Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MS Security essentials partial recognition of Rogue:JS/FakeCall.D


  • Please log in to reply
7 replies to this topic

#1 eldoctore

eldoctore

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 13 June 2016 - 05:36 PM

Hi

 

I wonder if you would be good enough to look into a possible infection with Rogue:JS/FakeCall.D

 

Running MS security essential scans and then, after a brief pause at svchost, flags up

 

"preliminary scan results show that malicious or potentially unwanted software might exist on your system. You can review detected items when the scan has completed"

 

then it continues running and ends with no history and no items to be removed or quarantined. It doesn't finish properly in my view because it doesn't state"no infected items"

One time only it found Rogue:JS/FakeCall.D allowed me to remove it but when another scan is run the same message and behaviour repeats.

MBAM is clean as are various stand alone scanners such as ESET online scanner.

Please could you have a look at the log and maybe its a false positive (fingers crossed).

 

​PC no odd behaviour I can find maybe browsing hangs now and then.

 

Many thanks in advance.

 

 

Jim

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016

Ran by Admin (administrator) on ADMIN-PC (13-06-2016 23:20:16)
Running from F:\Downloads
Loaded Profiles: Admin (Available Profiles: Admin & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Adobe Systems Incorporated) F:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Paramount Software UK Ltd) F:\Program Files\Macrium\Reflect\ReflectService.exe
(KeepSolid Inc.) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(CMedia) C:\Program Files\ASUS Xonar DS Audio\Customapp\AsusAudioCenter.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Apple Inc.) F:\Program Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(KeepSolid Inc.) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe
(The OpenVPN Project) C:\Program Files (x86)\VPN Unlimited\openvpn.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2010-11-05] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2010-11-05] ()
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => F:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-542036734-4168031688-654211169-1000\...\Run: [Google Update] => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-542036734-4168031688-654211169-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-08-11] (Siber Systems)
HKU\S-1-5-21-542036734-4168031688-654211169-1000\...\Run: [Dropbox Update] => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-19] (Dropbox, Inc.)
HKU\S-1-5-21-542036734-4168031688-654211169-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2015-01-09] (Acresso Corporation)
HKU\S-1-5-21-542036734-4168031688-654211169-1000\...\Policies\Explorer: [NoInstrumentation] 0
HKU\S-1-5-21-542036734-4168031688-654211169-1000\...\MountPoints2: {7d905b9f-dda7-11e3-b89c-bcaec51b8148} - E:\SafeStick.exe
HKU\S-1-5-21-542036734-4168031688-654211169-1000\...\MountPoints2: {c4a9f51f-2442-11e6-9d4d-bcaec51b8148} - E:\LG_PC_Programs.exe
ShellIconOverlayIdentifiers: [    BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2011-12-10]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.208.0.1
Tcpip\..\Interfaces\{24E70060-3F4D-4E16-9015-0BE40A9DE6EE}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2DB6DCE8-6CCE-4045-928E-6FA7BDB1B81C}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2DB6DCE8-6CCE-4045-928E-6FA7BDB1B81C}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{44B97EFD-C3A2-4BC7-9568-1CB4FC519BA7}: [DhcpNameServer] 10.208.0.1
Tcpip\..\Interfaces\{8D198BF0-D00F-439C-86CD-7A33D72917BF}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{E60E5DA0-49E2-478E-86FC-D34EB7004006}: [NameServer] 172.16.160.89,172.16.160.79
 
