Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Opens on Windows Startup to a Website that isn't my Home Page


  • Please log in to reply
5 replies to this topic

#1 clowncracker

clowncracker

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 17 June 2016 - 08:29 PM

As soon as Windows starts, this webpage that I have never been to opens.  I could not find any Malware with Malwarebytes or ESET, but I know that my browser isn't on my list of starting programs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-06-2016 01
Ran by Casey (administrator) on CASEY-PC (17-06-2016 18:21:52)
Running from D:\Casey\Downloads
Loaded Profiles: Casey (Available Profiles: Casey)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft) C:\Program Files (x86)\GIGABYTE\CloudStation_Server\HomeCloud\GCloud.exe
(HTC Corporation) C:\Program Files\HTC Account\Htc.Identity.Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\GraphicsCardEngine.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\SIV\thermald.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Valve Corporation) E:\Steam\Steam.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\TscHelp.exe
() C:\Program Files (x86)\ViveSetup\PCClient\HTCVRMarketplaceUserContextHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\ViveSetup\PCClient\HTCVRMarketplaceUserContextHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft) C:\Program Files (x86)\GIGABYTE\CloudStation_Server\HomeCloud\HCLOUD.exe
() C:\Program Files (x86)\GIGABYTE\CloudStation_Server\RemoteControl\grckm.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\Smart TimeLock\AlarmClock.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files\Common Files\HTC\Vive\Drivers\vivefs\vivefsm.exe
() C:\Program Files (x86)\ViveSetup\PCClient\ViveportService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-01] (NVIDIA Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-07-07] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-11] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-05-24] (Razer Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HTC Store User Content Helper] => C:\Program Files (x86)\ViveSetup\PCClient\HTCVRMarketplaceUserContextHelper.exe [79872 2016-06-07] ()
HKLM-x32\...\RunOnce: [EasyTune] => C:\Program Files (x86)\GIGABYTE\EasyTune\etro.exe [5632 2015-08-05] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKLM-x32\...\RunOnce: [SIV] => C:\Program Files (x86)\GIGABYTE\SIV\sivro.exe [12096 2015-08-11] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKLM-x32\...\RunOnce: [EasyTuneEngineService] => C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EngineRunOnce.exe [8192 2015-08-05] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\GIGABYTE\AppCenter\PreRun.exe [8192 2013-04-29] ()
HKU\S-1-5-21-2032110391-4062864444-780685404-1001\...\Run: [Steam] => E:\Steam\steam.exe [2917456 2016-06-14] (Valve Corporation)
HKU\S-1-5-21-2032110391-4062864444-780685404-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6536008 2016-04-22] (Plex, Inc.)
HKU\S-1-5-21-2032110391-4062864444-780685404-1001\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk [2015-12-25]
ShortcutTarget: Snagit 12.lnk -> C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation)
InternetURL: C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download Latest Windows 10 Pro Permanent Activator 2016.url -> hxxp://bestprosoft.com/category/download-latest-best-professional-software-2016/
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{097f5fd2-58dd-4940-b874-35dfe6940a87}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{34f44615-03b8-4f02-b064-64d5b0ecb74e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{47738c8a-3f86-4c36-9617-f9ecae53c17b}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{d4a57eb8-8a54-4fd7-99bf-73093178deed}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2032110391-4062864444-780685404-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E05EC776-53FC-4CA7-9944-34E30B7FB700}&mid=bac9b37288de47ccb87091c41aaac20a-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215avi&pr=fr&d=2015-12-06 23:12:22&v=4.2.1.951&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-15] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-15] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-11-12] (IvoSoft)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-15] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-06-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-06-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-07-31] (Microsoft Corporation)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://facebook.com/"
CHR Profile: C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-29]
CHR Extension: (Google Docs) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-29]
CHR Extension: (Google Drive) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-29]
CHR Extension: (YouTube) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-29]
CHR Extension: (Google Search) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-29]
CHR Extension: (Google Sheets) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-29]
CHR Extension: (Google Docs Offline) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (AdBlock) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 EasyTuneEngineService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe [138240 2015-08-05] (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2519904 2016-02-23] (ESET)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-04-13] (Futuremark)
R2 gadjservice; C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe [17920 2015-06-25] () [File not signed]
R2 GCloud; C:\Program Files (x86)\GIGABYTE\CloudStation_Server\HomeCloud\GCloud.exe [19776 2015-03-23] (Microsoft)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-01] (NVIDIA Corporation)
