFD906B} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=g4czftpbl0cshmoak,78ad0b13-9cba-4eb4-af64-0894e6bddf34,
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-03-15] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-15] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-07-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-07-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-12] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=g4czftpbl0cshmoak,78ad0b13-9cba-4eb4-af64-0894e6bddf34,&vp=ch&prd=set_ch
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=g4czftpbl0cshmoak,78ad0b13-9cba-4eb4-af64-0894e6bddf34,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=g4czftpbl0cshmoak,78ad0b13-9cba-4eb4-af64-0894e6bddf34,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-01]
CHR Extension: (Adblock Plus) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\anpiiflemcnpkdanipnpaigdmdmfcafm [2015-07-01]
CHR Extension: (Google Docs) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-01]
CHR Extension: (Google Drive) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Cast) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-23]
CHR Extension: (Adblock Plus) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-15]
CHR Extension: (Google Search) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Realm of the Mad God) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp [2015-07-01]
CHR Extension: (Google Sheets) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-01]
CHR Extension: (Google Docs Offline) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Unlimited Free VPN - Betternet) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2016-01-10]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-03-23]
CHR Extension: (SparkChess 8) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem [2015-12-04]
CHR Extension: (lichess.org) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiefmccciemniajdkgikpnocipidaaeg [2015-08-13]
CHR Extension: (Dragons of Atlantis) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\manlnjcghdempjdpndlcmaaobbighhcf [2015-07-01]
CHR Extension: (Curling) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhalnajmigjnpjpdbpkpgfhekbjmolhp [2016-01-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-11]
CHR Extension: (Gmail) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1314848 2016-01-19] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-06] (Dropbox, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-03-01] (Electronic Arts)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 brsrv; C:\Users\Tanner\AppData\Local\brsrv\brsrv.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2015-07-01] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-12] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-12 21:45 - 2016-04-12 21:45 - 00020187 _____ C:\Users\Tanner\Downloads\FRST.txt
2016-04-12 21:44 - 2016-04-12 21:45 - 00000000 ____D C:\FRST
2016-04-12 21:44 - 2016-04-12 21:44 - 02375168 _____ (Farbar) C:\Users\Tanner\Downloads\FRST64.exe
2016-04-12 20:57 - 2016-04-12 20:57 - 00271872 _____ C:\ProgramData\smp2.exe
2016-04-12 20:57 - 2016-04-12 20:57 - 00004166 _____ C:\Windows\System32\Tasks\SMW_P
2016-04-12 20:57 - 2016-04-12 20:57 - 00003516 _____ C:\Windows\System32\Tasks\IBUpd
2016-04-12 20:57 - 2016-04-12 20:57 - 00003260 _____ C:\Windows\System32\Tasks\IBUpd2
2016-04-12 20:57 - 2016-04-12 20:57 - 00000000 ____D C:\Users\Tanner\AppData\Local\brsrv
2016-04-12 20:57 - 2016-04-12 20:57 - 00000000 ____D C:\Users\Tanner\AppData\Local\BrowserAir
2016-04-12 15:51 - 2016-04-12 15:54 - 00000000 ____D C:\AdwCleaner
2016-04-12 15:51 - 2016-04-12 15:51 - 03465280 _____ C:\Users\Tanner\Downloads\AdwCleaner.exe
2016-04-12 03:48 - 2016-04-12 03:48 - 00001008 _____ C:\Users\Tanner\Documents\hosts.txt
2016-04-12 02:26 - 2016-04-12 21:31 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-12 02:26 - 2016-04-12 20:57 - 00002467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-12 02:26 - 2016-04-12 20:57 - 00002455 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-12 02:26 - 2016-04-12 15:55 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-12 02:26 - 2016-04-12 02:26 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-12 02:26 - 2016-04-12 02:26 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-12 02:21 - 2016-04-12 02:21 - 00000000 ____D C:\Windows\system32\age
2016-04-12 02:19 - 2016-04-12 18:52 - 00000080 _____ C:\Users\Public\Desktop\Need for SpeedT Most Wanted.lnk
2016-04-12 02:09 - 2016-04-12 21:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-12 02:08 - 2016-04-12 18:52 - 00001100 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-12 02:08 - 2016-04-12 02:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-12 02:08 - 2016-04-12 02:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-12 02:08 - 2016-04-12 02:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-12 02:08 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-12 02:08 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-12 02:08 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-12 01:55 - 2016-04-12 01:55 - 00000000 ____D C:\Users\Tanner\AppData\Local\ElevatedDiagnostics
2016-04-12 01:50 - 2016-04-12 01:50 - 00000000 ____D C:\Windows\system32\appmgmt
2016-04-12 00:02 - 2016-04-12 00:02 - 4153452533 _____ C:\Windows\MEMORY.DMP
2016-04-12 00:02 - 2016-04-12 00:02 - 00000000 ____D C:\Windows\Minidump
2016-04-11 23:51 - 2016-04-12 01:46 - 00335686 _____ C:\Windows\ntbtlog.txt
2016-04-11 23:50 - 2016-04-11 23:50 - 00000819 _____ C:\Windows\SysWOW64\soft.exe
