Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected on 2 laptops and pc


  • This topic is locked This topic is locked
5 replies to this topic

#1 shaveeveverything

shaveeveverything

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 13 July 2016 - 06:28 PM

Windows 7 or 8.1 upgraded to 10 without permission

 

edit: my brother said he didn't use usb on my main pc, thinking its network infection too

 

My brother used youtube-mp3(dot)org (avoiding links) and put it on my usb on all the computers, and I check my pc details regularly and have a lot of weird .exe and services. He used it on this laptop to convert youtube vids on this pc, not sure if it infected the network but a new connection was made on my pc gateway.2wire.net (2) or something like that. Anyways I downloaded malwarebytes from malwarebytes(dot)com and double clicked it. I  got this

 

/SPAWNWND=$C102D0

/NOTIFYWND=$D0724

 

For services there are alot of duplicates with svc at the end.

 

Name PID Description Status Group
AJRouter AllJoyn Router Service Stopped LocalService
ALG Application Layer Gateway Service Stopped
AppIDSvc Application Identity Stopped LocalServiceNetworkRestricted
Appinfo 348 Application Information Running netsvcs
AppReadiness App Readiness Stopped AppReadiness
AppXSvc AppX Deployment Service (AppXSVC) Stopped wsappx
AudioEndpointBuilder 396 Windows Audio Endpoint Builder Running LocalSystemNetworkRestricted
Audiosrv 584 Windows Audio Running LocalServiceNetworkRestricted
AxInstSV ActiveX Installer (AxInstSV) Stopped AxInstSVGroup
BDESVC BitLocker Drive Encryption Service Stopped netsvcs
BFE 1348 Base Filtering Engine Running LocalServiceNoNetwork
BITS 348 Background Intelligent Transfer Service Running netsvcs
BrokerInfrastructure 824 Background Tasks Infrastructure Service Running DcomLaunch
Browser Browser Stopped netsvcs
BthHFSrv Bluetooth Handsfree Service Stopped LocalServiceAndNoImpersonation
bthserv Bluetooth Support Service Stopped LocalService
CDPSvc Connected Device Platform Service Stopped LocalService
CertPropSvc Certificate Propagation Stopped netsvcs
ClipSVC Client License Service (ClipSVC) Stopped wsappx
COMSysApp COM+ System Application Stopped
CoreMessagingRegistrar 1348 CoreMessaging Running LocalServiceNoNetwork
cphs 1880 Intel® Content Protection HECI Service Running
CryptSvc 1476 Cryptographic Services Running NetworkService
CxAudMsg Conexant Audio Message Service Stopped
DcomLaunch 824 DCOM Server Process Launcher Running DcomLaunch
DcpSvc DataCollectionPublishingService Stopped netsvcs
defragsvc Optimize drives Stopped defragsvc
DeviceAssociationService 396 Device Association Service Running LocalSystemNetworkRestricted
DeviceInstall Device Install Service Stopped DcomLaunch
DevQueryBroker DevQuery Background Discovery Broker Stopped LocalSystemNetworkRestricted
Dhcp 584 DHCP Client Running LocalServiceNetworkRestricted
diagnosticshub.standardcollector.service Microsoft ® Diagnostics Hub Standard Collector Service Stopped
DiagTrack 1952 Connected User Experiences and Telemetry Running utcsvc
DmEnrollmentSvc Device Management Enrollment Service Stopped netsvcs
dmwappushservice dmwappushsvc Stopped netsvcs
Dnscache 1476 DNS Client Running NetworkService
DoSvc 348 Delivery Optimization Running netsvcs
dot3svc Wired AutoConfig Stopped LocalSystemNetworkRestricted
DPS 1348 Diagnostic Policy Service Running LocalServiceNoNetwork
DsmSvc Device Setup Manager Stopped netsvcs
DsSvc 396 Data Sharing Service Running LocalSystemNetworkRestricted
Eaphost Extensible Authentication Protocol Stopped netsvcs