Internet Explorer:
==================
HKU\S-1-5-21-542036734-4168031688-654211169-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/?gfe_rd=cr&ei=q3j6U4iYDenH8gfG1YCoDg&gws_rd=ssl
HKU\S-1-5-21-542036734-4168031688-654211169-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-542036734-4168031688-654211169-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-542036734-4168031688-654211169-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
SearchScopes: HKU\S-1-5-21-542036734-4168031688-654211169-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-08-11] (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-08-11] (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-17] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-06-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-17] (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-08-11] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-08-11] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-542036734-4168031688-654211169-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-08-11] (Siber Systems Inc.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {4E62C4DE-627D-4604-B157-4B7D6B09F02E} hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sg8htc4m.default-1401831539884
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> F:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-542036734-4168031688-654211169-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Admin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-542036734-4168031688-654211169-1000: @talk.google.com/O1DPlugin -> C:\Users\Admin\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-542036734-4168031688-654211169-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-542036734-4168031688-654211169-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-542036734-4168031688-654211169-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Admin\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-542036734-4168031688-654211169-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-09-05] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/webhp?nord=1
CHR StartupUrls: Default -> "hxxp://www.google.com/webhp?nord=1"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\pdf.dll => No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Java Deployment Toolkit 8.0.250.18) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 8 U25) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Plugin: (Google Update) - C:\Users\Admin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Users\Admin\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Admin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Admin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll => No File
CHR Plugin: (Picasa) - F:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-12]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Cast) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-04-30]
CHR Extension: (Google+) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2016-04-30]
CHR Extension: (Mega Button) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjoabpkbidaaiikahbmfebfabbchoca [2014-02-27]
CHR Extension: (Google Calendar) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12]
CHR Extension: (Box) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2015-04-29]
CHR Extension: (Google Play Music) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-06-13]
CHR Extension: (Google Finance) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2015-02-11]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-30]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2016-04-30]
CHR Extension: (Google Photos) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcglmfcclpfgljeaiahehebeoaiicbko [2016-05-23]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-06-13]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-06-13]
CHR Extension: (Google Play Music) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-06-06]
CHR Extension: (Dropbox) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-07-20]
CHR Extension: (Google Play) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-02-11]
CHR Extension: (Evernote Web) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-08-30]
CHR Extension: (Blogger) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejliakmhcfhakneflmicaoikhbicggc [2014-02-27]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-18]
CHR Extension: (Google Maps) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-18]
CHR Extension: (Google Mail Checker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-02-27]
CHR Extension: (Quick Note) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2015-05-14]
CHR Extension: (Pocket) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-06-16]
CHR Extension: (Google Play Books) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2016-04-30]
CHR Extension: (Sunrise Calendar) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojepfklcankkmikonjlnidiooanmpbb [2015-07-20]
CHR Extension: (Better Google Tasks) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhddnkmimnokfjdlogacnfjfclgcdme [2014-02-27]
CHR Extension: (OneDrive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2014-04-10]
CHR Extension: (Save to Pocket) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-06-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-30]
CHR Extension: (Open Bookmark Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oalceheiomajabalbakkoeiheiokhdbd [2014-02-27]
CHR Extension: (Outlook.com) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2014-02-27]
CHR Extension: (Evernote Web Clipper) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-05-12]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR HKU\S-1-5-21-542036734-4168031688-654211169-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor9.0; F:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36752 2016-04-12] (Box, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-10-25] (PC Tools)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-17] ()
R2 ReflectService.exe; F:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd)
R2 VPNUnlimitedService; C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe [61808 2015-09-23] (KeepSolid Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 acs6nts; C:\Windows\System32\DRIVERS\acs6nts.sys [29744 2010-06-01] (Windows ® Win 7 DDK provider)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2014-05-27] (Google Inc) [File not signed]
S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus64.sys [20992 2015-01-21] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2015-01-26] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2015-01-26] (LG Electronics Inc.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 JNPRNA; C:\Windows\System32\DRIVERS\jnprna6.sys [522544 2014-05-20] (Juniper Networks)
S4 jnprTdi_7411_47145; C:\Windows\system32\Drivers\jnprTdi_7411_47145.sys [108344 2014-06-06] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [30072 2014-05-20] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2014-05-20] (Juniper Networks, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R1 MpKsla7060c97; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{557EA8B0-7408-44DE-92EC-33236578A73A}\MpKsla7060c97.sys [44928 2016-06-13] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 NVFLASH; C:\Windows\system32\drivers\nvflash.sys [15648 2013-04-19] ()
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [124616 2014-04-30] (High Criteria inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 ALSysIO; \??\C:\Users\Admin\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz130; \??\C:\Users\Admin\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-13 23:20 - 2016-06-13 23:20 - 00000000 ____D C:\FRST
2016-06-13 10:56 - 2016-06-13 10:56 - 00000000 ____D C:\Program Files (x86)\ESET
2016-06-13 02:23 - 2016-06-13 03:43 - 00000000 ____D C:\AdwCleaner
2016-06-13 02:08 - 2016-06-13 02:33 - 00000000 ____D C:\ProgramData\HitmanPro
2016-06-13 02:04 - 2016-06-13 02:04 - 00219790 _____ C:\TDSSKiller.3.1.0.9_13.06.2016_02.04.27_log.txt
2016-06-13 01:17 - 2016-06-13 01:17 - 00761237 _____ C:\Users\Admin\AppData\Local\census.cache
2016-06-13 01:16 - 2016-06-13 01:16 - 00214728 _____ C:\Users\Admin\AppData\Local\ars.cache
2016-06-13 01:08 - 2016-06-13 01:08 - 00000010 _____ C:\Users\Admin\AppData\Local\sponge.last.runtime.cache
2016-06-13 01:04 - 2016-06-13 01:04 - 00000000 ____D C:\ProgramData\Trend Micro
2016-06-13 00:56 - 2016-06-13 00:56 - 00000036 _____ C:\Users\Admin\AppData\Local\housecall.guid.cache
2016-06-05 22:50 - 2016-06-05 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2016-06-05 21:16 - 2016-06-06 00:43 - 00000000 ____D C:\Windows.old
2016-06-05 21:12 - 2016-06-05 21:12 - 00008192 _____ C:\Windows\system32\config\userdiff
2016-06-05 15:39 - 2016-06-05 15:39 - 00000000 ____D C:\$SysReset
2016-06-05 12:20 - 2016-06-13 09:19 - 00000000 ____D C:\Users\Admin
2016-06-05 11:48 - 2016-06-05 12:26 - 00014259 _____ C:\Windows\diagerr.xml
2016-06-05 11:48 - 2016-06-05 12:26 - 00013338 _____ C:\Windows\diagwrn.xml
2016-06-05 11:46 - 2016-06-05 15:44 - 00000066 _____ C:\Windows\progress.ini
2016-06-05 11:37 - 2016-06-05 15:44 - 00000000 ___HD C:\$GetCurrent
2016-06-05 11:36 - 2016-06-13 09:18 - 00000000 ____D C:\Windows10Upgrade
2016-06-05 11:36 - 2016-06-05 11:36 - 00000694 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2016-06-05 11:36 - 2016-06-05 11:36 - 00000682 _____ C:\Users\Admin\Desktop\Windows 10 Upgrade Assistant.lnk
2016-06-04 22:25 - 2016-06-06 00:41 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-04 13:09 - 2016-06-13 09:19 - 00000000 ____D C:\Program Files (x86)\VPN Unlimited
2016-06-04 13:09 - 2016-06-06 00:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VPN Unlimited
2016-06-04 13:09 - 2016-06-04 13:09 - 00001067 _____ C:\Users\Public\Desktop\VPN Unlimited.lnk
2016-06-04 13:09 - 2016-06-04 13:09 - 00001067 _____ C:\ProgramData\Desktop\VPN Unlimited.lnk
2016-06-04 13:09 - 2016-06-04 13:09 - 00000000 ____D C:\Program Files\TAP-Windows
2016-05-30 16:12 - 2016-06-06 00:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SterJo Key Finder
2016-05-30 16:12 - 2016-05-30 16:12 - 00000740 _____ C:\Users\Public\Desktop\SterJo Key Finder.lnk
2016-05-30 16:12 - 2016-05-30 16:12 - 00000740 _____ C:\ProgramData\Desktop\SterJo Key Finder.lnk
2016-05-30 16:12 - 2005-04-15 19:58 - 01351392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx
2016-05-22 23:01 - 2016-06-06 00:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2016-05-22 23:01 - 2016-05-22 23:01 - 00000000 ____D C:\Users\Public\Foxit Software
2016-05-22 23:01 - 2016-05-22 23:01 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Foxit AgentInformation
2016-05-22 23:01 - 2016-05-22 23:01 - 00000000 ____D C:\ProgramData\Foxit ContentPlatform
2016-05-21 19:13 - 2016-05-21 19:13 - 00000000 ____D C:\ProgramData\LGMOBILEAX
2016-05-21 12:17 - 2016-04-23 18:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-21 12:17 - 2016-04-23 17:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-21 12:17 - 2016-04-23 06:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-21 12:17 - 2016-04-23 06:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-21 12:17 - 2016-04-23 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-21 12:17 - 2016-04-23 06:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-21 12:17 - 2016-04-23 06:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-21 12:17 - 2016-04-23 06:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-21 12:17 - 2016-04-23 06:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-21 12:17 - 2016-04-23 06:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-21 12:17 - 2016-04-23 06:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-21 12:17 - 2016-04-23 05:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-21 12:17 - 2016-04-23 05:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-21 12:17 - 2016-04-23 05:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-21 12:17 - 2016-04-23 05:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-21 12:17 - 2016-04-23 05:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-21 12:17 - 2016-04-23 05:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-21 12:17 - 2016-04-23 05:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-21 12:17 - 2016-04-23 05:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-21 12:17 - 2016-04-23 05:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-21 12:17 - 2016-04-23 05:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-21 12:17 - 2016-04-23 05:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-21 12:17 - 2016-04-23 05:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-21 12:17 - 2016-04-23 05:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-21 12:17 - 2016-04-23 05:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-21 12:17 - 2016-04-23 05:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-21 12:17 - 2016-04-23 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-21 12:17 - 2016-04-23 05:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-21 12:17 - 2016-04-23 05:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-21 12:17 - 2016-04-23 05:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-21 12:17 - 2016-04-23 05:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-21 12:17 - 2016-04-23 05:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-21 12:17 - 2016-04-23 05:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-21 12:17 - 2016-04-23 05:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-21 12:17 - 2016-04-23 05:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-21 12:17 - 2016-04-23 05:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-21 12:17 - 2016-04-23 05:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-21 12:17 - 2016-04-23 05:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-21 12:17 - 2016-04-23 05:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-21 12:17 - 2016-04-23 05:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-21 12:17 - 2016-04-23 05:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-21 12:17 - 2016-04-23 05:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-21 12:17 - 2016-04-23 05:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-21 12:17 - 2016-04-23 04:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-21 12:17 - 2016-04-23 04:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-21 12:17 - 2016-04-23 04:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-21 12:17 - 2016-04-23 04:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-21 12:17 - 2016-04-23 04:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-21 12:17 - 2016-04-23 04:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-21 12:17 - 2016-04-23 04:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-21 12:17 - 2016-04-23 04:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-21 12:17 - 2016-04-23 04:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-21 12:17 - 2016-04-23 04:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-21 12:17 - 2016-04-23 04:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-21 12:17 - 2016-04-23 04:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-21 12:17 - 2016-04-23 04:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-21 12:17 - 2016-04-23 04:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-21 12:17 - 2016-04-23 04:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-21 12:17 - 2016-04-23 04:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-21 12:17 - 2016-04-23 04:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-21 12:17 - 2016-04-23 04:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-21 12:17 - 2016-04-23 04:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-21 12:17 - 2016-04-23 04:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-21 12:17 - 2016-04-23 04:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-21 12:17 - 2016-04-23 04:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-21 12:17 - 2016-04-23 04:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-21 12:17 - 2016-04-14 14:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-21 12:17 - 2016-04-14 14:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-21 12:17 - 2016-04-09 08:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-21 12:17 - 2016-04-09 08:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-21 12:17 - 2016-04-09 08:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-21 12:17 - 2016-04-09 08:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-21 12:17 - 2016-04-09 08:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-21 12:17 - 2016-04-09 08:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-21 12:17 - 2016-04-09 08:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-21 12:17 - 2016-04-09 07:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-21 12:17 - 2016-04-09 07:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-21 12:17 - 2016-04-09 07:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-21 12:17 - 2016-04-09 07:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-21 12:17 - 2016-04-09 07:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-21 12:17 - 2016-04-09 07:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-21 12:17 - 2016-04-09 07:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-21 12:17 - 2016-04-09 07:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-21 12:17 - 2016-04-09 07:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-21 12:17 - 2016-04-09 07:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-21 12:17 - 2016-04-09 07:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-21 12:17 - 2016-04-09 07:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-21 12:17 - 2016-04-09 07:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-21 12:17 - 2016-04-09 07:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-21 12:17 - 2016-04-09 07:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-21 12:17 - 2016-04-09 07:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-21 12:17 - 2016-04-09 07:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-21 12:17 - 2016-04-09 07:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-21 12:17 - 2016-04-09 07:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 07:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-21 12:17 - 2016-04-09 06:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-21 12:17 - 2016-04-09 06:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-21 12:17 - 2016-04-09 06:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-21 12:17 - 2016-04-09 06:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-21 12:17 - 2016-04-09 06:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-21 12:17 - 2016-04-09 06:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-21 12:17 - 2016-04-09 06:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-21 12:17 - 2016-04-09 06:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-21 12:17 - 2016-04-09 06:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-21 12:17 - 2016-04-09 06:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-21 12:17 - 2016-04-09 06:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-21 12:17 - 2016-04-09 06:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-21 12:17 - 2016-04-09 06:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-21 12:17 - 2016-04-09 06:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-21 12:17 - 2016-04-09 06:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-21 12:17 - 2016-04-09 06:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-21 12:17 - 2016-04-09 06:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-21 12:17 - 2016-04-09 06:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-21 12:17 - 2016-04-09 06:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 06:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 06:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-21 12:17 - 2016-04-09 06:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-21 12:17 - 2016-04-06 16:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-21 12:16 - 2016-04-09 05:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-21 12:16 - 2016-04-09 04:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-21 11:03 - 2016-04-14 06:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-05-21 11:03 - 2016-04-14 06:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-05-21 11:03 - 2016-04-14 06:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-05-20 23:13 - 2016-05-20 23:13 - 00362976 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib110.dll
2016-05-19 20:48 - 2016-05-19 20:48 - 00000216 _____ C:\Users\Admin\Desktop\Tomb Raider.url
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-13 20:53 - 2014-02-27 23:02 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-13 20:53 - 2014-02-27 23:02 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-13 20:53 - 2014-02-27 23:02 - 00002183 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2016-06-13 09:26 - 2009-07-14 05:45 - 00026208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-13 09:26 - 2009-07-14 05:45 - 00026208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-13 09:25 - 2009-07-14 06:13 - 00786578 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-13 09:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-06-13 09:21 - 2014-10-14 17:18 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-13 09:19 - 2014-10-14 17:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-13 09:19 - 2011-10-18 19:47 - 00000000 ____D C:\Program Files\Bonjour
2016-06-13 09:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-13 09:18 - 2016-05-01 09:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-13 09:18 - 2015-08-10 19:09 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2016-06-13 09:18 - 2014-11-07 21:26 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-06-13 09:18 - 2014-11-07 21:25 - 00000000 ____D C:\Program Files\iTunes
2016-06-13 09:18 - 2014-08-27 20:21 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2016-06-13 09:18 - 2014-08-24 15:34 - 00000000 ____D C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.1.1
2016-06-13 09:18 - 2014-03-30 18:24 - 00000000 ____D C:\Program Files (x86)\SDA
2016-06-13 09:18 - 2012-10-28 14:14 - 00000000 ____D C:\Program Files (x86)\YBS
2016-06-13 09:18 - 2012-04-28 00:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-13 09:18 - 2012-03-16 09:07 - 00000000 ____D C:\Users\Guest
2016-06-13 09:18 - 2011-10-18 19:47 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-06-13 09:18 - 2011-06-17 00:20 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-06-13 09:18 - 2010-10-07 13:13 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-06-13 09:18 - 2010-10-07 13:13 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-06-13 09:18 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-06-13 09:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system
2016-06-13 09:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2016-06-13 01:07 - 2014-01-14 10:53 - 00000000 ____D C:\Users\Admin\AppData\Local\Box Sync
2016-06-13 00:57 - 2013-12-22 13:05 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-06-09 23:25 - 2011-01-29 00:54 - 00000000 ____D C:\ProgramData\TEMP
2016-06-08 00:53 - 2015-08-19 21:19 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-542036734-4168031688-654211169-1000UA.job
2016-06-08 00:53 - 2015-08-19 21:19 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-542036734-4168031688-654211169-1000Core.job
2016-06-08 00:53 - 2012-06-16 18:34 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-542036734-4168031688-654211169-1000UA.job
2016-06-08 00:53 - 2012-06-16 18:34 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-542036734-4168031688-654211169-1000Core.job
2016-06-08 00:53 - 2012-04-04 19:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-08 00:53 - 2011-11-06 18:51 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-08 00:02 - 2015-08-09 23:11 - 00002338 _____ C:\Users\Public\Desktop\InteleViewer (64-bit).lnk
2016-06-08 00:02 - 2015-08-09 23:11 - 00002338 _____ C:\ProgramData\Desktop\InteleViewer (64-bit).lnk
2016-06-08 00:01 - 2015-08-09 23:11 - 00001418 _____ C:\ProgramData\Microsoft\Windows\Start Menu\InteleViewer (64-bit).lnk
2016-06-07 21:47 - 2011-02-12 23:22 - 00001795 _____ C:\Users\Admin\AppData\Roaming\SAS7_000.DAT
2016-06-06 00:42 - 2013-04-26 20:31 - 00000000 ____D C:\Windows\SysWOW64\xlive
2016-06-06 00:42 - 2011-04-17 22:38 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2016-06-06 00:42 - 2011-03-15 17:59 - 00000000 ____D C:\Windows\system32\SPReview
2016-06-06 00:42 - 2011-03-15 17:59 - 00000000 ____D C:\Windows\system32\EventProviders
2016-06-06 00:42 - 2011-02-13 00:01 - 00000000 ____D C:\Windows\system32\appmgmt
2016-06-06 00:42 - 2009-07-14 08:46 - 00000000 ____D C:\Windows\ShellNew
2016-06-06 00:42 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\Media
2016-06-06 00:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-06-06 00:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-06-06 00:41 - 2015-10-09 22:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skitch
2016-06-06 00:41 - 2015-08-02 00:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2016-06-06 00:41 - 2015-03-14 00:16 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BBC iPlayer
2016-06-06 00:41 - 2015-01-21 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Medical 11.0
2016-06-06 00:41 - 2014-12-03 23:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite
2016-06-06 00:41 - 2014-11-07 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-06-06 00:41 - 2014-11-07 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-06 00:41 - 2014-10-14 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-06 00:41 - 2014-09-26 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2016-06-06 00:41 - 2014-09-18 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Philips Speech Control
2016-06-06 00:41 - 2014-08-27 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2016-06-06 00:41 - 2014-08-24 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Home Edition 8.1.1
2016-06-06 00:41 - 2014-08-09 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-06-06 00:41 - 2014-06-26 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RadiAnt DICOM Viewer
2016-06-06 00:41 - 2014-03-30 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2016-06-06 00:41 - 2014-03-30 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2016-06-06 00:41 - 2014-02-27 23:02 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-06-06 00:41 - 2014-01-25 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2016-06-06 00:41 - 2014-01-25 17:48 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-06-06 00:41 - 2014-01-14 10:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
2016-06-06 00:41 - 2014-01-12 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2016-06-06 00:41 - 2014-01-09 23:48 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2016-06-06 00:41 - 2013-09-24 17:44 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-06-06 00:41 - 2013-08-24 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scid vs PC
2016-06-06 00:41 - 2013-04-26 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2016-06-06 00:41 - 2013-03-12 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-06 00:41 - 2013-02-18 23:59 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-06-06 00:41 - 2013-02-05 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows AIK
2016-06-06 00:41 - 2012-11-13 16:51 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
2016-06-06 00:41 - 2012-08-14 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoodSync
2016-06-06 00:41 - 2012-07-15 18:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-06-06 00:41 - 2011-11-18 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Mechanic
2016-06-06 00:41 - 2011-11-12 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2016-06-06 00:41 - 2011-06-13 22:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Recorder
2016-06-06 00:41 - 2011-06-13 19:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PACSMail
2016-06-06 00:41 - 2011-04-17 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP210 series
2016-06-06 00:41 - 2011-02-10 22:49 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-06-06 00:41 - 2011-02-10 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-06-06 00:41 - 2011-02-07 00:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-06-06 00:41 - 2011-02-05 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
2016-06-06 00:41 - 2011-01-16 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
2016-06-06 00:41 - 2011-01-16 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2016-06-06 00:41 - 2011-01-16 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-06-06 00:41 - 2010-12-21 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Xonar DS Audio
2016-06-06 00:41 - 2010-10-07 13:14 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-06 00:41 - 2010-10-07 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-06-06 00:41 - 2009-07-14 08:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-06-06 00:41 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-06 00:41 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-06-06 00:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\LiveKernelReports
2016-06-06 00:41 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-06-05 15:44 - 2010-10-07 20:01 - 00000000 ____D C:\Windows\Panther
2016-06-05 12:26 - 2015-08-19 21:19 - 00004002 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-542036734-4168031688-654211169-1000UA
2016-06-05 12:26 - 2015-08-19 21:19 - 00003606 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-542036734-4168031688-654211169-1000Core
2016-06-05 12:26 - 2014-10-18 09:38 - 00003248 _____ C:\Windows\System32\Tasks\{4E52F82C-CFF8-41DD-BA57-2A7AE7836757}
2016-06-05 12:26 - 2014-08-27 20:21 - 00003270 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2016-06-05 12:26 - 2014-08-27 20:21 - 00003242 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2016-06-05 12:26 - 2014-08-27 20:21 - 00003214 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2016-06-05 12:26 - 2014-08-27 20:21 - 00003212 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2016-06-05 12:26 - 2014-08-05 19:35 - 00004048 _____ C:\Windows\System32\Tasks\4Team updater
2016-06-05 12:26 - 2014-05-10 21:15 - 00003244 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2016-06-05 12:26 - 2012-07-07 15:21 - 00002882 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-06-05 12:26 - 2012-06-16 18:34 - 00003992 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-542036734-4168031688-654211169-1000UA
2016-06-05 12:26 - 2012-06-16 18:34 - 00003596 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-542036734-4168031688-654211169-1000Core
2016-06-05 12:26 - 2012-04-04 19:28 - 00003878 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-05 12:26 - 2011-11-06 18:51 - 00004004 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-06-05 12:26 - 2011-11-06 18:51 - 00003752 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-06-05 12:26 - 2011-05-12 22:21 - 00003612 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Admin-PC-Admin
2016-06-05 12:26 - 2011-02-16 00:04 - 00003300 _____ C:\Windows\System32\Tasks\{A1359573-6932-4F28-8086-09EE843B7F5C}
2016-06-05 12:26 - 2011-02-12 22:38 - 00003184 _____ C:\Windows\System32\Tasks\{4170D141-BE3B-4F1B-9B8E-6265C8B77154}
2016-06-05 12:26 - 2011-01-29 00:55 - 00003666 _____ C:\Windows\System32\Tasks\RMSmartUpdate
2016-06-05 12:26 - 2010-10-07 12:37 - 00003646 _____ C:\Windows\System32\Tasks\CreateChoiceProcessTask
2016-06-05 11:25 - 2011-02-07 00:31 - 00000000 ____D C:\Users\Admin\AppData\Roaming\GoodSync
2016-06-05 00:00 - 2011-01-16 09:22 - 00000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2016-06-04 22:26 - 2011-11-20 03:47 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Dropbox
2016-05-28 17:35 - 2014-12-03 23:32 - 00000000 ____D C:\Program Files (x86)\LG Electronics
2016-05-24 11:23 - 2011-08-12 21:41 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Foxit Software
2016-05-22 23:01 - 2015-06-11 23:26 - 00001351 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2016-05-22 23:01 - 2015-06-11 23:26 - 00001351 _____ C:\ProgramData\Desktop\Foxit Reader.lnk
2016-05-21 20:22 - 2014-02-27 22:49 - 00002156 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-05-21 20:14 - 2014-08-17 18:18 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2016-05-21 14:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-05-21 12:43 - 2009-07-14 05:45 - 00359880 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-21 12:42 - 2009-07-14 08:47 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-21 12:36 - 2013-07-11 20:48 - 00000000 ____D C:\Windows\system32\MRT
2016-05-21 12:26 - 2010-10-07 11:19 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-21 11:46 - 2012-04-04 19:28 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-21 11:46 - 2011-06-01 23:10 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-21 11:20 - 2011-06-26 14:57 - 00000000 ____D C:\Windows\Minidump
2016-05-21 11:10 - 2016-05-01 10:32 - 00001377 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-05-21 11:10 - 2016-05-01 10:32 - 00001377 _____ C:\ProgramData\Desktop\GeForce Experience.lnk
2016-05-21 11:10 - 2014-01-25 18:46 - 00000000 ____D C:\Users\Admin\AppData\Local\NVIDIA
2016-05-21 10:57 - 2014-12-03 23:40 - 00000000 ____D C:\Users\Admin\AppData\Roaming\LG Electronics
2016-05-21 10:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing
2016-05-20 23:13 - 2012-11-05 23:26 - 00837584 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110.dll
2016-05-20 23:13 - 2012-11-05 23:26 - 00670160 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110.dll
 