2016-04-11 23:47 - 2016-04-11 23:47 - 00000000 _____ C:\Windows\SysWOW64\x64.txt
2016-04-11 23:44 - 2016-04-11 23:58 - 00000000 ____D C:\Program Files\NewExt
2016-04-11 23:43 - 2016-04-11 23:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Corporation
2016-04-11 23:42 - 2016-04-11 23:42 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\MCorp
2016-04-11 23:40 - 2016-04-12 20:57 - 00001643 _____ C:\Users\Tanner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-11 23:40 - 2016-04-12 20:57 - 00001609 _____ C:\Users\Tanner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-04-11 23:37 - 2016-04-11 23:37 - 00000000 ____T C:\Windows\system32\mfs5B53.tmp
2016-04-11 23:37 - 2016-04-11 23:37 - 00000000 ____T C:\Windows\system32\mfs5911.tmp
2016-04-11 23:37 - 2016-04-11 23:37 - 00000000 ____T C:\Windows\system32\mfs31C2.tmp
2016-04-11 23:37 - 2016-04-11 23:37 - 00000000 ____T C:\Windows\system32\mfs2F22.tmp
2016-04-11 23:37 - 2016-04-11 23:37 - 00000000 ____D C:\Users\Tanner\AppData\Local\WINTUNEPRO
2016-04-11 23:36 - 2016-04-12 02:21 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\Fohchcef
2016-04-11 23:36 - 2016-04-12 02:19 - 00000000 ____D C:\Users\Tanner\AppData\LocalLow\Company
2016-04-11 23:36 - 2016-04-11 23:39 - 00000000 ____D C:\Users\Tanner\AppData\Local\app
2016-04-11 23:36 - 2016-04-11 23:36 - 00004054 _____ C:\Windows\System32\Tasks\e02c4bd5-54d5-4470-9ea0-a68d88112c00
2016-04-11 23:36 - 2016-04-11 23:36 - 00003340 _____ C:\Windows\System32\Tasks\Aewakija
2016-04-11 23:36 - 2016-04-11 23:36 - 00000000 ____D C:\Users\Tanner\AppData\Local\Tune_Updater
2016-04-11 23:36 - 2016-04-11 23:36 - 00000000 ____D C:\Users\Tanner\AppData\Local\Tempfolder
2016-04-11 23:36 - 2016-04-11 23:36 - 00000000 ____D C:\uninst
2016-04-11 23:35 - 2016-04-11 23:35 - 00000000 ____T C:\Windows\system32\mfsF63D.tmp
2016-04-11 23:35 - 2016-04-11 23:35 - 00000000 ____T C:\Windows\system32\mfsE6DE.tmp
2016-04-11 23:35 - 2016-04-11 23:35 - 00000000 ____T C:\Windows\system32\mfsCA45.tmp
2016-04-11 23:35 - 2016-04-11 23:35 - 00000000 ____T C:\Windows\system32\mfsBE87.tmp
2016-04-11 23:35 - 2016-04-11 23:35 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\Tune_Updater
2016-04-11 23:35 - 2016-04-11 23:35 - 00000000 ____D C:\ProgramData\19a87fa1ec024bbcbb41931263354405
2016-04-11 23:34 - 2016-04-11 23:34 - 06504960 _____ C:\Users\Tanner\AppData\Roaming\agent.dat
2016-04-11 23:34 - 2016-04-11 23:34 - 01626416 _____ C:\Users\Tanner\AppData\Roaming\Ranzuntom.tst
2016-04-11 23:34 - 2016-04-11 23:34 - 00072699 _____ C:\Users\Tanner\AppData\Roaming\Dentoing.tst
2016-04-11 23:34 - 2016-04-11 23:34 - 00018432 _____ C:\Users\Tanner\AppData\Roaming\Main.dat
2016-04-11 23:34 - 2016-04-11 23:34 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\Mozilla
2016-04-11 23:34 - 2016-04-11 23:32 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-04-11 23:33 - 2016-04-11 23:33 - 00127488 _____ C:\Users\Tanner\AppData\Roaming\Installer.dat
2016-04-11 23:33 - 2016-04-11 23:33 - 00000000 ____D C:\Users\Tanner\AppData\Local\tuto_monetize_120160411
2016-04-11 23:31 - 2016-04-11 23:36 - 00000000 ____D C:\Windows\system32\SSL
2016-04-11 23:18 - 2016-04-11 23:36 - 00000000 ____D C:\Users\Tanner\Downloads\Kung Fu Panda 3 2015 720p BrRip x264 - REWARD
2016-04-11 11:21 - 2016-04-11 11:21 - 00590848 _____ C:\Windows\system32\bi.exe
2016-04-10 17:36 - 2016-04-10 17:36 - 01291549 _____ C:\Users\Tanner\Downloads\Lecture 7.pptx
2016-04-10 17:35 - 2016-04-10 17:36 - 21823068 _____ C:\Users\Tanner\Downloads\Lecture 10.pptx
2016-04-10 17:35 - 2016-04-10 17:35 - 01906669 _____ C:\Users\Tanner\Downloads\Lecture 8.pptx
2016-04-10 17:35 - 2016-04-10 17:35 - 00290840 _____ C:\Users\Tanner\Downloads\Lecture 9b.pptx
2016-04-09 18:13 - 2016-04-09 18:14 - 00000000 ____D C:\Users\Tanner\Downloads\2020.US.2015.09.25.The.OJ.Simpson.Tapes.(Eng.Subs).SDTV.x264-[2Maverick]
2016-04-09 18:13 - 2016-04-09 18:13 - 00015991 _____ C:\Users\Tanner\Downloads\[kat.cr]2020.us.2015.09.25.the.oj.simpson.tapes.eng.subs.sdtv.x264.2maverick (1).torrent
2016-04-09 18:12 - 2016-04-09 18:12 - 00015991 _____ C:\Users\Tanner\Downloads\[kat.cr]2020.us.2015.09.25.the.oj.simpson.tapes.eng.subs.sdtv.x264.2maverick.torrent
2016-04-08 23:16 - 2016-04-08 23:16 - 00000000 ____D C:\Users\Tanner\AppData\LocalLow\uTorrent
2016-04-06 21:22 - 2016-04-06 21:22 - 04368305 _____ C:\Users\Tanner\Downloads\903-1697-1-SM.pdf
2016-04-06 20:37 - 2016-04-06 20:37 - 00691096 _____ (Dropbox, Inc.) C:\Users\Tanner\Downloads\DropboxInstaller (1).exe
2016-04-06 20:36 - 2016-04-12 18:52 - 00001230 _____ C:\Users\Tanner\Desktop\Dropbox.lnk
2016-04-06 20:36 - 2016-04-12 16:17 - 00000000 ___RD C:\Users\Tanner\Dropbox
2016-04-06 20:35 - 2016-04-06 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-06 20:34 - 2016-04-06 20:34 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\Dropbox
2016-04-06 20:33 - 2016-04-12 21:38 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-04-06 20:33 - 2016-04-12 20:38 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-04-06 20:33 - 2016-04-12 15:56 - 00000000 ____D C:\Users\Tanner\AppData\Local\Dropbox
2016-04-06 20:33 - 2016-04-06 20:35 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-04-06 20:33 - 2016-04-06 20:33 - 00691096 _____ (Dropbox, Inc.) C:\Users\Tanner\Downloads\DropboxInstaller.exe
2016-04-06 20:33 - 2016-04-06 20:33 - 00003904 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-04-06 20:33 - 2016-04-06 20:33 - 00003652 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-04-06 20:33 - 2016-04-06 20:33 - 00000000 ____D C:\ProgramData\Dropbox