R2 HTC Account Service; C:\Program Files\HTC Account\Htc.Identity.Service.exe [7168 2016-04-22] (HTC Corporation) [File not signed]
S3 HwmRecordService; C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe [62784 2015-08-11] (GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-01] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-01] (NVIDIA Corporation)
S2 OcButtonService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe [117760 2015-08-05] (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed]
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69784 2016-05-31] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe [102400 2013-02-22] (Gigabyte Technology CO., LTD.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed]
R2 ViveFSM; C:\Program Files\Common Files\HTC\Vive\Drivers\vivefs\vivefsm.exe [77648 2016-04-27] ()
R2 Viveport; C:\Program Files (x86)\ViveSetup\PCClient\ViveportService.exe [10240 2016-06-07] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [19192 2015-06-30] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [66136 2016-05-28] (Broadcom Corporation.)
S3 DisplayLinkUsbIo_x64; C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.9.630.0.sys [67336 2015-11-29] ()
R1 dokan1; C:\Windows\System32\DRIVERS\dokan1.sys [72608 2016-04-27] (Dokan Project)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264552 2016-02-23] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [14976 2016-02-23] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [186784 2016-02-23] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [170792 2016-02-23] (ESET)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-17] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [195336 2015-11-28] (Intel Corporation)
S3 mt7612US; C:\Windows\System32\drivers\mt7612US.sys [377864 2015-12-09] (MediaTek Inc.)
R3 netr28x; C:\Windows\System32\drivers\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-22] (Realtek                                            )
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51224 2016-04-07] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R1 vivefs; C:\Windows\System32\DRIVERS\vivefs.sys [57584 2016-03-21] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-17 18:20 - 2016-06-17 18:21 - 00000000 ____D C:\FRST
2016-06-17 17:15 - 2016-06-17 18:00 - 00000000 ____D C:\Program Files\Windows 10 Pro Permanent Activator v1.1
2016-06-14 13:59 - 2016-05-27 23:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-14 13:59 - 2016-05-27 23:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-14 13:59 - 2016-05-27 23:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-14 13:59 - 2016-05-27 23:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-14 13:59 - 2016-05-27 23:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-14 13:59 - 2016-05-27 23:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-14 13:59 - 2016-05-27 22:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2016-06-14 13:59 - 2016-05-27 22:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-14 13:59 - 2016-05-27 22:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-14 13:59 - 2016-05-27 22:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-14 13:59 - 2016-05-27 22:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-06-14 13:59 - 2016-05-27 22:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-06-14 13:59 - 2016-05-27 22:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-06-14 13:59 - 2016-05-27 22:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-06-14 13:59 - 2016-05-27 22:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-14 13:59 - 2016-05-27 22:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-14 13:59 - 2016-05-27 22:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-14 13:59 - 2016-05-27 22:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-14 13:59 - 2016-05-27 22:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-06-14 13:59 - 2016-05-27 22:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-14 13:59 - 2016-05-27 22:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-14 13:59 - 2016-05-27 22:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-14 13:59 - 2016-05-27 22:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-14 13:59 - 2016-05-27 22:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-14 13:59 - 2016-05-27 22:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-14 13:59 - 2016-05-27 22:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-14 13:59 - 2016-05-27 22:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-14 13:59 - 2016-05-27 22:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-06-14 13:59 - 2016-05-27 22:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-06-14 13:59 - 2016-05-27 22:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-14 13:59 - 2016-05-27 22:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-14 13:59 - 2016-05-27 22:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-14 13:59 - 2016-05-27 22:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-14 13:59 - 2016-05-27 22:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-14 13:59 - 2016-05-27 22:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-14 13:59 - 2016-05-27 22:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-14 13:59 - 2016-05-27 22:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-14 13:59 - 2016-05-27 22:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-14 13:59 - 2016-05-27 22:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-14 13:59 - 2016-05-27 22:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-14 13:59 - 2016-05-27 22:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-06-14 13:59 - 2016-05-27 22:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-06-14 13:59 - 2016-05-27 22:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-14 13:59 - 2016-05-27 21:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-14 13:59 - 2016-05-27 21:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-14 13:59 - 2016-05-27 21:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-06-14 13:59 - 2016-05-27 21:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-06-14 13:59 - 2016-05-27 21:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-14 13:59 - 2016-05-27 21:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-14 13:59 - 2016-05-27 21:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-14 13:59 - 2016-05-27 21:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-14 13:59 - 2016-05-27 21:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-14 13:59 - 2016-05-27 21:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-14 13:59 - 2016-05-27 21:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-14 13:59 - 2016-05-27 21:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-14 13:59 - 2016-05-27 21:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-06-14 13:59 - 2016-05-27 21:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-14 13:59 - 2016-05-27 21:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-06-14 13:59 - 2016-05-27 21:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-06-14 13:59 - 2016-05-27 21:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-14 13:59 - 2016-05-27 21:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-14 13:59 - 2016-05-27 21:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-14 13:59 - 2016-05-27 21:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-06-14 13:59 - 2016-05-27 21:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-14 13:59 - 2016-05-27 21:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-06-14 13:59 - 2016-05-27 21:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-06-14 13:59 - 2016-05-27 21:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-14 13:59 - 2016-05-27 21:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-14 13:59 - 2016-05-27 21:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-14 13:59 - 2016-05-27 21:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-14 13:59 - 2016-05-27 21:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-14 13:59 - 2016-05-27 21:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-06-14 13:59 - 2016-05-27 21:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-06-14 13:59 - 2016-05-27 21:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-14 13:59 - 2016-05-27 21:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-14 13:59 - 2016-05-27 21:25 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.dll
2016-06-14 13:59 - 2016-05-27 21:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-14 13:59 - 2016-05-27 21:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-06-14 13:59 - 2016-05-27 21:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-06-14 13:59 - 2016-05-27 21:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-14 13:59 - 2016-05-27 21:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-14 13:59 - 2016-05-27 21:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-14 13:59 - 2016-05-27 21:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-14 13:59 - 2016-05-27 21:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-06-14 13:59 - 2016-05-27 21:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-14 13:59 - 2016-05-27 21:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-14 13:59 - 2016-05-27 21:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-06-14 13:59 - 2016-05-27 21:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-06-14 13:59 - 2016-05-27 21:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-06-14 13:59 - 2016-05-27 21:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-14 13:59 - 2016-05-27 21:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-14 13:59 - 2016-05-27 21:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-06-14 13:59 - 2016-05-27 21:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-14 13:59 - 2016-05-27 21:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-14 13:59 - 2016-05-27 21:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-06-14 13:59 - 2016-05-27 21:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-14 13:59 - 2016-05-27 21:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-14 13:59 - 2016-05-27 21:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-06-14 13:59 - 2016-05-27 21:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-14 13:59 - 2016-05-27 21:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-06-14 13:59 - 2016-05-27 21:21 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.dll
2016-06-14 13:59 - 2016-05-27 21:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-14 13:59 - 2016-05-27 21:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-06-14 13:59 - 2016-05-27 21:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-14 13:59 - 2016-05-27 21:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-06-14 13:59 - 2016-05-27 21:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-06-14 13:59 - 2016-05-27 21:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-06-14 13:59 - 2016-05-27 21:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-06-14 13:59 - 2016-05-27 21:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-14 13:59 - 2016-05-27 21:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-14 13:59 - 2016-05-27 21:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-06-14 13:59 - 2016-05-27 21:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-14 13:59 - 2016-05-27 21:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-06-14 13:59 - 2016-05-27 21:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-06-14 13:59 - 2016-05-27 21:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-14 13:59 - 2016-05-27 21:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-14 13:59 - 2016-05-27 21:18 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2016-06-14 13:59 - 2016-05-27 21:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-06-14 13:59 - 2016-05-27 21:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-06-14 13:59 - 2016-05-27 21:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-14 13:59 - 2016-05-27 21:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-14 13:59 - 2016-05-27 21:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-06-14 13:59 - 2016-05-27 21:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-14 13:59 - 2016-05-27 21:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-14 13:59 - 2016-05-27 21:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-06-14 13:59 - 2016-05-27 21:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-14 13:59 - 2016-05-27 21:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2016-06-14 13:59 - 2016-05-27 21:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-14 13:59 - 2016-05-27 21:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-14 13:59 - 2016-05-27 21:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-06-14 13:59 - 2016-05-27 21:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-14 13:59 - 2016-05-27 21:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-14 13:59 - 2016-05-27 21:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-14 13:59 - 2016-05-27 21:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-14 13:59 - 2016-05-27 21:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-06-14 13:59 - 2016-05-27 21:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-14 13:59 - 2016-05-27 21:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-14 13:59 - 2016-05-27 21:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-14 13:59 - 2016-05-27 21:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-06-14 13:59 - 2016-05-27 21:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-14 13:59 - 2016-05-27 21:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-14 13:59 - 2016-05-27 21:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-14 13:59 - 2016-05-27 21:15 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2016-06-14 13:59 - 2016-05-27 21:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-06-14 13:59 - 2016-05-27 21:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-14 13:59 - 2016-05-27 21:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-06-14 13:59 - 2016-05-27 21:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-14 13:59 - 2016-05-27 21:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-14 13:59 - 2016-05-27 21:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-14 13:59 - 2016-05-27 21:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-14 13:59 - 2016-05-27 21:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-14 13:59 - 2016-05-27 21:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-14 13:59 - 2016-05-27 21:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-14 13:59 - 2016-05-27 21:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-14 13:59 - 2016-05-27 21:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-14 13:59 - 2016-05-27 21:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-06-14 13:59 - 2016-05-27 21:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-14 13:59 - 2016-05-27 21:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-14 13:59 - 2016-05-27 21:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-06-14 13:59 - 2016-05-27 21:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-14 13:59 - 2016-05-27 21:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-14 13:59 - 2016-05-27 21:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-06-14 13:59 - 2016-05-27 21:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-14 13:59 - 2016-05-27 21:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-14 13:59 - 2016-05-27 21:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-14 13:59 - 2016-05-27 21:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-14 13:59 - 2016-05-27 21:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-06-14 13:59 - 2016-05-27 21:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-14 13:59 - 2016-05-27 21:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-14 13:59 - 2016-05-27 21:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-14 13:59 - 2016-05-27 21:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-14 13:59 - 2016-05-27 21:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-14 13:59 - 2016-05-27 21:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-06-14 13:59 - 2016-05-27 21:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-14 13:59 - 2016-05-27 21:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-14 13:59 - 2016-05-27 21:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-14 13:59 - 2016-05-27 21:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-14 13:59 - 2016-05-27 21:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-14 13:59 - 2016-05-27 21:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-14 13:59 - 2016-05-27 21:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-14 13:59 - 2016-05-27 21:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-14 13:59 - 2016-05-27 21:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-14 13:59 - 2016-05-27 21:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-06-14 13:59 - 2016-05-27 21:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-14 13:59 - 2016-05-27 21:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-14 13:59 - 2016-05-27 21:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-14 13:59 - 2016-05-27 21:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-14 13:59 - 2016-05-27 21:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-14 13:59 - 2016-05-27 21:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-14 13:59 - 2016-05-27 21:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