==================== Files in the root of some directories =======
 
2011-07-30 17:30 - 2012-11-25 23:18 - 0038441 _____ () C:\Users\Admin\AppData\Roaming\Comma Separated Values (Windows).ADR
2011-02-12 23:22 - 2016-06-07 21:47 - 0001795 _____ () C:\Users\Admin\AppData\Roaming\SAS7_000.DAT
2016-06-13 01:16 - 2016-06-13 01:16 - 0214728 _____ () C:\Users\Admin\AppData\Local\ars.cache
2016-06-13 01:17 - 2016-06-13 01:17 - 0761237 _____ () C:\Users\Admin\AppData\Local\census.cache
2011-01-16 17:21 - 2015-01-10 00:53 - 0007168 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-06-13 00:56 - 2016-06-13 00:56 - 0000036 _____ () C:\Users\Admin\AppData\Local\housecall.guid.cache
2016-06-13 01:08 - 2016-06-13 01:08 - 0000010 _____ () C:\Users\Admin\AppData\Local\sponge.last.runtime.cache
2011-01-16 09:14 - 2011-01-16 10:03 - 0000114 _____ () C:\ProgramData\nvUnsupRes.dat
 
Files to move or delete:
====================
C:\ProgramData\nvUnsupRes.dat
 
 
Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\jce_setup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-07 00:10
 