2016-03-27 18:23 - 2016-03-27 18:23 - 00222208 _____ C:\Users\Tanner\Downloads\sample poster.ppt
2016-03-27 18:22 - 2016-03-27 18:22 - 04199936 _____ C:\Users\Tanner\Downloads\slides this week2.ppt
2016-03-25 23:13 - 2016-03-25 23:13 - 00000000 ____D C:\Users\Tanner\Documents\Electronic Arts
2016-03-25 23:12 - 2016-03-25 23:12 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-03-25 21:19 - 2016-03-25 21:42 - 00000000 ____D C:\Users\Tanner\Downloads\The Sims 4 [FitGirl Repack]
2016-03-21 15:09 - 2016-03-21 15:09 - 00006736 _____ C:\Users\Tanner\Downloads\Malaa - live at Ultra Music Festival 2016 (Miami) - 19-mar-2016.mp3.torrent
2016-03-21 15:03 - 2016-03-21 15:03 - 00026389 _____ C:\Users\Tanner\Downloads\killer.pdf
2016-03-21 15:03 - 2016-03-21 15:03 - 00026389 _____ C:\Users\Tanner\Downloads\killer (1).pdf
2016-03-19 18:23 - 2016-03-19 18:23 - 10701215 _____ C:\Users\Tanner\Downloads\Post-Malone-White-Iverson-Malaa-Remix.mp3.zip
2016-03-19 12:16 - 2016-03-19 12:16 - 00000000 ____D C:\Users\Tanner\Documents\LucasArts
2016-03-19 12:16 - 2016-03-19 12:16 - 00000000 ____D C:\Users\Tanner\AppData\Local\LucasArts
2016-03-17 23:51 - 2016-03-17 23:51 - 00000221 _____ C:\Users\Tanner\Desktop\Star Wars The Force Unleashed II.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-12 21:26 - 2015-07-01 18:18 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\Mumble
2016-04-12 21:02 - 2015-07-01 03:48 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-12 19:47 - 2009-07-14 01:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-12 19:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-12 18:52 - 2016-03-08 00:59 - 00001979 _____ C:\Users\Public\Desktop\NaturalReader Free.lnk
2016-04-12 18:52 - 2015-10-18 01:51 - 00001004 _____ C:\Users\Tanner\Desktop\NBA 2K16.lnk
2016-04-12 18:52 - 2015-10-14 23:15 - 00000788 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NBA 2K15.lnk
2016-04-12 18:52 - 2015-10-13 18:49 - 00000850 _____ C:\Users\Public\Desktop\PowerISO.lnk
2016-04-12 18:52 - 2015-09-25 01:05 - 00000355 _____ C:\Users\Tanner\Desktop\Computer - Shortcut.lnk
2016-04-12 18:52 - 2015-09-25 01:03 - 00001086 _____ C:\Users\Tanner\Desktop\Documents - Shortcut.lnk
2016-04-12 18:52 - 2015-09-25 01:02 - 00002383 _____ C:\Users\Tanner\Desktop\Word 2013.lnk
2016-04-12 18:52 - 2015-09-25 01:02 - 00001333 _____ C:\Users\Tanner\Desktop\Sticky Notes.lnk
2016-04-12 18:52 - 2015-08-03 01:07 - 00001064 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-04-12 18:52 - 2015-07-03 21:14 - 00002620 _____ C:\Users\Tanner\Desktop\µTorrent.lnk
2016-04-12 18:52 - 2015-07-01 18:17 - 00001014 _____ C:\Users\Tanner\Desktop\Mumble.lnk
2016-04-12 18:52 - 2015-07-01 17:48 - 00002163 _____ C:\Users\Tanner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-04-12 18:52 - 2015-07-01 15:20 - 00001090 _____ C:\Users\Tanner\Desktop\MSI Afterburner.lnk
2016-04-12 18:52 - 2015-07-01 15:13 - 00001375 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-04-12 18:52 - 2015-07-01 14:56 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-04-12 18:52 - 2015-07-01 14:56 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-04-12 18:52 - 2015-07-01 03:48 - 00000961 _____ C:\Users\Public\Desktop\Steam.lnk
2016-04-12 18:52 - 2009-07-14 01:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-04-12 18:52 - 2009-07-14 00:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-04-12 18:52 - 2009-07-14 00:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-04-12 18:52 - 2009-07-14 00:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-04-12 18:52 - 2009-07-14 00:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-04-12 16:20 - 2015-12-10 21:31 - 00000000 ____D C:\Users\Tanner\Documents\sportspsyc
2016-04-12 16:02 - 2009-07-14 00:45 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-12 16:02 - 2009-07-14 00:45 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-12 15:55 - 2015-07-01 15:13 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-12 15:55 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-12 02:26 - 2015-07-01 15:48 - 00000000 ____D C:\Users\Tanner\AppData\Local\Deployment
2016-04-12 02:26 - 2015-07-01 15:48 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-12 02:21 - 2009-07-14 00:45 - 00000000 ____D C:\Windows\Setup
2016-04-12 02:19 - 2016-01-22 03:28 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-04-12 02:19 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-04-11 23:36 - 2015-08-03 01:07 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\vlc
2016-04-11 23:36 - 2015-07-03 21:14 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\uTorrent
2016-04-08 23:18 - 2015-09-02 20:58 - 00000000 ____D C:\Users\Tanner\AppData\LocalLow\Temp
2016-04-06 20:36 - 2015-07-01 14:57 - 00000000 ____D C:\Users\Tanner\AppData\Local\VirtualStore
2016-04-06 20:36 - 2015-07-01 14:57 - 00000000 ____D C:\Users\Tanner
2016-03-25 23:02 - 2015-07-01 14:39 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-23 23:21 - 2015-10-11 14:15 - 00000000 ____D C:\ProgramData\Origin
2016-03-23 22:33 - 2009-07-14 00:45 - 00436184 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-21 15:12 - 2015-07-03 21:38 - 00000000 ____D C:\Users\Tanner\Desktop\jamz
2016-03-17 23:51 - 2015-07-01 03:54 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-03-15 05:35 - 2015-07-01 17:40 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-15 05:34 - 2015-07-01 17:27 - 00000000 ____D C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories =======