2016-06-14 13:59 - 2016-05-27 21:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-06-14 13:59 - 2016-05-27 21:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-14 13:59 - 2016-05-27 21:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-14 13:59 - 2016-05-27 21:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-14 13:59 - 2016-05-27 21:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-06-14 13:59 - 2016-05-27 21:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-14 13:59 - 2016-05-27 21:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-14 13:59 - 2016-05-27 21:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-06-14 13:59 - 2016-05-27 21:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-14 13:59 - 2016-05-27 21:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-14 13:59 - 2016-05-27 21:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-14 13:59 - 2016-05-27 21:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-14 13:59 - 2016-05-27 21:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-14 13:59 - 2016-05-27 21:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-14 13:59 - 2016-05-27 21:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-14 13:59 - 2016-05-27 21:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-14 13:59 - 2016-05-27 21:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-06-14 13:59 - 2016-05-27 21:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-14 13:59 - 2016-05-27 21:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-14 13:59 - 2016-05-27 21:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-06-14 13:59 - 2016-05-27 20:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-06-14 13:59 - 2016-05-27 20:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-14 13:59 - 2016-05-27 20:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-14 13:59 - 2016-05-27 20:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-14 13:59 - 2016-05-27 20:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-14 13:59 - 2016-05-27 20:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-06-14 13:59 - 2016-05-27 20:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-14 13:59 - 2016-05-27 20:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-14 13:59 - 2016-05-27 20:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-13 12:48 - 2016-06-13 13:36 - 00000000 ____D C:\Users\Casey\AppData\Local\The Witcher
2016-06-12 19:54 - 2016-06-12 19:54 - 00000000 ____D C:\Users\Casey\AppData\Local\The Witcher 2
2016-06-12 16:49 - 2016-06-12 19:51 - 00000000 ____D C:\Users\Casey\AppData\Roaming\discord
2016-06-12 16:49 - 2016-06-12 16:49 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-06-12 16:49 - 2016-06-12 16:49 - 00000000 ____D C:\Users\Casey\AppData\Local\SquirrelTemp
2016-06-12 16:49 - 2016-06-12 16:49 - 00000000 ____D C:\Users\Casey\AppData\Local\Discord
2016-06-11 14:19 - 2016-06-11 14:19 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-06-11 14:19 - 2016-06-02 20:28 - 00111552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-06-11 14:19 - 2016-05-03 19:23 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-06-11 14:19 - 2016-05-03 19:22 - 00130848 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-06-11 14:19 - 2016-05-03 19:22 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-06-11 14:19 - 2016-05-03 19:22 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-06-11 14:18 - 2016-06-03 00:22 - 39977920 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 35115968 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 31641656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 25404864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 21812056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 21355464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 18151128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 17746664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 17432544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 10643240 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 08733792 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 02844608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 02470336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 01920960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436839.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436839.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 00983488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 00910392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 00787384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 00786176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 00769984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 00707520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 00669952 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 00632848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 00631288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 00601752 _____ C:\WINDOWS\system32\nvmcumd.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 00565208 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 00549240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 00452616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 00425016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 00385592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 00379808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 00379448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 00348216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 00316632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 00177952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 00155768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 00153232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-06-11 14:18 - 2016-06-03 00:22 - 00131584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-06-11 13:27 - 2016-06-11 13:27 - 00001134 _____ C:\Users\Public\Desktop\Vive.lnk