EFS Encrypting File System (EFS) Stopped
embeddedmode embeddedmode Stopped LocalSystemNetworkRestricted
EntAppSvc Enterprise App Management Service Stopped appmodel
ETDService Elan Service Stopped
EventLog 584 Windows Event Log Running LocalServiceNetworkRestricted
EventSystem 1052 COM+ Event System Running LocalService
fdPHost 1052 Function Discovery Provider Host Running LocalService
FDResPub 844 Function Discovery Resource Publication Running LocalServiceAndNoImpersonation
fhsvc File History Service Stopped LocalSystemNetworkRestricted
FontCache 1052 Windows Font Cache Service Running LocalService
FontCache3.0.0.0 184 Windows Presentation Foundation Font Cache 3.0.0.0 Running
gpsvc 348 Group Policy Client Running netsvcs
gupdate Google Update Service (gupdate) Stopped
gupdatem Google Update Service (gupdatem) Stopped
hidserv Human Interface Device Service Stopped LocalSystemNetworkRestricted
HomeGroupListener 396 HomeGroup Listener Running LocalSystemNetworkRestricted
HomeGroupProvider 584 HomeGroup Provider Running LocalServiceNetworkRestricted
ICCS Intel® Integrated Clock Controller Service - Intel® ICCS Stopped
icssvc Windows Mobile Hotspot Service Stopped LocalServiceNetworkRestricted
IEEtwCollectorService Internet Explorer ETW Collector Service Stopped
igfxCUIService1.0.0.0 Intel® HD Graphics Control Panel Service Stopped
IKEEXT 348 IKE and AuthIP IPsec Keying Modules Running netsvcs
Intel® Capability Licensing Service Interface 504 Intel® Capability Licensing Service Interface Running
Intel® Capability Licensing Service TCP IP Interface Intel® Capability Licensing Service TCP IP Interface Stopped
iphlpsvc 348 IP Helper Running NetSvcs
KeyIso 728 CNG Key Isolation Running
KtmRm KtmRm for Distributed Transaction Coordinator Stopped NetworkServiceAndNoImpersonation
LanmanServer 348 Server Running netsvcs
LanmanWorkstation 1476 Workstation Running NetworkService
lfsvc 348 Geolocation Service Running netsvcs
LicenseManager 1052 Windows License Manager Service Running LocalService
lltdsvc Link-Layer Topology Discovery Mapper Stopped LocalService
lmhosts 584 TCP/IP NetBIOS Helper Running LocalServiceNetworkRestricted
LSM 824 Local Session Manager Running DcomLaunch
MapsBroker Downloaded Maps Manager Stopped NetworkService
MBAMService 5036 MBAMService Running
MessagingService MessagingService Stopped UnistackSvcGroup
MessagingService_a88c2 MessagingService_a88c2 Stopped UnistackSvcGroup
MpsSvc 1348 Windows Firewall Running LocalServiceNoNetwork
MSCamSvc 2092 MSCamSvc Running
MSDTC Distributed Transaction Coordinator Stopped
MSiSCSI Microsoft iSCSI Initiator Service Stopped netsvcs
msiserver Windows Installer Stopped
NcaSvc Network Connectivity Assistant Stopped NetSvcs
NcbService 396 Network Connection Broker Running LocalSystemNetworkRestricted
NcdAutoSetup Network Connected Devices Auto-Setup Stopped LocalServiceNoNetwork
Netlogon Netlogon Stopped
Netman 396 Network Connections Running LocalSystemNetworkRestricted
netprofm 1052 Network List Service Running LocalService
NetSetupSvc Network Setup Service Stopped netsvcs
NetTcpPortSharing Net.Tcp Port Sharing Service Stopped
NgcCtnrSvc Microsoft Passport Container Stopped LocalServiceNetworkRestricted
NgcSvc Microsoft Passport Stopped LocalSystemNetworkRestricted
NlaSvc 1476 Network Location Awareness Running NetworkService
nsi 1052 Network Store Interface Service Running LocalService
OneSyncSvc Sync Host Stopped UnistackSvcGroup
OneSyncSvc_a88c2 Sync Host_a88c2 Stopped UnistackSvcGroup