2016-04-11 23:34 - 2016-04-11 23:34 - 6504960 _____ () C:\Users\Tanner\AppData\Roaming\agent.dat
2016-04-11 23:34 - 2016-04-11 23:34 - 0072699 _____ () C:\Users\Tanner\AppData\Roaming\Dentoing.tst
2016-04-11 23:33 - 2016-04-11 23:33 - 0127488 _____ () C:\Users\Tanner\AppData\Roaming\Installer.dat
2016-04-11 23:34 - 2016-04-11 23:34 - 0018432 _____ () C:\Users\Tanner\AppData\Roaming\Main.dat
2016-04-11 23:34 - 2016-04-11 23:34 - 1626416 _____ () C:\Users\Tanner\AppData\Roaming\Ranzuntom.tst
2015-07-01 15:17 - 2015-07-01 15:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-04-11 23:48 - 2016-04-12 00:04 - 0000000 _____ () C:\ProgramData\mitmtest-service.log
2016-04-12 20:57 - 2016-04-12 20:57 - 0271872 _____ () C:\ProgramData\smp2.exe

Files to move or delete:
====================
C:\ProgramData\smp2.exe


Some files in TEMP:
====================
C:\Users\Tanner\AppData\Local\Temp\23333.exe
C:\Users\Tanner\AppData\Local\Temp\acc.exe
C:\Users\Tanner\AppData\Local\Temp\ADCC0TB22Q.exe
C:\Users\Tanner\AppData\Local\Temp\CodecFixDivx.exe
C:\Users\Tanner\AppData\Local\Temp\DefaultPack.EXE
C:\Users\Tanner\AppData\Local\Temp\dxdiag.exe
C:\Users\Tanner\AppData\Local\Temp\GDCFMV5JTW.exe
C:\Users\Tanner\AppData\Local\Temp\H8HLQ6RMME.exe
C:\Users\Tanner\AppData\Local\Temp\libeay32.dll
C:\Users\Tanner\AppData\Local\Temp\msvcr120.dll
C:\Users\Tanner\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Tanner\AppData\Local\Temp\nvStInst.exe
C:\Users\Tanner\AppData\Local\Temp\sqlite3.dll
C:\Users\Tanner\AppData\Local\Temp\tu17p84.exe
C:\Users\Tanner\AppData\Local\Temp\vcredist_2013_x86.exe
C:\Users\Tanner\AppData\Local\Temp\VM0YW73WYD.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-08 15:00

==================== End of FRST.txt ============================

 

00000000000000000000000000000000000000000000000000000000000000000000000000000000000