2016-06-06 20:08 - 2016-06-06 20:08 - 00015816 _____ (Razer Inc.) C:\WINDOWS\SysWOW64\RzStats.IPC.dll
2016-06-05 12:24 - 2016-06-05 12:24 - 00001163 _____ C:\Users\Public\Desktop\Overwatch.lnk
2016-06-05 12:24 - 2016-06-05 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2016-06-05 11:48 - 2016-06-17 17:31 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-06-01 17:57 - 2016-06-01 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-06-01 17:57 - 2016-06-01 17:57 - 00000000 ____D C:\Program Files\7-Zip
2016-06-01 01:13 - 2016-06-01 01:13 - 00048272 _____ (Razer Inc.) C:\WINDOWS\SysWOW64\RzAPIChromaSDK.dll
2016-05-31 02:34 - 2016-05-31 02:34 - 00084120 _____ (Razer Inc.) C:\WINDOWS\SysWOW64\RzChromaSDK.dll
2016-05-31 02:33 - 2016-05-31 02:33 - 00097432 _____ (Razer Inc.) C:\WINDOWS\system32\RzChromaSDK64.dll
2016-05-30 19:31 - 2016-05-30 19:31 - 00000000 ____D C:\Users\Casey\AppData\Local\AdvancedChromaConfigurato
2016-05-30 19:24 - 2016-05-30 19:24 - 00000000 ____D C:\Program Files\Razer Chroma SDK
2016-05-30 19:24 - 2016-05-30 19:24 - 00000000 ____D C:\Program Files (x86)\Razer Chroma SDK
2016-05-28 22:35 - 2016-05-28 22:35 - 00000000 ____D C:\Users\Casey\AppData\LocalLow\Valve
2016-05-28 20:08 - 2016-05-28 20:08 - 00000000 ____D C:\Users\Casey\AppData\Roaming\FC-VR
2016-05-28 20:08 - 2016-05-28 20:08 - 00000000 ____D C:\Users\Casey\AppData\LocalLow\Northway and Radial Games
2016-05-28 19:58 - 2016-05-28 19:58 - 00000000 ____D C:\Users\Casey\AppData\LocalLow\Owlchemy Labs
2016-05-28 18:34 - 2016-05-30 13:44 - 00000000 ____D C:\Users\Casey\AppData\Local\HTC_Neo
2016-05-28 18:34 - 2016-05-28 19:04 - 00000000 ____D C:\Users\Casey\AppData\Local\ViveDashboard
2016-05-28 18:34 - 2016-05-28 18:34 - 00000000 ____D C:\Users\Casey\AppData\Roaming\HTC
2016-05-28 16:51 - 2016-05-28 16:51 - 00000000 ____D C:\Users\Casey\AppData\Local\openvr
2016-05-28 16:50 - 2016-05-28 16:50 - 00000000 ____D C:\Program Files\Common Files\HTC
2016-05-28 16:50 - 2016-04-27 00:45 - 00072608 _____ (Dokan Project) C:\WINDOWS\system32\Drivers\dokan1.sys
2016-05-28 16:50 - 2016-03-21 12:45 - 00057584 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\vivefs.sys
2016-05-28 16:49 - 2016-05-28 16:49 - 00000000 ____D C:\ProgramData\HTC
2016-05-28 16:45 - 2016-05-28 18:34 - 00000000 ____D C:\Users\Casey\AppData\Local\Htc
2016-05-28 16:45 - 2016-05-28 16:45 - 00000000 ____D C:\Program Files\HTC Account
2016-05-28 16:44 - 2016-05-28 16:44 - 00122112 _____ (Broadcom Corporation.) C:\WINDOWS\system32\btw_ci.dll
2016-05-28 16:44 - 2016-05-28 16:44 - 00109252 _____ C:\WINDOWS\system32\Drivers\BCM20703A1_001.001.005.0214.0481.hex
2016-05-28 16:44 - 2016-05-28 16:44 - 00073984 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwsecfl.sys
2016-05-28 16:44 - 2016-05-28 16:44 - 00066136 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwusb.sys
2016-05-28 16:43 - 2016-06-11 13:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIVE Software
2016-05-28 16:43 - 2016-05-28 18:23 - 00000000 ____D C:\Program Files (x86)\ViveSetup
2016-05-28 16:39 - 2016-05-28 16:43 - 00000000 ____D C:\Users\Casey\AppData\Local\VIVE_Setup
2016-05-27 20:53 - 2016-05-27 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-05-27 20:53 - 2016-05-27 20:53 - 00000000 ____D C:\Program Files\iTunes
2016-05-27 20:53 - 2016-05-27 20:53 - 00000000 ____D C:\Program Files\iPod
2016-05-27 20:53 - 2016-05-27 20:53 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-05-27 20:34 - 2016-05-27 21:28 - 00000022 _____ C:\WINDOWS\GPU-Z.INI
2016-05-27 20:34 - 2016-05-27 20:34 - 00000000 ____D C:\Temp
2016-05-27 20:34 - 2016-05-27 20:34 - 00000000 ____D C:\Program Files (x86)\Futuremark
2016-05-26 19:06 - 2016-05-21 14:09 - 01581624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco64.dll
2016-05-26 19:06 - 2016-05-21 14:09 - 00046024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-05-26 19:06 - 2016-05-20 01:03 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436822.dll
2016-05-26 19:06 - 2016-05-20 01:03 - 01573432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436822.dll
2016-05-26 19:06 - 2016-05-20 01:03 - 00000594 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-05-26 19:06 - 2016-05-20 01:03 - 00000594 _____ C:\WINDOWS\system32\nv-vk64.json
2016-05-23 21:28 - 2016-05-23 23:52 - 00000132 _____ C:\Users\Casey\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-05-23 21:22 - 2016-05-23 21:22 - 00000132 _____ C:\Users\Casey\AppData\Roaming\Adobe BMP Format CS6 Prefs
2016-05-23 20:02 - 2016-05-23 20:02 - 00000000 ____D C:\Users\Casey\AppData\LocalLow\Adobe
2016-05-23 19:43 - 2016-05-23 23:55 - 00000000 ____D C:\Users\Casey\AppData\Roaming\OBS
2016-05-23 19:43 - 2016-05-23 19:43 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2016-05-23 19:43 - 2016-05-23 19:43 - 00000000 ____D C:\Program Files\OBS
2016-05-23 19:43 - 2016-05-23 19:43 - 00000000 ____D C:\Program Files (x86)\OBS
2016-05-23 19:15 - 2016-05-23 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2016-05-19 19:36 - 2016-05-19 19:36 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Xilisoft
2016-05-19 19:35 - 2016-05-19 19:35 - 00002251 _____ C:\Users\Public\Desktop\Xilisoft Video Converter Ultimate.lnk
2016-05-19 19:35 - 2016-05-19 19:35 - 00000000 ____D C:\ProgramData\Xilisoft
2016-05-19 19:35 - 2016-05-19 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