p2pimsvc Peer Networking Identity Manager Stopped LocalServicePeerNet
p2psvc Peer Networking Grouping Stopped LocalServicePeerNet
PcaSvc 396 Program Compatibility Assistant Service Running LocalSystemNetworkRestricted
PerfHost Performance Counter DLL Host Stopped
PhoneSvc Phone Service Stopped LocalService
PimIndexMaintenanceSvc Contact Data Stopped UnistackSvcGroup
PimIndexMaintenanceSvc_a88c2 Contact Data_a88c2 Stopped UnistackSvcGroup
pla Performance Logs & Alerts Stopped LocalServiceNoNetwork
PlugPlay 824 Plug and Play Running DcomLaunch
PNRPAutoReg PNRP Machine Name Publication Service Stopped LocalServicePeerNet
PNRPsvc Peer Name Resolution Protocol Stopped LocalServicePeerNet
PolicyAgent 2784 IPsec Policy Agent Running NetworkServiceNetworkRestricted
Power 824 Power Running DcomLaunch
PrintNotify Printer Extensions and Notifications Stopped print
ProfSvc 348 User Profile Service Running netsvcs
QWAVE Quality Windows Audio Video Experience Stopped LocalServiceAndNoImpersonation
RasAuto Remote Access Auto Connection Manager Stopped netsvcs
RasMan 348 Remote Access Connection Manager Running netsvcs
RemoteAccess Routing and Remote Access Stopped netsvcs
RemoteRegistry Remote Registry Stopped localService
RetailDemo Retail Demo Service Stopped netsvcs
RpcEptMapper 888 RPC Endpoint Mapper Running RPCSS
RpcLocator Remote Procedure Call (RPC) Locator Stopped
RpcSs 888 Remote Procedure Call (RPC) Running rpcss
SamSs 728 Security Accounts Manager Running
SAService Conexant SmartAudio service Stopped
SCardSvr Smart Card Stopped LocalServiceAndNoImpersonation
ScDeviceEnum Smart Card Device Enumeration Service Stopped LocalSystemNetworkRestricted
Schedule 348 Task Scheduler Running netsvcs
SCPolicySvc Smart Card Removal Policy Stopped netsvcs
SDRSVC Windows Backup Stopped SDRSVC
seclogon Secondary Logon Stopped netsvcs
SENS 348 System Event Notification Service Running netsvcs
SensorDataService Sensor Data Service Stopped
SensorService Sensor Service Stopped LocalSystemNetworkRestricted
SensrSvc Sensor Monitoring Service Stopped LocalServiceAndNoImpersonation
SessionEnv Remote Desktop Configuration Stopped netsvcs
SharedAccess Internet Connection Sharing (ICS) Stopped netsvcs
ShellHWDetection 348 Shell Hardware Detection Running netsvcs
smphost Microsoft Storage Spaces SMP Stopped smphost
SmsRouter Microsoft Windows SMS Router Service. Stopped LocalSystemNetworkRestricted
SNMPTRAP SNMP Trap Stopped
Spooler 1712 Print Spooler Running
sppsvc Software Protection Stopped
SSDPSRV 844 SSDP Discovery Running LocalServiceAndNoImpersonation
SstpSvc 1052 Secure Socket Tunneling Protocol Service Running LocalService
StateRepository 1960 State Repository Service Running appmodel
stisvc 1452 Windows Image Acquisition (WIA) Running imgsvc
StorSvc 396 Storage Service Running LocalSystemNetworkRestricted
svsvc Spot Verifier Stopped LocalSystemNetworkRestricted
swprv Microsoft Software Shadow Copy Provider Stopped swprv
SysMain 396 Superfetch Running LocalSystemNetworkRestricted
SystemEventsBroker 824 System Events Broker Running DcomLaunch
TabletInputService Touch Keyboard and Handwriting Panel Service Stopped LocalSystemNetworkRestricted
TapiSrv 1476 Telephony Running NetworkService
TermService Remote Desktop Services Stopped NetworkService
Themes 348 Themes Running netsvcs
TieringEngineService Storage Tiers Management Stopped
tiledatamodelsvc 1960 Tile Data model server Running appmodel
TimeBroker 844 Time Broker Running LocalServiceAndNoImpersonation
TrkWks 396 Distributed Link Tracking Client Running LocalSystemNetworkRestricted