==================== End of FRST.txt ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2016
Ran by Admin (2016-06-13 23:20:34)
Running from F:\Downloads
Windows 7 Professional Service Pack 1 (X64) (2010-10-07 10:08:57)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Admin (S-1-5-21-542036734-4168031688-654211169-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-542036734-4168031688-654211169-500 - Administrator - Disabled)
Guest (S-1-5-21-542036734-4168031688-654211169-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-542036734-4168031688-654211169-1006 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4Team Sync2 (HKLM-x32\...\{C9319B04-3CEE-4592-870C-3C4511F78ECF}) (Version: 2.60.2607 - 4Team Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0.3.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-542036734-4168031688-654211169-1000\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.5.2.3 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.5.2.3 - ASUSTek COMPUTER INC.) Hidden
ASUS Xonar DS Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.13 - Audible, Inc.)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.5 - Auslogics Software Pty Ltd)
BBC iPlayer Downloads (HKLM-x32\...\{C3794B09-6C43-4B93-9CA8-F10BECCF2971}) (Version: 1.11.1 - BBC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Box Sync (HKLM\...\{4CEE93B3-A864-424F-9DAA-E110E75E38C2}) (Version: 4.0.7415.0 - Box, Inc.)
Box Sync (x32 Version: 4.0.6498.0 - Box Inc.) Hidden
Bullzip PDF Printer 9.2.0.1499 (HKLM\...\Bullzip PDF Printer_is1) (Version: 9.2.0.1499 - Bullzip)
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon MP210 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Dear Esther (HKLM-x32\...\Steam App 203810) (Version:  - )
Dragon NaturallySpeaking 11 (HKLM-x32\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.0.300 - Nuance Communications Inc.)
Dropbox (HKU\S-1-5-21-542036734-4168031688-654211169-1000\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
Evernote v. 6.1.2 (HKLM-x32\...\{A46ABD1E-2837-11E6-9E7C-005056951CAD}) (Version: 6.1.2.2292 - Evernote Corp.)
Everybody's Gone to the Rapture (HKLM\...\Steam App 417880) (Version:  - The Chinese Room)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Geeks3D.com FurMark 1.10.2 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D.com)
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 8.9.9.3 - Siber Systems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-542036734-4168031688-654211169-1000\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
InteleViewer (HKLM\...\InteleViewer) (Version: 1.0.0.0 - Intelerad Medical Systems)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junos Pulse 4.0 (HKLM-x32\...\Junos Pulse 4.0) (Version: 4.0.47145 - Juniper Networks, Inc.)
Junos Pulse 802.1x Add-On (x32 Version: 4.0.47145 - Juniper Networks) Hidden
Junos Pulse Application Acceleration Components (x32 Version: 4.0.47145 - Juniper Networks) Hidden
Junos Pulse Core Components (x32 Version: 4.0.47145 - Juniper Networks) Hidden
Junos Pulse Drivers Add-On (Version: 4.0.47145 - Juniper Networks) Hidden
Junos Pulse Host Checker Plugin Add-On (x32 Version: 4.0.47145 - Juniper Networks) Hidden
Junos Pulse SRX Components (x32 Version: 4.0.47145 - Juniper Networks) Hidden
Junos Pulse Tunnel Manager Add-On (x32 Version: 4.0.47145 - Juniper Networks) Hidden
Junos Pulse UAC/NC Components (x32 Version: 4.0.47145 - Juniper Networks) Hidden
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.25.20150529 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{4DE95ED9-0A29-4C4F-8463-35857CF9BA36}) (Version: 3.14.1 - LG Electronics)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7299 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-542036734-4168031688-654211169-1000\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-542036734-4168031688-654211169-1000\...\MusicManager) (Version:  - Google, Inc.)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.55.8 - Black Tree Gaming)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.51 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version:  - Timeslip)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PACStacker (HKLM-x32\...\{C4927C01-C7E1-483C-AF7D-0BFD43652AE6}) (Version: 0.0.15 - CHRMC)
PC Tools Registry Mechanic 11.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.0 - PC Tools)
Philips Device Control Center (HKLM-x32\...\{96F2FC1B-8404-4C07-A789-72601BA2E5F0}) (Version: 3.3.330.08 - Speech Processing Solutions GmbH)
Philips SpMikeCtrl (HKLM-x32\...\{E86EB86F-97A6-4474-BDFD-1084535DD824}) (Version: 1.00.0000 - Philips Speech Processing - Dictation Systems)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Pulse Secure Setup Client (HKU\S-1-5-21-542036734-4168031688-654211169-1000\...\Juniper_Setup_Client) (Version: 8.0.14.61455 - Pulse Secure, LLC)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RadiAnt DICOM Viewer (64-bit) (HKLM-x32\...\RadiAnt64) (Version: 3.0.2.12209 - Medixant)
RoboForm 7-9-14-4 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-14-4 - Siber Systems)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)
Scid vs PC 4.10 (HKLM-x32\...\Scid vs PC_is1) (Version: 4.10 - Steven Atkinson)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Skitch (HKLM-x32\...\Skitch 2.3.2.176) (Version: 2.3.2.176 - Evernote Corp.)
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
STAR WARS™ Knights of the Old Republic™ II: The Sith Lords™ (HKLM-x32\...\Steam App 208580) (Version:  - Obsidian Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SterJo Key Finder (HKLM-x32\...\{2F6B7734-A549-47B2-BE8D-CCB422F4EA9D}_is1) (Version: 1.8 - SterJo Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Total Recorder 8.5 VideoPro Edition (HKLM-x32\...\TotalRecorder) (Version:  - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Unofficial Oblivion Patch v3.2.0 (HKLM-x32\...\Unofficial Oblivion Patch_is1) (Version: 3.2.0 - Quarn and Kivan)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VC8 CRT (Version: 8.0.50727.762 - Juniper Networks) Hidden
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.200 - Nuance Communications Inc.)
Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}) (Version: 10.00.800.228 - Nuance Communications Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
VPN Unlimited version 3.1.5 (HKLM-x32\...\{DC24521E-872B-41AF-93EA-FE477902D6FB}_is1) (Version: 3.1.5 - KeepSolid Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17305 - Microsoft Corporation)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
YBS Account Aggregation (HKLM-x32\...\{CC8A563E-7D2D-4589-B628-4379F1E8D4E1}) (Version: 1.0.197 - YBS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-542036734-4168031688-654211169-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-542036734-4168031688-654211169-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-542036734-4168031688-654211169-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-542036734-4168031688-654211169-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-542036734-4168031688-654211169-1000_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {185C7BB6-9468-D082-E0EB-2DE985889A47} => No File
CustomCLSID: HKU\S-1-5-21-542036734-4168031688-654211169-1000_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {4170238A-9468-D082-DCB3-01B085889A47} => No File
CustomCLSID: HKU\S-1-5-21-542036734-4168031688-654211169-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-542036734-4168031688-654211169-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-542036734-4168031688-654211169-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-542036734-4168031688-654211169-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-542036734-4168031688-654211169-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-542036734-4168031688-654211169-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-542036734-4168031688-654211169-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-542036734-4168031688-654211169-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-542036734-4168031688-654211169-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-542036734-4168031688-654211169-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-542036734-4168031688-654211169-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05DB28A6-0A9E-480B-8B48-546E1AAD55CD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-21] (Adobe Systems Incorporated)
Task: {084AFE2E-3907-493E-B753-307276319B10} - System32\Tasks\CCleanerSkipUAC => F:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {1A50F70F-1C5D-4169-981F-141BC756281D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {373CD986-EBBE-4493-866E-5B7E9CCBECC7} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {39A73CE2-2454-4A7C-B42F-3F74A3833275} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {414740B5-4AAF-4DC1-88B1-67E2CA3F8877} - System32\Tasks\{4170D141-BE3B-4F1B-9B8E-6265C8B77154} => pcalua.exe -a D:\setup.exe -d D:\
Task: {692720A1-E13D-4FFA-80C3-8831BAA06B10} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {6CF48A4B-4FF8-4F41-BC06-8E36B7DA21C4} - System32\Tasks\{A1359573-6932-4F28-8086-09EE843B7F5C} => pcalua.exe -a F:\Downloads\mp210swin101ea24.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {7B6AD617-B66F-4A5A-AE74-BDE644046CDA} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {7CB2C212-A8A7-423F-9EDF-77C44436CE43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {8331D81C-2331-40F2-B1E8-57A1A1C242D9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-542036734-4168031688-654211169-1000Core => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-19] (Dropbox, Inc.)
Task: {8CA89045-630E-4230-8E3D-DB5DC49E5F7A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-542036734-4168031688-654211169-1000Core => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {9BD604C7-06F4-4E93-9421-E97BC4661154} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-542036734-4168031688-654211169-1000UA => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {A29ABCEF-6FDF-4AFA-A9D0-197EF855BA3F} - System32\Tasks\AdobeAAMUpdater-1.0-Admin-PC-Admin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {A821132D-ABA8-4836-BCA1-F385A3603880} - System32\Tasks\4Team updater => C:\Program Files (x86)\4Team Corporation\4Team-Updater\4Team-Updater.exe [2014-06-10] ()
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {BFFBE4F8-4392-42AF-86F7-F8492FA8365B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {CA4C7347-1937-4ABF-9E6C-9D0D1716C840} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-542036734-4168031688-654211169-1000UA => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-19] (Dropbox, Inc.)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D44355DC-2CB1-42AE-B443-298F330E78E3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {D5A9D7D1-44C0-4DBC-B627-58E9C43D01E5} - System32\Tasks\{4E52F82C-CFF8-41DD-BA57-2A7AE7836757} => pcalua.exe -a F:\Downloads\QuickTimeInstaller.exe -d F:\Downloads
Task: {D73F77AD-0AF4-4B2A-A974-8C22D5FE03ED} - System32\Tasks\RMSmartUpdate => F:\Program Files\Registry Mechanic\update.exe [2011-10-25] (PC Tools)
Task: {DE965294-BBBB-4F33-94F4-8D57112636EE} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-542036734-4168031688-654211169-1000Core.job => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-542036734-4168031688-654211169-1000UA.job => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-542036734-4168031688-654211169-1000Core.job => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-542036734-4168031688-654211169-1000UA.job => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-01-25 17:48 - 2016-03-08 07:27 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-17 12:24 - 2012-01-17 12:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2016-05-01 10:32 - 2016-05-02 06:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-05-01 10:32 - 2016-05-02 06:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-05-01 10:32 - 2016-05-02 06:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-05-01 10:32 - 2016-05-02 06:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2014-08-17 14:29 - 2014-08-17 14:29 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-05-01 10:32 - 2016-05-02 06:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-05-01 10:32 - 2016-05-02 06:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-05-01 10:32 - 2016-05-02 06:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-05-01 10:32 - 2016-05-02 06:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2010-12-21 15:50 - 2010-11-05 17:17 - 00200704 _____ () C:\Windows\SysWOW64\HsMgr.exe
2010-12-21 15:50 - 2010-11-05 17:17 - 00282112 _____ () C:\Windows\system\HsMgr64.exe
2016-05-01 10:32 - 2016-05-02 06:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-05-01 10:32 - 2016-05-02 06:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2012-09-17 02:37 - 2012-09-17 02:37 - 00431163 _____ () C:\Program Files (x86)\Common Files\Juniper Networks\WX Client\sqlite3.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-06-04 13:09 - 2015-09-23 15:53 - 00104304 _____ () C:\Program Files (x86)\VPN Unlimited\enc.dll
2016-05-21 11:10 - 2016-05-02 07:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2010-12-21 15:50 - 2010-11-05 17:17 - 00143360 _____ () C:\Program Files\ASUS Xonar DS Audio\Customapp\VmixP8.dll
2016-05-21 20:22 - 2016-05-21 20:22 - 00679624 _____ () C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\ClientTelemetry.dll
2016-06-01 14:39 - 2016-06-01 14:39 - 00439480 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2016-06-01 14:39 - 2016-06-01 14:39 - 00321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2016-06-01 14:39 - 2016-06-01 14:39 - 21120184 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll
2016-06-01 14:39 - 2016-06-01 14:39 - 00212664 _____ () C:\Program Files (x86)\Evernote\Evernote\websockets.dll
2016-06-01 14:38 - 2016-06-01 14:38 - 00988872 _____ () C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll
2016-06-01 14:38 - 2016-06-01 14:38 - 00138952 _____ () C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll
2016-06-01 14:38 - 2016-06-01 14:38 - 00195272 _____ () C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll
2016-06-04 13:09 - 2015-09-23 15:53 - 00825712 _____ () C:\Program Files (x86)\VPN Unlimited\rpc_lib.dll
2016-06-04 13:09 - 2015-09-23 15:53 - 00737648 _____ () C:\Program Files (x86)\VPN Unlimited\open_vpn_wrapper_lib.dll
2016-06-04 13:09 - 2015-09-23 15:53 - 00046448 _____ () C:\Program Files (x86)\VPN Unlimited\qtkeychain.dll
2016-06-04 13:09 - 2015-06-08 13:28 - 00162185 _____ () C:\Program Files (x86)\VPN Unlimited\liblzo2-2.dll
2016-06-04 13:09 - 2015-06-08 13:28 - 00103754 _____ () C:\Program Files (x86)\VPN Unlimited\libpkcs11-helper-1.dll
2016-06-13 20:53 - 2016-06-04 02:56 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libglesv2.dll
2016-06-13 20:53 - 2016-06-04 02:56 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:7FFED16F [116]
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [131]
AlternateDataStreams: C:\ProgramData\TEMP:F35A93AD [167]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2016-06-08 00:04 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-542036734-4168031688-654211169-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.208.0.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\Windows\pss\Audible Download Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\Admin\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: BoxSync => "C:\Program Files\Box\Box Sync\BoxSync.exe" -m
MSCONFIG\startupreg: BoxSyncHelper => "C:\Program Files\Box Sync\BoxSyncHelper.exe"
MSCONFIG\startupreg: DNS7reminder => "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
MSCONFIG\startupreg: Eraser => "F:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\Admin\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "F:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: JunosPulse => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe -tray
MSCONFIG\startupreg: MusicManager => "C:\Users\Admin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: Philips Device Control Center => "C:\Program Files (x86)\Philips Speech\Device Control Center\PDCC.exe" /autostart
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skitch => F:\Program Files\Evernote\Skitch\Skitch.exe -start-on-hide
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SSDMonitor => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
MSCONFIG\startupreg: Steam => "F:\Program Files\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Sync2 => "C:\Program Files (x86)\4Team Corporation\Sync2\Sync2.exe" /background
MSCONFIG\startupreg: Uninstall C: => 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{2D2AE2D1-DD57-4FB5-8445-3F4B7D05437F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{227DDA59-448B-4D28-800F-CF581941673C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CA2A69DC-C749-4764-83E9-C07F63330DB9}] => (Allow) F:\Program Files\Steam\Steam.exe
FirewallRules: [{02FCD01E-DCB8-4CCD-8887-3051887E877A}] => (Allow) F:\Program Files\Steam\Steam.exe
FirewallRules: [{6D047BCA-B7DE-4CA9-A98C-F33D591E93B6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DB6A9EDF-50BD-41DD-9D3C-DB20F25EE2EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{877E5912-9BD0-480D-B061-13ABEB46CBD8}F:\program files\steam\steamapps\common\portal 2\portal2.exe] => (Allow) F:\program files\steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [UDP Query User{91AE2E4C-08A2-4FF7-AC8C-658C8DFF30E5}F:\program files\steam\steamapps\common\portal 2\portal2.exe] => (Allow) F:\program files\steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [{3D731F9B-9825-439B-9DC4-BC9CDC38D37B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{880251A4-5390-4370-BE7B-530A0985E827}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{01FA0EF8-B609-45A6-A9B4-FBC1832C2C99}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8B9AAF6F-B9D8-4B77-9DF4-EBF6EBC821AC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{D895F05B-C6C5-4757-A995-0CB89DBC964C}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{6422EBF1-6AA9-4817-A6D7-79A88BE03BD2}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{3FDC36FA-9C76-4842-A577-E4C121C64CDF}] => (Allow) C:\Users\Admin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{B069A94B-D16E-4BC9-A0FB-F0056CC2B0CC}] => (Allow) C:\Users\Admin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{AB48CEFE-F920-44E8-BF62-197168E50473}] => (Allow) C:\Users\Admin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{3C818F21-7F05-4A2D-9F64-60F946A65F38}] => (Allow) C:\Users\Admin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{26D11CE8-6DE8-4438-BE06-A8CD96FAB09A}] => (Allow) F:\Program Files\Steam\steamapps\common\dear esther\dearesther.exe
FirewallRules: [{F6586054-EB92-448A-83F8-C8CA963D9C08}] => (Allow) F:\Program Files\Steam\steamapps\common\dear esther\dearesther.exe
FirewallRules: [{57D0C937-7F8D-48FE-8B3E-F13DFF0BEFF0}] => (Allow) F:\Program Files\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{78AF03E1-1DC8-4590-B38B-27E433030E46}] => (Allow) F:\Program Files\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{652C251C-F98D-4367-9BF8-17B2BC7EE2C4}] => (Allow) F:\Program Files\Steam\steamapps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe
FirewallRules: [{7E46DBF0-19D1-4836-9ADE-5F2849075BC3}] => (Allow) F:\Program Files\Steam\steamapps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe
FirewallRules: [TCP Query User{6AAC494B-D90C-4368-9564-1EB7711F0B6D}F:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) F:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{C1744104-12EE-4095-909E-183B79E8BB48}F:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) F:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [{E97815C7-0442-4977-9984-B53C9C12402C}] => (Allow) F:\Program Files\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [{B2F47D4F-9BC0-48E1-8C16-31623EFEBB0A}] => (Allow) F:\Program Files\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [{EED1B7AE-7FB0-4F0C-8BB0-35CAC17FDF72}] => (Allow) F:\Program Files\Steam\steamapps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [{B39859B4-C328-4DCB-A9A3-CF1B16244BBB}] => (Allow) F:\Program Files\Steam\steamapps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [{83F5507B-24B2-4294-9404-0BB06D04E8E3}] => (Allow) F:\Program Files\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{2DDAC70B-A52D-4856-9C68-E76E2B0E9FE3}] => (Allow) F:\Program Files\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{A0BDC90D-9D17-4DB6-90D9-14C1FC4EB451}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DA628F79-8C57-44A2-95EC-BF3663ECE7CB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6034BA70-561F-4C13-BB44-C49E7D7FA701}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C46ABD72-EA00-4990-AB61-357B5D84B630}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D23E201A-2D9D-4A45-A263-60845E9ED2BC}] => (Allow) F:\Program Files\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{134834D8-7B7A-446A-B1FB-2CBF62D092D6}] => (Allow) F:\Program Files\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{DCC0AC62-AA9C-40E5-8147-E50CEB332078}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{939A17FC-0A75-4893-B45D-5EB411BB7A90}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0E7800BB-68C5-411C-8B5B-29AF09AF2464}] => (Allow) F:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{3B9A2EEB-A401-4BF0-8E23-4973EB7F6C79}] => (Allow) F:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{8ADD1600-22AA-484F-8258-2823D2C62958}] => (Allow) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{08D82B01-DED3-4F1A-9378-10091270476E}] => (Allow) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9C22A0C3-6195-4368-8C42-14F7CE72343A}] => (Allow) F:\Program Files\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{55E4EDAD-7CF2-499B-BB2F-97C476B811A1}] => (Allow) F:\Program Files\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{4E9333EF-0762-49D4-8392-BB8EC50FBC16}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FD2901A1-10C0-424B-A417-B2A907AA870C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2A38CB0A-CE41-4C93-8F30-D47DF2D0E040}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8E394C24-8C22-4530-A950-3C019323C5C2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{68A6EF1C-64A6-4DAA-9E6E-38CB2BB3A756}] => (Allow) F:\Program Files\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{45D76192-3C0A-4D5B-A1F7-B92E1A32B01D}] => (Allow) F:\Program Files\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{8CD045D9-6DA9-4D90-BE84-A9CA35C16966}] => (Allow) F:\Program Files\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{32B33557-06CC-4A3E-87B4-6C368240FBFB}] => (Allow) F:\Program Files\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{19E05B55-29EE-4D87-AE9B-04005744C00A}] => (Allow) F:\Program Files\iTunes\iTunes.exe
FirewallRules: [{7BD61195-A39A-4E57-99D4-9BE9F3BE40F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FF9F204A-40C2-407B-8D40-49B8F4A8DC5B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FF081CA8-4FC4-44A0-9A44-8D88F25AB692}] => (Allow) F:\Program Files\Steam\steamapps\common\Knights of the Old Republic II\swkotor2.exe
FirewallRules: [{3958B5BC-6EDF-407A-8AFA-86B5AA25C28F}] => (Allow) F:\Program Files\Steam\steamapps\common\Knights of the Old Republic II\swkotor2.exe
FirewallRules: [TCP Query User{283F802C-8DAB-4C36-A327-69892A5E2043}C:\program files\intelerad medical systems\inteleviewer\cviewer\inteleviewer.exe] => (Allow) C:\program files\intelerad medical systems\inteleviewer\cviewer\inteleviewer.exe
FirewallRules: [UDP Query User{D2BFA60F-5284-461C-9818-CD4B5C6C0877}C:\program files\intelerad medical systems\inteleviewer\cviewer\inteleviewer.exe] => (Allow) C:\program files\intelerad medical systems\inteleviewer\cviewer\inteleviewer.exe
FirewallRules: [{7078CA80-CB6F-4AAB-AD4E-24058484F119}] => (Block) C:\program files\intelerad medical systems\inteleviewer\cviewer\inteleviewer.exe
FirewallRules: [{65BF9C40-8647-4AAA-B97F-34BEEC410269}] => (Block) C:\program files\intelerad medical systems\inteleviewer\cviewer\inteleviewer.exe
FirewallRules: [TCP Query User{5C17CB66-478B-44B3-841E-CB406471966D}C:\program files\intelerad medical systems\inteleviewer\mmodal\java\bin\java.exe] => (Allow) C:\program files\intelerad medical systems\inteleviewer\mmodal\java\bin\java.exe
FirewallRules: [UDP Query User{CA29DBD9-7A40-436D-8C4E-CD530140D5D6}C:\program files\intelerad medical systems\inteleviewer\mmodal\java\bin\java.exe] => (Allow) C:\program files\intelerad medical systems\inteleviewer\mmodal\java\bin\java.exe
FirewallRules: [{9DC37871-5358-4C6B-BD64-128532BF74F7}] => (Block) C:\program files\intelerad medical systems\inteleviewer\mmodal\java\bin\java.exe
FirewallRules: [{BAD48B3E-9A0B-48ED-A536-D0633A93E704}] => (Block) C:\program files\intelerad medical systems\inteleviewer\mmodal\java\bin\java.exe
FirewallRules: [TCP Query User{229CAB94-FEBC-4375-8831-F87F7FD8041A}C:\program files\intelerad medical systems\inteleviewer\java\bin\java.exe] => (Allow) C:\program files\intelerad medical systems\inteleviewer\java\bin\java.exe
FirewallRules: [UDP Query User{A9C2BCD4-A169-4408-B1BF-7B6FEBCA22D1}C:\program files\intelerad medical systems\inteleviewer\java\bin\java.exe] => (Allow) C:\program files\intelerad medical systems\inteleviewer\java\bin\java.exe
FirewallRules: [{E7FC980B-8556-4555-8641-12EE9BD5CE84}] => (Block) C:\program files\intelerad medical systems\inteleviewer\java\bin\java.exe
FirewallRules: [{34656D23-9483-4B8E-9689-D53099FE4640}] => (Block) C:\program files\intelerad medical systems\inteleviewer\java\bin\java.exe
FirewallRules: [{8B9C21FD-4267-4C85-B686-4C3EC7E0A34C}] => (Allow) F:\Program Files\Steam\steamapps\common\Rapture\Bin64\Rapture_Release.exe
FirewallRules: [{23E8BC1A-7B8E-46E8-9B4C-C5C0D6A5952A}] => (Allow) F:\Program Files\Steam\steamapps\common\Rapture\Bin64\Rapture_Release.exe
FirewallRules: [{BEC1F55E-DC6C-4575-B553-E17A517A60CC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{658C7116-2793-4BC7-96EA-73464443F57E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2220E5DB-7B00-43FD-8493-353A31D89A85}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D676C3A6-BD42-4208-BE2D-802C8C59E716}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D2832D62-901E-4C03-A2F5-4FA0CEEB5B97}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F4FE21C7-5CE4-46D4-A238-E6F66B384661}] => (Allow) F:\Program Files\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{5378FF6B-1A1B-4807-98BE-26E09161EC66}] => (Allow) F:\Program Files\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{06CEB44C-474E-46CE-810A-552EBC2DA7E2}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe
FirewallRules: [{81E6CE99-31D8-4A17-B513-734D553D6206}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe
FirewallRules: [{18F431DC-2AEF-466A-A8A6-4BB16E0E1E8D}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe
FirewallRules: [{DA6D2ABD-2501-4E61-BA3C-F76D4726EA27}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe
FirewallRules: [{46941971-24D4-4144-8397-2B0C72749E8E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
05-06-2016 17:00:04 Scheduled Checkpoint
05-06-2016 22:50:08 Installed Evernote v. 6.1.2
08-06-2016 21:14:37 Windows Update
12-06-2016 22:57:03 Windows Update
12-06-2016 23:58:03 Windows Update
13-06-2016 00:30:05 Restore Operation
13-06-2016 00:33:56 Windows Update
13-06-2016 00:35:25 Windows Update
13-06-2016 02:12:26 Checkpoint by HitmanPro
13-06-2016 02:13:44 Checkpoint by HitmanPro
13-06-2016 02:14:27 Checkpoint by HitmanPro
13-06-2016 02:31:27 Restore Operation
13-06-2016 02:38:04 Windows Update
13-06-2016 09:16:52 Restore Operation
13-06-2016 09:21:52 Windows Update
13-06-2016 23:15:39 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/13/2016 11:15:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error: (06/13/2016 07:54:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (06/13/2016 02:38:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error: (06/13/2016 02:14:32 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000003a0,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000360EBA0.72).  hr = 0x80070005, Access is denied.
.
 