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-04-2016 01
Ran by Tanner (2016-04-12 21:45:40)
Running from C:\Users\Tanner\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2015-07-01 18:57:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4108400595-3291431857-3349966480-500 - Administrator - Disabled)
Guest (S-1-5-21-4108400595-3291431857-3349966480-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4108400595-3291431857-3349966480-1002 - Limited - Enabled)
Tanner (S-1-5-21-4108400595-3291431857-3349966480-1000 - Administrator - Enabled) => C:\Users\Tanner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4108400595-3291431857-3349966480-1000\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
Batman™: Arkham Knight (HKLM-x32\...\Steam App 208650) (Version:  - Rocksteady Studios)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Depth (HKLM-x32\...\Steam App 274940) (Version:  - Digital Confectioners)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.35.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Daybreak Games)
H1Z1: King of the Kill (HKLM-x32\...\Steam App 433850) (Version:  - Daybreak Game Company)
Intel® Network Connections 18.8.136.0 (HKLM\...\PROSetDX) (Version: 18.8.136.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.4.65 - Intel Corporation)
Kodi (HKU\S-1-5-21-4108400595-3291431857-3349966480-1000\...\Kodi) (Version:  - XBMC-Foundation)
Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.183 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4108400595-3291431857-3349966480-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD)
Mumble 1.2.9 (HKLM-x32\...\{49FF1E6E-E0F9-4CB3-8B3C-D4E8E1D32C1F}) (Version: 1.2.9 - Thorvald Natvig)
NaturalReader 14 Free (HKLM-x32\...\{773ED0E5-538E-4E86-8E00-719630613290}) (Version: 1.00.0000 - Naturalsoft)
NBA 2K15 (HKLM-x32\...\TkJBMksxNQ==_is1) (Version: 1 - )
NBA 2K16 (HKLM-x32\...\NBA 2K16_is1) (Version:  - )
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.50 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.3 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7256 - Realtek Semiconductor Corp.)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
RollerCoaster Tycoon: Deluxe (HKLM-x32\...\Steam App 285310) (Version:  - Chris Sawyer Productions)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Shadow Warrior (HKLM-x32\...\Steam App 233130) (Version:  - Flying Wild Hog)
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Star Wars: The Force Unleashed II (HKLM\...\Steam App 32500) (Version:  - Aspyr Studios)
STAR WARS™ Battlefront™ Beta (HKLM-x32\...\{8A863B64-C9BE-4203-9ED7-92981CF690D3}) (Version: 1.0.3.51560 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wolfenstein: The New Order (HKLM-x32\...\Steam App 201810) (Version:  - Machine Games)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {28CF26D4-3364-498B-9887-D214FF0A93D5} - System32\Tasks\e02c4bd5-54d5-4470-9ea0-a68d88112c00 => C:\Users\Tanner\AppData\Roaming\Tune_Updater\Tune_Updater.exe [2016-04-11] () <==== ATTENTION
Task: {28DB9E12-AE25-42CB-BB7D-D8A039691ECB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-31] (Microsoft Corporation)
Task: {3832BBCA-F21B-4C75-8588-D9E49BD76DA1} - System32\Tasks\Aewakija => C:\PROGRA~1\PAASOR~1\Xaegbo.bat
Task: {48F6B0A6-66E2-4798-8E6B-ACAD5BF1B629} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2016-04-12] () <==== ATTENTION
Task: {57326C00-D787-4490-BE3D-22AE08126F60} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-31] (Microsoft Corporation)
Task: {7CF0B7CB-E2DF-4BC6-A0BF-E58021431829} - \{7F057E47-0F0B-0E7D-0C11-7A780C0E110F} -> No File <==== ATTENTION
Task: {8CAAF505-0AE2-4C85-A16C-084A3F415119} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-15] (Microsoft Corporation)
Task: {95FEE526-544A-49AE-82C5-ACA0D60C1716} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-12] (Google Inc.)
Task: {A97EC4C4-CE6C-4258-B8E1-ECD128371302} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-06] (Dropbox, Inc.)
Task: {B5A18260-8E7B-45EB-82E5-742C1B842C1C} - System32\Tasks\IBUpd2 => C:\Users\Tanner\AppData\Local\BrowserAir\47.0.0.5\updater.exe <==== ATTENTION
Task: {B820E3F0-D5B2-4076-942C-C8E3688BE777} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {F3324888-D64D-4BC3-BDC1-CADD07979026} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-12] (Google Inc.)
Task: {F4676F60-4D17-473C-8DF4-CBD78DA1692F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {FED57CE6-067A-4712-B050-50CEF365CC07} - System32\Tasks\IBUpd => C:\Users\Tanner\AppData\Local\BrowserAir\47.0.0.5\updater.exe <==== ATTENTION
Task: {FF34A352-7126-467B-A34E-A91AE8B580B5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-06] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Tanner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=g4czftpbl0cshmoak,78ad0b13-9cba-4eb4-af64-0894e6bddf34,
ShortcutWithArgument: C:\Users\Tanner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=g4czftpbl0cshmoak,78ad0b13-9cba-4eb4-af64-0894e6bddf34,
ShortcutWithArgument: C:\Users\Tanner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=g4czftpbl0cshmoak,78ad0b13-9cba-4eb4-af64-0894e6bddf34,
ShortcutWithArgument: C:\Users\Tanner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=g4czftpbl0cshmoak,78ad0b13-9cba-4eb4-af64-0894e6bddf34,
ShortcutWithArgument: C:\Users\Tanner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=g4czftpbl0cshmoak,78ad0b13-9cba-4eb4-af64-0894e6bddf34,
ShortcutWithArgument: C:\Users\Tanner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=g4czftpbl0cshmoak,78ad0b13-9cba-4eb4-af64-0894e6bddf34,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=g4czftpbl0cshmoak,78ad0b13-9cba-4eb4-af64-0894e6bddf34,
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=g4czftpbl0cshmoak,78ad0b13-9cba-4eb4-af64-0894e6bddf34,