TrustedInstaller Windows Modules Installer Stopped
tzautoupdate Auto Time Zone Updater Stopped LocalService
UI0Detect Interactive Services Detection Stopped
UmRdpService Remote Desktop Services UserMode Port Redirector Stopped LocalSystemNetworkRestricted
UnistoreSvc User Data Storage Stopped UnistackSvcGroup
UnistoreSvc_a88c2 User Data Storage_a88c2 Stopped UnistackSvcGroup
upnphost UPnP Device Host Stopped LocalServiceAndNoImpersonation
UserDataSvc User Data Access Stopped UnistackSvcGroup
UserDataSvc_a88c2 User Data Access_a88c2 Stopped UnistackSvcGroup
UserManager 348 User Manager Running netsvcs
UsoSvc 348 Update Orchestrator Service Running netsvcs
VaultSvc 728 Credential Manager Running
vds Virtual Disk Stopped
vmicguestinterface Hyper-V Guest Service Interface Stopped LocalSystemNetworkRestricted
vmicheartbeat Hyper-V Heartbeat Service Stopped ICService
vmickvpexchange Hyper-V Data Exchange Service Stopped LocalSystemNetworkRestricted
vmicrdv Hyper-V Remote Desktop Virtualization Service Stopped ICService
vmicshutdown Hyper-V Guest Shutdown Service Stopped LocalSystemNetworkRestricted
vmictimesync Hyper-V Time Synchronization Service Stopped LocalServiceNetworkRestricted
vmicvmsession Hyper-V VM Session Service Stopped LocalSystemNetworkRestricted
vmicvss Hyper-V Volume Shadow Copy Requestor Stopped LocalSystemNetworkRestricted
VSS Volume Shadow Copy Stopped
W32Time Windows Time Stopped LocalService
WalletService WalletService Stopped appmodel
wbengine Block Level Backup Engine Service Stopped
WbioSrvc Windows Biometric Service Stopped WbioSvcGroup
Wcmsvc 584 Windows Connection Manager Running LocalServiceNetworkRestricted
wcncsvc 844 Windows Connect Now - Config Registrar Running LocalServiceAndNoImpersonation
WcsPlugInService Windows Color System Stopped wcssvc
WdiServiceHost 1052 Diagnostic Service Host Running LocalService
WdiSystemHost 396 Diagnostic System Host Running LocalSystemNetworkRestricted
WdNisSvc 3464 Windows Defender Network Inspection Service Running
WebClient WebClient Stopped LocalService
Wecsvc Windows Event Collector Stopped NetworkService
WEPHOSTSVC Windows Encryption Provider Host Service Stopped WepHostSvcGroup
wercplsupport Problem Reports and Solutions Control Panel Support Stopped netsvcs
WerSvc Windows Error Reporting Service Stopped WerSvcGroup
WiaRpc Still Image Acquisition Events Stopped LocalSystemNetworkRestricted
WinDefend 1604 Windows Defender Service Running
WinHttpAutoProxySvc 1052 WinHTTP Web Proxy Auto-Discovery Service Running LocalService
Winmgmt 348 Windows Management Instrumentation Running netsvcs
WinRM Windows Remote Management (WS-Management) Stopped NetworkService
WlanSvc 396 WLAN AutoConfig Running LocalSystemNetworkRestricted
wlidsvc Microsoft Account Sign-in Assistant Stopped netsvcs
wmiApSrv WMI Performance Adapter Stopped
WMPNetworkSvc Windows Media Player Network Sharing Service Stopped
WPDBusEnum Portable Device Enumerator Service Stopped LocalSystemNetworkRestricted
WpnService Windows Push Notifications Service Stopped wswpnservice
wscsvc 584 Security Center Running LocalServiceNetworkRestricted
WSearch 536 Windows Search Running
WSService Windows Store Service (WSService) Stopped wsappx
wuauserv Windows Update Stopped netsvcs
wudfsvc 396 Windows Driver Foundation - User-mode Driver Framework Running LocalSystemNetworkRestricted
WwanSvc WWAN AutoConfig Stopped LocalServiceNoNetwork
XblAuthManager Xbox Live Auth Manager Stopped netsvcs
XblGameSave Xbox Live Game Save Stopped netsvcs
XboxNetApiSvc Xbox Live Networking Service Stopped netsvcs