2016-05-19 19:35 - 2016-05-19 19:35 - 00000000 ____D C:\Program Files (x86)\Xilisoft
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-17 18:20 - 2015-11-28 23:13 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-17 18:20 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-17 18:18 - 2015-11-28 23:58 - 00000000 ____D C:\Users\Casey\AppData\Local\ClassicShell
2016-06-17 18:17 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\Registration
2016-06-17 18:14 - 2015-11-29 18:52 - 00026192 ____N (Windows ® Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2016-06-17 18:14 - 2015-11-29 02:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-17 18:14 - 2015-11-29 02:06 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-17 18:14 - 2015-11-29 01:32 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-17 18:14 - 2015-10-29 23:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-06-17 18:10 - 2016-04-03 20:20 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-17 18:04 - 2015-11-29 01:32 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-17 17:53 - 2015-11-29 02:06 - 00000000 ___HD C:\Users\Casey
2016-06-17 17:52 - 2015-12-25 16:19 - 00000000 ____D C:\Users\Casey\AppData\Local\CrashDumps
2016-06-17 17:45 - 2016-03-22 22:55 - 00000000 ____D C:\Users\Casey\AppData\Roaming\uTorrent
2016-06-17 17:37 - 2015-12-05 22:56 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{302435B2-6A16-4759-84A1-E0461FC7AA07}
2016-06-17 17:10 - 2015-12-05 23:21 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Mumble
2016-06-17 15:05 - 2015-11-29 01:32 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 02:49 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-17 02:44 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-16 23:22 - 2015-12-05 20:52 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Skype
2016-06-16 23:21 - 2016-03-27 19:41 - 00000000 ____D C:\Users\Casey\AppData\Local\Battle.net
2016-06-16 17:18 - 2015-11-30 14:06 - 00000000 ____D C:\Users\Casey\AppData\Local\Deployment
2016-06-16 15:02 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
2016-06-15 03:32 - 2015-11-29 02:05 - 04956808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-15 03:32 - 2015-11-28 23:08 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-15 03:30 - 2015-10-30 00:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-06-15 03:30 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-06-15 03:30 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-14 14:18 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-14 14:17 - 2015-11-29 00:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-14 14:15 - 2015-11-29 00:02 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-13 16:07 - 2016-04-30 13:24 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-06-13 13:41 - 2015-11-28 23:27 - 00000000 ____D C:\Users\Casey\AppData\Local\ElevatedDiagnostics
2016-06-12 01:28 - 2015-11-29 19:24 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-11 14:19 - 2015-11-30 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-06-11 14:19 - 2015-11-29 02:06 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-06-11 13:58 - 2016-03-27 14:53 - 00044544 _____ C:\Users\Casey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-06-05 11:45 - 2016-03-27 19:42 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-06-03 17:51 - 2015-11-28 23:10 - 13553096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-06-03 00:22 - 2016-05-05 12:42 - 17729184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-06-03 00:22 - 2015-11-28 23:10 - 20375488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-06-03 00:22 - 2015-11-28 23:10 - 14462536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-06-03 00:22 - 2015-11-28 23:10 - 03811256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-06-03 00:22 - 2015-11-28 23:10 - 03371624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-06-03 00:22 - 2015-11-28 23:10 - 00040084 _____ C:\WINDOWS\system32\nvinfo.pb
2016-06-02 20:59 - 2015-12-26 18:43 - 00534072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-06-02 20:59 - 2015-12-26 18:43 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-06-02 20:59 - 2015-11-29 02:06 - 06452948 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-06-02 20:59 - 2015-11-29 02:06 - 06364216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-06-02 20:59 - 2015-11-29 02:06 - 02455608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-06-02 20:59 - 2015-11-29 02:06 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-06-02 20:59 - 2015-11-29 02:06 - 01352760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-06-02 20:59 - 2015-11-29 02:06 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-06-02 20:59 - 2015-11-29 02:06 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-06-02 17:14 - 2015-12-19 20:48 - 00000931 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2016-06-02 17:14 - 2015-12-19 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2016-06-02 17:14 - 2015-12-19 20:48 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2016-06-01 17:22 - 2016-03-22 20:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-01 17:22 - 2015-12-05 20:52 - 00000000 ____D C:\ProgramData\Skype
2016-05-30 19:25 - 2016-05-01 23:40 - 00000000 ____D C:\ProgramData\Razer
2016-05-30 19:19 - 2016-05-01 23:40 - 00000000 ____D C:\Program Files (x86)\Razer
2016-05-28 18:27 - 2015-11-28 23:58 - 00000000 ____D C:\ProgramData\ClassicShell
2016-05-27 22:55 - 2015-11-29 02:09 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-05-27 20:53 - 2016-01-07 18:25 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-05-23 20:54 - 2016-05-15 20:17 - 00000000 ____D C:\ProgramData\Adobe
2016-05-21 14:09 - 2015-11-28 23:10 - 00141256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
 