Error: (06/13/2016 02:14:32 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000007a0,(null),0,REG_BINARY,0000000002D9DEC0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {7470dc1a-a633-4de8-99ef-eac294fc9bf1}
 
Error: (06/13/2016 02:14:32 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000c14,(null),0,REG_BINARY,000000000A31E5B0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {6329d5bf-d10e-4117-9611-d432bc2e8879}
 
Error: (06/13/2016 02:14:32 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f8,(null),0,REG_BINARY,0000000002EEEBE0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {c0f2715e-615f-4a2b-9af7-1cc0ccede1ce}
 
Error: (06/13/2016 02:14:32 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b8,(null),0,REG_BINARY,00000000018FEB20.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {1d5051e9-da1e-4226-a5eb-4786a33c1c7a}
 
Error: (06/13/2016 02:14:32 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001d8,(null),0,REG_BINARY,0000000002D1F2F0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {ed0d20a2-fc38-42eb-a186-39883df63c89}
 
Error: (06/13/2016 02:14:32 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000007a0,(null),0,REG_BINARY,0000000002D9DEC0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {7470dc1a-a633-4de8-99ef-eac294fc9bf1}
 
 
System errors:
=============
Error: (06/13/2016 10:58:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
 
Error: (06/13/2016 10:58:26 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Admin\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/13/2016 10:58:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
 
Error: (06/13/2016 10:58:25 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Admin\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/13/2016 10:58:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
 
Error: (06/13/2016 10:58:25 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Admin\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/13/2016 10:57:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
 
Error: (06/13/2016 10:57:22 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Admin\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/13/2016 10:57:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
 
Error: (06/13/2016 10:57:21 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Admin\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
 
CodeIntegrity:
===================================
  Date: 2015-08-09 23:13:19.229
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Admin\AppData\Local\Temp\ListOpenedFileDrv_64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-09 23:13:19.152
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Admin\AppData\Local\Temp\ListOpenedFileDrv_64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-09-23 22:35:49.552
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Admin\AppData\Local\Temp\ListOpenedFileDrv_64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-09-23 22:35:49.423
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Admin\AppData\Local\Temp\ListOpenedFileDrv_64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-21 20:44:39.763
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Admin\AppData\Local\Temp\ListOpenedFileDrv_64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-21 20:44:39.643
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Admin\AppData\Local\Temp\ListOpenedFileDrv_64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU 760 @ 2.80GHz
Percentage of memory in use: 49%
Total physical RAM: 8190.05 MB
Available physical RAM: 4110.92 MB
Total Virtual: 16378.29 MB
Available Virtual: 12130.35 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:238.38 GB) (Free:154.98 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:931.51 GB) (Free:467.21 GB) NTFS
Drive g: (Corsair SSD) (Fixed) (Total:55.9 GB) (Free:40.79 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 410CD335)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BBD1D6D7)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 55.9 GB) (Disk ID: 00000001)
Partition 1: (Not Active) - (Size=55.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:16 AM

Posted 13 June 2016 - 09:27 PM

Hello eldoctore and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
 
Please uninstall: PC Tools Registry Mechanic
===========================================

 

Run FRST fixlist

  • Please open notepad (Start > All Programs > Accessories > Notepad)
  • Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
  • Save it to the Desktop, and name it: fixlist.txt
CreateRestorePoint:
CloseProcesses:
C:\ProgramData\Trend Micro
CustomCLSID: HKU\S-1-5-21-542036734-4168031688-654211169-1000_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {185C7BB6-9468-D082-E0EB-2DE985889A47} => No File
CustomCLSID: HKU\S-1-5-21-542036734-4168031688-654211169-1000_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {4170238A-9468-D082-DCB3-01B085889A47} => No File
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {373CD986-EBBE-4493-866E-5B7E9CCBECC7} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {414740B5-4AAF-4DC1-88B1-67E2CA3F8877} - System32\Tasks\{4170D141-BE3B-4F1B-9B8E-6265C8B77154} => pcalua.exe -a D:\setup.exe -d D:\
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D73F77AD-0AF4-4B2A-A974-8C22D5FE03ED} - System32\Tasks\RMSmartUpdate => F:\Program Files\Registry Mechanic\update.exe [2011-10-25] (PC Tools)
Task: {DE965294-BBBB-4F33-94F4-8D57112636EE} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
AlternateDataStreams: C:\ProgramData\TEMP:7FFED16F [116]
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [131]
AlternateDataStreams: C:\ProgramData\TEMP:F35A93AD [167]
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
HKU\S-1-5-21-542036734-4168031688-654211169-1000\...\Policies\Explorer: [NoInstrumentation] 0
HKU\S-1-5-21-542036734-4168031688-654211169-1000\...\MountPoints2: {7d905b9f-dda7-11e3-b89c-bcaec51b8148} - E:\SafeStick.exe
HKU\S-1-5-21-542036734-4168031688-654211169-1000\...\MountPoints2: {c4a9f51f-2442-11e6-9d4d-bcaec51b8148} - E:\LG_PC_Programs.exe
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKU\S-1-5-21-542036734-4168031688-654211169-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/?gfe_rd=cr&ei=q3j6U4iYDenH8gfG1YCoDg&gws_rd=ssl
SearchScopes: HKU\S-1-5-21-542036734-4168031688-654211169-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\pdf.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Plugin: (Google Update) - C:\Users\Admin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll => No File
CHR HKU\S-1-5-21-542036734-4168031688-654211169-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
S3 ALSysIO; \??\C:\Users\Admin\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz130; \??\C:\Users\Admin\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
2011-01-16 17:21 - 2015-01-10 00:53 - 0007168 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-06-13 01:16 - 2016-06-13 01:16 - 0214728 _____ () C:\Users\Admin\AppData\Local\ars.cache
2016-06-13 01:17 - 2016-06-13 01:17 - 0761237 _____ () C:\Users\Admin\AppData\Local\census.cache
2011-01-16 17:21 - 2015-01-10 00:53 - 0007168 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-06-13 00:56 - 2016-06-13 00:56 - 0000036 _____ () C:\Users\Admin\AppData\Local\housecall.guid.cache
2016-06-13 01:08 - 2016-06-13 01:08 - 0000010 _____ () C:\Users\Admin\AppData\Local\sponge.last.runtime.cache
2011-01-16 09:14 - 2011-01-16 10:03 - 0000114 _____ () C:\ProgramData\nvUnsupRes.dat
C:\Users\Admin\AppData\Local\Temp\jce_setup.exe
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:

NOTICE: This script is written specifically for this computer!!!

  • Running this on another computer may cause damage to the Operating System.
  • Now, please run FRST, and press the Fix button, just once, and wait.
  • When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 eldoctore

eldoctore
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 17 June 2016 - 04:07 PM

Hi

Thanks for reply, apologies for delay, been abroad.

Here is the log

 

Fix result of Farbar Recovery Scan Tool (x64) Version:16-06-2016 01
Ran by Admin (2016-06-17 22:03:54) Run:1
Running from F:\Downloads
Loaded Profiles: Admin (Available Profiles: Admin & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
C:\ProgramData\Trend Micro
CustomCLSID: HKU\S-1-5-21-542036734-4168031688-654211169-1000_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {185C7BB6-9468-D082-E0EB-2DE985889A47} => No File
CustomCLSID: HKU\S-1-5-21-542036734-4168031688-654211169-1000_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {4170238A-9468-D082-DCB3-01B085889A47} => No File
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {373CD986-EBBE-4493-866E-5B7E9CCBECC7} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {414740B5-4AAF-4DC1-88B1-67E2CA3F8877} - System32\Tasks\{4170D141-BE3B-4F1B-9B8E-6265C8B77154} => pcalua.exe -a D:\setup.exe -d D:\
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D73F77AD-0AF4-4B2A-A974-8C22D5FE03ED} - System32\Tasks\RMSmartUpdate => F:\Program Files\Registry Mechanic\update.exe [2011-10-25] (PC Tools)
Task: {DE965294-BBBB-4F33-94F4-8D57112636EE} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
AlternateDataStreams: C:\ProgramData\TEMP:7FFED16F [116]
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [131]
AlternateDataStreams: C:\ProgramData\TEMP:F35A93AD [167]
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
HKU\S-1-5-21-542036734-4168031688-654211169-1000\...\Policies\Explorer: [NoInstrumentation] 0
HKU\S-1-5-21-542036734-4168031688-654211169-1000\...\MountPoints2: {7d905b9f-dda7-11e3-b89c-bcaec51b8148} - E:\SafeStick.exe
HKU\S-1-5-21-542036734-4168031688-654211169-1000\...\MountPoints2: {c4a9f51f-2442-11e6-9d4d-bcaec51b8148} - E:\LG_PC_Programs.exe
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKU\S-1-5-21-542036734-4168031688-654211169-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/?gfe_rd=cr&ei=q3j6U4iYDenH8gfG1YCoDg&gws_rd=ssl
SearchScopes: HKU\S-1-5-21-542036734-4168031688-654211169-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\pdf.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Plugin: (Google Update) - C:\Users\Admin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll => No File
CHR HKU\S-1-5-21-542036734-4168031688-654211169-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
S3 ALSysIO; \??\C:\Users\Admin\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz130; \??\C:\Users\Admin\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
2011-01-16 17:21 - 2015-01-10 00:53 - 0007168 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-06-13 01:16 - 2016-06-13 01:16 - 0214728 _____ () C:\Users\Admin\AppData\Local\ars.cache
2016-06-13 01:17 - 2016-06-13 01:17 - 0761237 _____ () C:\Users\Admin\AppData\Local\census.cache
2011-01-16 17:21 - 2015-01-10 00:53 - 0007168 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-06-13 00:56 - 2016-06-13 00:56 - 0000036 _____ () C:\Users\Admin\AppData\Local\housecall.guid.cache
2016-06-13 01:08 - 2016-06-13 01:08 - 0000010 _____ () C:\Users\Admin\AppData\Local\sponge.last.runtime.cache
2011-01-16 09:14 - 2011-01-16 10:03 - 0000114 _____ () C:\ProgramData\nvUnsupRes.dat
C:\Users\Admin\AppData\Local\Temp\jce_setup.exe
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\Trend Micro => moved successfully
"HKU\S-1-5-21-542036734-4168031688-654211169-1000_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}" => key removed successfully
"HKU\S-1-5-21-542036734-4168031688-654211169-1000_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{373CD986-EBBE-4493-866E-5B7E9CCBECC7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{373CD986-EBBE-4493-866E-5B7E9CCBECC7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{414740B5-4AAF-4DC1-88B1-67E2CA3F8877}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{414740B5-4AAF-4DC1-88B1-67E2CA3F8877}" => key removed successfully
C:\Windows\System32\Tasks\{4170D141-BE3B-4F1B-9B8E-6265C8B77154} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4170D141-BE3B-4F1B-9B8E-6265C8B77154}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D73F77AD-0AF4-4B2A-A974-8C22D5FE03ED} => key not found. 
C:\Windows\System32\Tasks\RMSmartUpdate => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RMSmartUpdate => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE965294-BBBB-4F33-94F4-8D57112636EE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE965294-BBBB-4F33-94F4-8D57112636EE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => key removed successfully
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk => Shortcut argument removed successfully.
Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi => Error: No automatic fix found for this entry.
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk => Shortcut argument removed successfully.
C:\ProgramData\TEMP => ":7FFED16F" ADS removed successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
C:\ProgramData\TEMP => ":F35A93AD" ADS removed successfully.
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
HKU\S-1-5-21-542036734-4168031688-654211169-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInstrumentation => value removed successfully
"HKU\S-1-5-21-542036734-4168031688-654211169-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d905b9f-dda7-11e3-b89c-bcaec51b8148}" => key removed successfully
HKCR\CLSID\{7d905b9f-dda7-11e3-b89c-bcaec51b8148} => key not found. 
"HKU\S-1-5-21-542036734-4168031688-654211169-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4a9f51f-2442-11e6-9d4d-bcaec51b8148}" => key removed successfully
HKCR\CLSID\{c4a9f51f-2442-11e6-9d4d-bcaec51b8148} => key not found. 
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
HKU\S-1-5-21-542036734-4168031688-654211169-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\S-1-5-21-542036734-4168031688-654211169-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => key removed successfully
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\pdf.dll => not found.
C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => not found.
C:\Users\Admin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll => not found.
"HKU\S-1-5-21-542036734-4168031688-654211169-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
ALSysIO => service removed successfully
cpuz130 => service removed successfully
C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Admin\AppData\Local\ars.cache => moved successfully
C:\Users\Admin\AppData\Local\census.cache => moved successfully
"C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found.
C:\Users\Admin\AppData\Local\housecall.guid.cache => moved successfully
C:\Users\Admin\AppData\Local\sponge.last.runtime.cache => moved successfully
C:\ProgramData\nvUnsupRes.dat => moved successfully
C:\Users\Admin\AppData\Local\Temp\jce_setup.exe => moved successfully
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
DOMStore, BITS transfer queue, thumbcache, IE frameiconcache.dat => 2172752 bytes
Java, Opera, Flash, IE recovery, Steam htmlcache, Windows/system/drivers/LocalLow Temp => 239421295 bytes
Edge => 0 bytes
Chrome => 773629729 bytes
Firefox => 7665739 bytes
 