Edited by shaveeveverything, 14 July 2016 - 06:57 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:27 PM

Posted 15 July 2016 - 11:42 AM

Please repost this info with a FRST log by following this guide.. Start at Step 6.

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 shaveeveverything

shaveeveverything
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 15 July 2016 - 04:00 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2016 02
Ran by mike (administrator) on LENO (15-07-2016 16:52:37)
Running from C:\Users\mike\Desktop
Loaded Profiles: mike (Available Profiles: mike)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\mike\jagexcache\jagexlauncher\bin\JagexLauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [VX1000] => C:\WINDOWS\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-12] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-05-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10842096 2014-05-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{48f179f1-b734-41da-9335-a9da7fa67d60}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-726742185-1581409300-3016182445-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-726742185-1581409300-3016182445-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKU\S-1-5-21-726742185-1581409300-3016182445-1001 -> DefaultScope {BFA74B6A-ACD6-4423-B0C3-B9D576DCCE45} URL = 
SearchScopes: HKU\S-1-5-21-726742185-1581409300-3016182445-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.213\pepflashplayer.dll => No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Profile: C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-05]
CHR Extension: (YouTube) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-05]
CHR Extension: (Google Search) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-05]
CHR Extension: (AdBlock) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-05]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-15] (Malwarebytes)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-09] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek                                            )
S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [615728 2015-06-04] (Realtek Semiconductor Corporation)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3068160 2015-06-16] (Realtek Semiconductor Corp.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 RTWlanE; \SystemRoot\System32\drivers\rtwlane.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-15 16:52 - 2016-07-15 16:53 - 00008895 _____ C:\Users\mike\Desktop\FRST.txt
2016-07-15 16:51 - 2016-07-15 16:52 - 00000000 ____D C:\FRST
2016-07-15 16:50 - 2016-07-15 16:51 - 02390528 _____ (Farbar) C:\Users\mike\Desktop\FRST64 (1).exe
2016-07-15 16:48 - 2016-07-15 16:48 - 02390528 _____ (Farbar) C:\Users\mike\Desktop\FRST64.exe
2016-07-15 01:32 - 2016-07-15 01:36 - 00001032 _____ C:\Users\mike\Desktop\s.txt
2016-07-15 01:32 - 2016-07-15 01:32 - 00000339 _____ C:\f.txt
2016-07-15 01:32 - 2016-07-15 01:32 - 00000339 _____ C:\d.txt
2016-07-13 19:09 - 2016-07-13 19:09 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-13 19:09 - 2016-07-13 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-13 19:09 - 2016-07-13 19:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-13 19:09 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-07-13 19:09 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-07-13 19:09 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-07-13 19:08 - 2016-07-13 19:08 - 22851472 _____ (Malwarebytes ) C:\Users\mike\Desktop\mbam-setup-2.2.1.1043.exe
2016-07-11 10:56 - 2016-07-11 11:01 - 00000000 ____D C:\Users\mike\Downloads\new cd
2016-07-07 18:01 - 2015-10-07 02:11 - 02238152 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\ETDUninst.dll
2016-07-01 08:47 - 2016-07-01 08:47 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-30 14:24 - 2016-06-30 14:24 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-06-16 20:59 - 2016-06-16 20:59 - 00000000 ____D C:\Users\mike\AppData\Local\ElevatedDiagnostics