==================== Loaded Modules (Whitelisted) ==============

2015-07-01 15:12 - 2015-10-02 22:49 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-07-01 17:27 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-09-18 03:23 - 2014-09-18 03:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-03-12 14:23 - 2015-03-12 14:23 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 03:23 - 2014-09-18 03:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-03-12 14:23 - 2015-03-12 14:23 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-07-03 15:52 - 2015-10-11 23:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-07-01 03:50 - 2016-03-10 20:56 - 00783360 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-07-01 03:50 - 2015-07-03 12:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-07-01 03:50 - 2015-07-03 12:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-07-01 03:50 - 2015-07-03 12:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-07-01 03:50 - 2016-03-31 16:55 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll
2015-07-01 03:50 - 2016-02-08 19:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-07-01 03:50 - 2016-02-08 19:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-07-01 03:50 - 2016-02-08 19:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-07-01 03:50 - 2016-02-08 19:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-07-01 03:50 - 2016-02-08 19:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-07-01 03:50 - 2016-03-31 16:55 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 00:44 - 2016-02-17 18:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2015-07-01 03:50 - 2016-02-08 21:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-04-06 20:35 - 2016-02-23 14:19 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-04-06 20:35 - 2016-02-23 14:20 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-04-06 20:35 - 2016-02-23 14:19 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-04-06 20:35 - 2016-02-23 14:19 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-04-06 20:35 - 2016-02-23 14:19 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-04-06 20:35 - 2016-02-23 14:21 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-04-06 20:35 - 2016-02-23 14:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-04-06 20:35 - 2016-03-11 20:18 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-04-06 20:35 - 2016-02-23 14:19 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-04-06 20:35 - 2016-02-23 14:20 - 00112592 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-04-06 20:35 - 2016-02-23 14:21 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-04-06 20:35 - 2016-02-23 14:21 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-04-06 20:35 - 2016-02-23 14:21 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-04-06 20:35 - 2016-02-23 14:21 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-04-06 20:35 - 2016-02-23 14:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-04-06 20:35 - 2016-02-23 14:21 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-04-06 20:35 - 2016-02-23 14:21 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-04-06 20:35 - 2016-02-23 14:21 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-04-06 20:35 - 2016-02-23 14:21 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-04-06 20:35 - 2016-02-23 14:21 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-04-06 20:35 - 2016-02-23 14:21 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-04-06 20:35 - 2016-02-23 14:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-04-06 20:35 - 2016-02-23 14:21 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-04-06 20:35 - 2016-03-11 20:18 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-04-06 20:35 - 2016-02-23 14:19 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-04-06 20:35 - 2016-02-23 14:19 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-04-06 20:35 - 2016-02-23 14:20 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-04-06 20:35 - 2016-02-23 14:21 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-04-06 20:35 - 2016-03-11 20:18 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-04-06 20:35 - 2016-02-23 14:20 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00158008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-04-06 20:35 - 2016-02-23 14:23 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-04-06 20:35 - 2016-02-23 14:23 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-04-06 20:35 - 2016-03-11 20:18 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-04-06 20:35 - 2016-03-11 20:18 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-04-06 20:35 - 2016-02-23 14:25 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-04-06 20:35 - 2016-02-23 14:21 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2015-10-31 01:53 - 2015-09-01 08:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-07-01 03:50 - 2015-09-24 19:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-04-12 02:26 - 2016-04-06 06:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll
2016-04-12 02:26 - 2016-04-06 06:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll
2015-07-01 03:50 - 2016-03-31 16:55 - 00373840 _____ () C:\Program Files (x86)\Steam\steam.dll
2015-06-11 22:29 - 2015-06-11 22:29 - 00229184 _____ () C:\Program Files (x86)\Mumble\opus.dll
2015-06-11 22:36 - 2015-06-11 22:36 - 03365696 _____ () C:\Program Files (x86)\Mumble\libsndfile-1.dll
2015-06-11 22:34 - 2015-06-11 22:34 - 04450624 _____ () C:\Program Files (x86)\Mumble\libmysql.dll
2015-06-11 22:29 - 2015-06-11 22:29 - 00177472 _____ () C:\Program Files (x86)\Mumble\speex.dll
2015-06-11 22:29 - 2015-06-11 22:29 - 00082752 _____ () C:\Program Files (x86)\Mumble\celt0.0.7.0.sse2.dll
2015-06-11 22:29 - 2015-06-11 22:29 - 00098624 _____ () C:\Program Files (x86)\Mumble\celt0.0.11.0.sse2.dll
2015-06-11 22:28 - 2015-06-11 22:28 - 00143680 _____ () C:\Program Files (x86)\Mumble\mumble_ol.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00047416 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\aoc.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00031032 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\arma2.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00031032 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\bf1942.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00049464 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\bf2.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00032568 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\bf2142.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00049464 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\bf3.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00031032 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\bfbc2.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00031032 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\bfheroes.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00032568 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\blacklight.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00034104 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\borderlands.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00032568 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\borderlands2.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00031032 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\breach.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00031032 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\cod2.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00033080 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\cod4.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00031032 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\cod5.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00031032 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\codmw2.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00031032 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\codmw2so.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00032568 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\cs.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00047928 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\dys.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00033080 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\etqw.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00047928 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\gmod.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00031544 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\gtaiv.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00033080 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\gw.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00047928 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\insurgency.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00031032 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\jc2.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00033080 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\l4d.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00042296 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\l4d2.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00029496 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\link.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00033080 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\lol.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00033080 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\lotro.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00081720 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\manual.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00033592 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\sto.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00031032 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\ut2004.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00031032 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\ut3.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00042808 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\ut99.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00035128 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\wolfet.dll