Temp, IE cache, history, cookies, recent:
Default => 0 bytes
Public => 0 bytes
ProgramData => 0 bytes
systemprofile => 100816 bytes
systemprofile32 => 66788 bytes
LocalService => 132244 bytes
NetworkService => 107438 bytes
Admin => 439536410 bytes
Guest => 17291325 bytes
 
RecycleBin => 0 bytes
EmptyTemp: => 1.4 GB temporary data Removed.
======================================
 
 
The system needed a reboot.
 
==== End of Fixlog 22:04:06 ====


#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:16 AM

Posted 18 June 2016 - 11:45 AM

Hi again,

 

Step 1:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 2:

MalwareBytes Anti-Rootkit scan:

  • Close all the running processes
  • Be sure to temporarily disable all antivirus/anti-spyware softwares
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.

:step1: Download MalwareBytes Anti-Rootkit software from here to your desktop.

  • Right-click on Mbar 1.09.1.1004.exe and select Run As Administrator  to launch the application.

:step2: Open a folder with MBAR name on desktop.
:step3: The MBAR folder in the list you find.
:step4: Click once. :step5:  Now click the OK button. :step6: Click the OK button again.

Ashampoo_Snap_2015.05.21_21h16m53s_002__
 
:step7: Then Next and click on the Uptade button
:step8: Now click on the scan button

  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
  • Could not load protection driver'. Click 'OK'.
  • Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please  attach the two log files created by the tool within the folder from which it was run.
  • The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 eldoctore

eldoctore
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 19 June 2016 - 12:51 PM

Hi

Can you tell me what you are suspecting and what are you concerned about in the original log?

Cheers.

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 19/06/2016
Scan Time: 17:43
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.06.19.04
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Admin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 394109
Time Elapsed: 8 min, 44 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2016.06.19.04
  rootkit: v2016.05.27.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18349
Admin :: ADMIN-PC [administrator]
 
19/06/2016 17:19:07
mbar-log-2016-06-19 (17-19-07).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 393806
Time elapsed: 7 minute(s), 58 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18349
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 3.373000 GHz
Memory total: 8587890688, free: 4011577344
 
Downloaded database version: v2016.06.19.04
Downloaded database version: v2016.05.27.01
Downloaded database version: v2016.06.16.01
=======================================
Initializing...
------------ Kernel report ------------
     06/19/2016 17:18:59
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\acs6nts.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\truecrypt.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\cmudaxp.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\??\C:\Windows\system32\drivers\TotRec8.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\jnprna6.sys
\SystemRoot\system32\DRIVERS\jnprvamgr.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\tap0901.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\nvoclk64.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\??\C:\Windows\system32\drivers\mwac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imm32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\normaliz.dll
\Windows\System32\clbcatq.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msctf.dll
\Windows\System32\kernel32.dll
\Windows\System32\urlmon.dll
\Windows\System32\sechost.dll
\Windows\System32\user32.dll
\Windows\System32\advapi32.dll
\Windows\System32\wininet.dll
\Windows\System32\difxapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\shell32.dll
\Windows\System32\iertutil.dll
\Windows\System32\imagehlp.dll
\Windows\System32\psapi.dll
\Windows\System32\nsi.dll
\Windows\System32\gdi32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\lpk.dll
\Windows\System32\msvcrt.dll
\Windows\System32\usp10.dll
\Windows\System32\ole32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2016.06.19.04
  rootkit: v2016.05.27.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006ffb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006ffbb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006ffb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006d666c0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8006d9f680, DeviceName: \Device\Ide\IdeDeviceP4T0L0-8\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 410CD335
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 499909296
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 256060514304 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8006ffc060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006ffcb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006ffc060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006dff060, DeviceName: \Device\Ide\IdeDeviceP9T0L0-d\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BBD1D6D7
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa8006ffd060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006ffdb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006ffd060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006d61060, DeviceName: \Device\Ide\IdeDeviceP6T0L0-a\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 117223424
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
    Partition file system is NTFS
 
Disk Size: 60022480896 bytes
Sector size: 512 bytes
 
Done!
<<<2>>>
<<<3>>>
Volume: F:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removal finished
 
 


#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:16 AM

Posted 19 June 2016 - 02:12 PM

Hi eldoctore,

Can you tell me what you are suspecting and what are you concerned about in the original log?

I am doing  genel rootkits and rogue software control. Mbar Log is clean.
============================================================
Step1:
ComboFix run:
Please be sure to run our tools with administrator rights.
* IMPORTAN: 1   Place ComboFix.exe on your Desktop
* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop
  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.
Please provide the contents of the ComboFix report in your reply.
 
Step2:
Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 eldoctore

eldoctore
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 21 June 2016 - 04:28 AM

Hi, thanks.

 

 

RogueKiller V12.3.4.0 (x64) [Jun 20 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Admin [Administrator]
Started from : F:\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 06/21/2016 10:15:23
 
¤¤¤ Processes : 1 ¤¤¤
[VT.Unknown] dgnsvc.exe(1816) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe[x] -> Found
 
¤¤¤ Registry : 13 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\PIP -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.204.0.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.204.0.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{44B97EFD-C3A2-4BC7-9568-1CB4FC519BA7} | DhcpNameServer : 10.204.0.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E60E5DA0-49E2-478E-86FC-D34EB7004006} | NameServer : 172.16.160.89,172.16.160.79 ([][])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{44B97EFD-C3A2-4BC7-9568-1CB4FC519BA7} | DhcpNameServer : 10.204.0.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E60E5DA0-49E2-478E-86FC-D34EB7004006} | NameServer : 172.16.160.89,172.16.160.79 ([][])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{44B97EFD-C3A2-4BC7-9568-1CB4FC519BA7} | DhcpNameServer : 10.208.0.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{E60E5DA0-49E2-478E-86FC-D34EB7004006} | NameServer : 172.16.160.89,172.16.160.79 ([][])  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-542036734-4168031688-654211169-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-542036734-4168031688-654211169-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 PRO Series ATA Device +++++
--- User ---
[MBR] 8b9c2c4cdc9f0796fd2844dc1ea0bbc7
[BSP] 6f43b0d7596c05cf9b3d6e15f0872089 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 244096 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] f7c40953c66900a0504fec6c052938b8
[BSP] 3dc3865d76e4393a6b6808f9bb14f2ed : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: Corsair CSSD-F60GB2 ATA Device +++++
--- User ---
[MBR] 8c90ace72637400f4ab9f54e6714c0a0
[BSP] 83aee3823ec6c756ba659b96cabe383b : Compressed BootMgr|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 57238 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK


#8 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:16 AM

Posted 22 June 2016 - 04:34 PM

I am waiting ComboFix log.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users