==================== Files in the root of some directories =======
 
2015-03-26 04:48 - 2015-03-26 04:48 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2016-05-23 21:22 - 2016-05-23 21:22 - 0000132 _____ () C:\Users\Casey\AppData\Roaming\Adobe BMP Format CS6 Prefs
2016-05-23 21:28 - 2016-05-23 23:52 - 0000132 _____ () C:\Users\Casey\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-03-27 14:53 - 2016-06-11 13:58 - 0044544 _____ () C:\Users\Casey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-22 20:35 - 2016-03-22 20:35 - 0001233 _____ () C:\Users\Casey\AppData\Local\recently-used.xbel
2016-01-11 19:52 - 2016-01-11 19:52 - 0007601 _____ () C:\Users\Casey\AppData\Local\Resmon.ResmonCfg
2015-11-29 19:19 - 2015-11-29 19:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-13 13:41
 
==================== End of FRST.txt ============================

Attached Files


Edited by clowncracker, 17 June 2016 - 08:35 PM.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:40 PM

Posted 18 June 2016 - 02:14 PM

hi,

 

Run these two tools and we will go from there if needed. Usually only on BC once or twice per day so you may not get a response back from me until the following day.

 

 

Please download adwcleaner and save to your desktop.
 
    http://www.bleepingcomputer.com/download/adwcleaner/
 
    Right click AdwCleaner.exe and select "run as admin"
    Accept the disclaimer
    Click on the Scan button.
    Once the scan is done, Click the Clean button
    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically
    Copy and paste the contents of that logfile in your next reply.
    A copy of that logfile will also be saved in the C:\AdwCleaner folder.
 
==========================================================
     Please download Junkware Removal Tool to your desktop.
 
     http://thisisudax.org/downloads/JRT.exe
 
    Double click the icon or Right click for Vista/W7,8 and select Run as administrator
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message

 


How Can I Reduce My Risk to Malware?


#3 clowncracker

clowncracker
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 19 June 2016 - 02:44 PM

Issue still persisting - just wanted to keep you updated.

Attached Files



#4 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:40 PM

Posted 19 June 2016 - 05:58 PM

Lets try setting IE back to its defaults. Open up Internet Explorer and from Tools or the gear looking icon select Internet Options>Advanced tab, near the bottom you will see a Reset button, click it and then check Delete Personal Settings then click the Reset button. See how that goes.


How Can I Reduce My Risk to Malware?


#5 clowncracker

clowncracker
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 19 June 2016 - 07:00 PM

I don't even use Internet Explorer, I use Chrome.  I cleared my Chrome and IE settings and it still didn't help.



#6 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:40 PM

Posted 19 June 2016 - 07:18 PM

The screenshot looked like IE to me. We will use FRST. Copy/paste whats below into notepad and save it has fixlist.txt in the same location you have FRST.

 

Start FRST like before except this time click on the Fix button once. Machine may reboot to finish the process. Upon reboot it will display a fixlog.txt that you can copy/paste in your reply.

InternetURL: C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download Latest Windows 10 Pro Permanent Activator 2016.url -> hxxp://bestprosoft.com/category/download-latest-best-professional-software-2016/
GroupPolicyScripts: Restriction <======= ATTENTION
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2032110391-4062864444-780685404-1001\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
SearchScopes: HKU\S-1-5-21-2032110391-4062864444-780685404-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E05EC776-53FC-4CA7-9944-34E30B7FB700}&mid=bac9b37288de47ccb87091c41aaac20a-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215avi&pr=fr&d=2015-12-06 23:12:22&v=4.2.1.951&pid=wtu&sg=&sap=dsp&q={searchTerms}


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users