2015-07-13 10:44 - 2016-03-14 01:25 - 00042296 _____ () C:\Users\Tanner\AppData\Roaming\Mumble\Plugins\wow.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4108400595-3291431857-3349966480-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-4108400595-3291431857-3349966480-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-4108400595-3291431857-3349966480-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-4108400595-3291431857-3349966480-1000\...\sony.com -> sony.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-04-12 03:53 - 00001008 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4108400595-3291431857-3349966480-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tanner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: mpck_en_005030294 =>
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: sun21 =>
MSCONFIG\startupreg: WINCOMNV7 => "C:\Program Files (x86)\browseextension\wincom_NV7.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{ACF65A8E-FCC1-4C35-BDB6-5FD4F5F7F7C5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{88148CA8-75B7-4BF9-AAB7-BB03B7C71E82}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D93B9B74-65F3-4F5C-BFE8-1C6651A32F4A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5F55E799-FA04-422F-9C41-2255F64777ED}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{60B57BA4-BE4A-4E57-BBBB-01545C0BE89F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{11CEE8F7-7813-4267-B28E-E6D612B388A0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E08E4DEA-6835-41BE-BB64-F4D440081606}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{22F54219-F31D-417F-9D41-138BCAF9B3EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4F2DE8CF-B83F-4091-9757-2640902DC1D4}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{0E7D49BE-58C1-460C-874C-93614DC22467}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{61EF18FD-BC9F-4B3E-8FF0-4BA52CC074DD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C93E42E9-802A-4C80-B1F6-B7C36CDDE94A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7586A83D-DCF0-48CC-81C4-322B6912043E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EEC6F927-4250-49CF-9B7A-287D5D10236D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D32977A1-C977-4CAA-82F7-65EF25CA2267}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{6AF055A8-EC2F-4C0F-84C9-36AB80F64D81}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{CE5EFD4A-CE98-4A98-9FC3-5B06FA3ED102}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{A91D1676-708B-4953-BD4B-A7D14668C547}] => (Allow) C:\Users\Tanner\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{76121EF3-D923-4BCA-A88E-2EF66EB2759E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{3E29CC89-3DAD-4B9D-8F2E-12961DEB7231}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [TCP Query User{62E22153-0585-409F-8335-9B753B1F9AE4}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{46AA9AB0-1FC4-485A-B531-E8F33CE22EF9}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{295C030B-3AD9-4F2A-8AE7-44025D7BE9FB}] => (Allow) C:\Users\Tanner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C58B285B-0087-4F4B-8B9A-47F74EAF3C21}] => (Allow) C:\Users\Tanner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6900FD5F-349D-44A8-B3C3-9CCA0A1CDF23}] => (Allow) C:\Users\Tanner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2B5D4274-3A3F-4469-B35C-45C66CF4BD14}] => (Allow) C:\Users\Tanner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{429315C0-F6CD-450A-B268-77D34442041C}] => (Allow) C:\Users\Tanner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B6511717-CFBD-496E-A4A9-C39B3F6E85E8}] => (Allow) C:\Users\Tanner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7EBD467C-5CAA-40AF-A968-76E5BA7D224A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{AC21FBC6-1CAB-418D-86AF-3383AAAA6F03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{980FC3DF-A6AB-4396-A757-C64F12597D15}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B8E249A4-89A1-4639-9A8A-8032EB232BB1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5A36B1CB-DADE-4878-8674-8CCD2DCE1502}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{97CA97B5-E0BB-42A6-831C-E77FFB4CFE3D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AF01A79A-1B8B-47CE-9139-9A38EDCCCD3B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E967AC83-F025-481E-8A14-981ABF8EDAE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{EC7156E0-8B49-4DFC-86A6-1FBA82B0368F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [TCP Query User{B5E6B812-35C5-48C8-B94E-F6266491ECF0}C:\program files (x86)\steam\steamapps\downloading\730\csgo.exe] => (Block) C:\program files (x86)\steam\steamapps\downloading\730\csgo.exe
FirewallRules: [UDP Query User{5ABD75B0-83B8-4483-9890-74AB96C18387}C:\program files (x86)\steam\steamapps\downloading\730\csgo.exe] => (Block) C:\program files (x86)\steam\steamapps\downloading\730\csgo.exe
FirewallRules: [{8144F499-4C2E-451B-9ADA-C1BF15FB7F8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{A77B1B61-BEB1-46C4-8EF9-D48DDD531796}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{02D62260-03A1-48C7-9A05-1F59F7229C38}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{D4A16F18-8400-47F3-99B1-1092F369F551}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [TCP Query User{883E8F32-9C31-4D2A-9E0F-377057DBB4E7}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{27A71D68-1ED1-43D2-A61C-66A4AAD4127C}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{A431C57C-6C22-4663-A7EA-2C2ACBCB0042}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham Knight\Binaries\Win64\BatmanAK.exe
FirewallRules: [{1DE375CC-6EC1-44D3-9BF9-C629622321B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham Knight\Binaries\Win64\BatmanAK.exe
FirewallRules: [{D7AC4681-B6CD-42AB-8030-EEC73AC856DE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{654F8D00-665D-40F4-BBCF-5EA6A911D20A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{23FBCF4A-67C7-4FE4-90D5-31D435120181}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{48D7ADEB-FCBA-4BB7-822C-F5DCDC60DD28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{A6E68EBC-C4C9-440F-BCD4-882EDEAC18F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\sw.exe
FirewallRules: [{9833E03E-1080-4CA3-8B75-CDE8BA80B3D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\sw.exe
FirewallRules: [{7347770E-3A4C-453B-AA1E-3F5E62D561EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
FirewallRules: [{6F5BF1A0-3912-4BB0-966F-FC04A7A27BED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
FirewallRules: [TCP Query User{A8BA0697-5518-4872-A596-07AF4C77364A}C:\users\tanner\appdata\roaming\utorrent\updates\3.4.5_41372.exe] => (Allow) C:\users\tanner\appdata\roaming\utorrent\updates\3.4.5_41372.exe
FirewallRules: [UDP Query User{5A9743B5-9D3C-4D20-A20F-B255405CFD2D}C:\users\tanner\appdata\roaming\utorrent\updates\3.4.5_41372.exe] => (Allow) C:\users\tanner\appdata\roaming\utorrent\updates\3.4.5_41372.exe
FirewallRules: [{BA894104-6171-4437-9C9A-63B696E8C3F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RollerCoaster Tycoon Deluxe\RCT.EXE
FirewallRules: [{7ED0DBB0-52D4-4DF7-AE17-F4675647244A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RollerCoaster Tycoon Deluxe\RCT.EXE
FirewallRules: [{6B59A7CA-5F9E-4D99-AEC0-A088A28E529E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{929163B2-B5DB-46A6-A743-B3D5253D75EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [TCP Query User{00CB2A5A-A057-4A98-9D9D-60E2768E6A35}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{3E740D9F-47FF-4FF3-83F4-B1360DFE84AD}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [{EFAAD1B1-5B45-4E34-AACA-D3029C98B16F}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed™ Most Wanted\NFS13.exe
FirewallRules: [{B67FC168-71CB-499A-AF96-EF250B99730A}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed™ Most Wanted\NFS13.exe
FirewallRules: [{130CB3EE-F003-4068-AC36-ADC7D902B906}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{FC7A363B-E910-4143-81A2-6772B0B5B152}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{45AA9FA5-CF40-4E7D-B2FA-588D76E12DF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars The Force Unleashed 2\SWTFU2.exe
FirewallRules: [{E30406C1-C62D-4713-8979-02A8A0E4F665}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars The Force Unleashed 2\SWTFU2.exe
FirewallRules: [{99976070-04FD-43EC-8105-4ECB3A2E5075}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{4EA25404-F4DD-4ECC-BDF3-F0427ABE9D98}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{78E8895D-3BC0-4E4C-A14E-5DB04FEDD6B5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Standard VGA Graphics Adapter
Description: Standard VGA Graphics Adapter
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard display types)
Service: vga
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/12/2016 03:57:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2016 03:16:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2016 05:24:23 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/12/2016 04:15:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2016 02:38:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2016 02:26:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2016 02:25:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister   26 Tanners-PC._arxcontrol._tcp.local. SRV 0 0 4160 Tanners-PC-2.local.

Error: (04/12/2016 02:25:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.16:5353   24 Tanners-PC._arxcontrol._tcp.local. SRV 0 0 4160 Tanners-PC.local.

Error: (04/12/2016 02:25:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   26 Tanners-PC._arxcontrol._tcp.local. SRV 0 0 4160 Tanners-PC-2.local.

Error: (04/12/2016 02:25:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.16:5353   24 Tanners-PC._arxcontrol._tcp.local. SRV 0 0 4160 Tanners-PC.local.


System errors:
=============
Error: (04/12/2016 08:57:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The brsrv service failed to start due to the following error:
%%1053

Error: (04/12/2016 08:57:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the brsrv service to connect.

Error: (04/12/2016 03:54:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet Monitoring Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/12/2016 03:54:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/12/2016 03:54:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/12/2016 03:54:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/12/2016 03:54:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/12/2016 03:54:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Network Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/12/2016 03:54:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/12/2016 03:54:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2016-04-12 02:15:04.043
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SPPD.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-12 02:15:04.028
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SPPD.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-12 02:15:04.028
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SPPD.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-12 02:15:04.012
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SPPD.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-12 01:48:40.230
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Soobzo\GDUpdate\smw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-12 01:48:40.114
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Soobzo\GDUpdate\smw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-12 00:04:40.901
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Soobzo\GDUpdate\smw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-12 00:04:40.884
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Soobzo\GDUpdate\smw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-11 23:50:20.575
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SPPD.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-11 23:50:20.568
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SPPD.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 39%
Total physical RAM: 8057.02 MB
Available physical RAM: 4851.55 MB
Total Virtual: 16112.25 MB
Available Virtual: 12054.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:404.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 65BD710B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 AM

Posted 13 April 2016 - 02:22 PM

Hi dirtcobain,

 

Going over your logs I noticed that you have µTorrent and Bittorent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so viaStart > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.
********************************************************************************************************

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.

C:\Windows\SysWOW64\x64.txt
C:\Windows\SysWOW64\soft.exe
C:\uninst
C:\Windows\system32\bi.exe

 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.

===================================================================================

Step 1:

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

Step 2:

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:

Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 dirtcobain

dirtcobain
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 13 April 2016 - 03:02 PM

 
~ ZHPCleaner v2016.4.11.54 by Nicolas Coolman (2016/04/11)
~ Run by Tanner (Administrator)  (13/04/2016 15:52:39)
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Tanner\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Tanner\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
 
 
---\\  Services (0)
~ No malicious or unnecessary items found.
 
 
---\\  Browser internet (0)
~ No malicious or unnecessary items found.
 
 
---\\  Hosts file (1)
~ The hosts file is legitimate (32)
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
 
 
---\\  Explorer ( File, Folder) (4)
MOVED file: C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker.is_0.localstorage    =>PUP.Optional.PutLocker
MOVED file: C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker.is_0.localstorage-journal    =>PUP.Optional.PutLocker
MOVED file^: C:\Users\Tanner\AppData\Local\app    =>PUP.Optional.CrossRider
MOVED folder: C:\Users\Tanner\AppData\Local\tuto_monetize_120160411  =>.Superfluous.TutoMonetize
 
 
---\\  Registry ( Key, Value, Data) (3)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mpck_en_005030294 []  =>PUP.Optional.MobilePCStarterKit
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\weatherblink.com [48]  =>.Superfluous.MindSpark
DELETED key*: [X64] HKLM\SOFTWARE\SearchModule []  =>PUP.Optional.SearchModule
 
 
---\\  Summary of the elements found (6)
http://www.nicolascoolman.fr/?p=134  =>PUP.Optional.PutLocker
http://www.nicolascoolman.fr/?p=180  =>PUP.Optional.CrossRider
http://www.nicolascoolman.fr/?p=5145  =>.Superfluous.TutoMonetize
http://www.nicolascoolman.fr/pup-mobilepcstarterkit/  =>PUP.Optional.MobilePCStarterKit
http://www.nicolascoolman.fr/?p=142  =>.Superfluous.MindSpark
http://www.nicolascoolman.fr/link-660/  =>PUP.Optional.SearchModule
 
 
---\\  Other deletions. (48)
~ Registry Keys Tracing deleted (48)
~ Remove the old reports ZHPCleaner. (0)
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
~ The system has been restarted.
 
 
---\\ Statistics
~ Items scanned : 332
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 7
 
 
~ End of clean in 00h00mn05s
===================
ZHPCleaner-[R]-13042016-15_52_44.txt
ZHPCleaner-[S]-13042016-15_52_15.txt
 

# AdwCleaner v5.110 - Logfile created 13/04/2016 at 15:53:19
# Updated 10/04/2016 by Xplode
# Database : 2016-04-11.4 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Tanner - TANNERS-PC
# Running from : C:\Users\Tanner\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [4014 bytes] - [12/04/2016 15:54:11]
C:\AdwCleaner\AdwCleaner[C2].txt - [777 bytes] - [13/04/2016 15:53:19]
C:\AdwCleaner\AdwCleaner[S1].txt - [3919 bytes] - [12/04/2016 15:51:33]
C:\AdwCleaner\AdwCleaner[S2].txt - [3992 bytes] - [12/04/2016 15:52:53]
C:\AdwCleaner\AdwCleaner[S3].txt - [1030 bytes] - [13/04/2016 15:48:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1068 bytes] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 7 Ultimate x64 
Ran by Tanner (Administrator) on 13/04/2016 at 15:43:42.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 28 
 
Successfully deleted: C:\ProgramData\19a87fa1ec024bbcbb41931263354405 (Folder) 
Successfully deleted: C:\Users\Tanner\Appdata\LocalLow\company (Folder) 
Successfully deleted: C:\Windows\SysWOW64\x64.txt (File) 
Successfully deleted: C:\Users\Tanner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tanner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1DNMG3C3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tanner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tanner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QODG81O (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tanner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8LKL4VKD (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tanner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DN9ZFF3V (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tanner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tanner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J04RS4BZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tanner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tanner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NUCZY2TQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tanner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RC9NHTDF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1DNMG3C3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QODG81O (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8LKL4VKD (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DN9ZFF3V (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J04RS4BZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NUCZY2TQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RC9NHTDF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\Temp\mrt6D33.tmp\stdrt.exe (File) 
Successfully deleted: C:\Windows\Temp\mrt782B.tmp\stdrt.exe (File) 
Successfully deleted: C:\Windows\Temp\mrt7869.tmp\stdrt.exe (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/04/2016 at 15:45:10.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 AM

Posted 13 April 2016 - 05:03 PM

You sould run every one with order and send. Please do not complicated, i want. Thank you.

 

I am waiting Zemana AntiMalware Logfile


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 AM

Posted 27 April 2016 - 03:46 PM

Are you still with me ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users