2016-06-15 02:20 - 2016-05-28 00:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-15 02:20 - 2016-05-28 00:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-15 02:20 - 2016-05-28 00:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-15 02:20 - 2016-05-28 00:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-15 02:20 - 2016-05-28 00:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-15 02:20 - 2016-05-28 00:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-15 02:19 - 2016-05-28 00:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-15 02:19 - 2016-05-28 00:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-15 02:19 - 2016-05-28 00:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-15 02:19 - 2016-05-28 00:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-15 02:19 - 2016-05-28 00:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-15 02:19 - 2016-05-28 00:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-15 02:19 - 2016-05-28 00:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-15 02:19 - 2016-05-28 00:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-15 02:19 - 2016-05-28 00:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-15 02:19 - 2016-05-28 00:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-15 02:19 - 2016-05-28 00:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-15 02:19 - 2016-05-28 00:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-15 02:19 - 2016-05-28 00:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-15 02:19 - 2016-05-28 00:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-15 02:19 - 2016-05-28 00:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-15 02:19 - 2016-05-28 00:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-15 02:19 - 2016-05-28 00:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-15 02:19 - 2016-05-28 00:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-15 02:19 - 2016-05-28 00:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-15 02:19 - 2016-05-28 00:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-06-15 02:19 - 2016-05-27 23:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-06-15 02:18 - 2016-05-28 02:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-15 02:18 - 2016-05-28 02:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-15 02:18 - 2016-05-28 01:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-06-15 02:18 - 2016-05-28 01:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-06-15 02:18 - 2016-05-28 00:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-15 02:18 - 2016-05-28 00:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-15 02:18 - 2016-05-28 00:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-15 02:18 - 2016-05-28 00:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-15 02:18 - 2016-05-28 00:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-06-15 02:18 - 2016-05-28 00:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-15 02:18 - 2016-05-28 00:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-15 02:18 - 2016-05-28 00:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-15 02:18 - 2016-05-28 00:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-15 02:18 - 2016-05-28 00:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-15 02:18 - 2016-05-28 00:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-15 02:18 - 2016-05-28 00:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-15 02:18 - 2016-05-28 00:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-15 02:18 - 2016-05-28 00:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-15 02:18 - 2016-05-28 00:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-15 02:18 - 2016-05-28 00:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-15 02:18 - 2016-05-28 00:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-15 02:17 - 2016-05-28 00:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-15 02:17 - 2016-05-28 00:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-15 02:17 - 2016-05-28 00:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-06-15 02:17 - 2016-05-28 00:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-15 02:17 - 2016-05-28 00:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-15 02:17 - 2016-05-28 00:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-15 02:17 - 2016-05-28 00:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-15 02:17 - 2016-05-28 00:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-15 02:17 - 2016-05-28 00:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-15 02:17 - 2016-05-28 00:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-15 02:17 - 2016-05-28 00:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 02:17 - 2016-05-28 00:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-06-15 02:17 - 2016-05-28 00:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-15 02:17 - 2016-05-28 00:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-15 02:17 - 2016-05-28 00:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-15 02:17 - 2016-05-27 23:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-15 02:17 - 2016-05-27 23:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-15 02:16 - 2016-05-28 02:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-15 02:16 - 2016-05-28 01:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-15 02:16 - 2016-05-28 01:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-15 02:16 - 2016-05-28 01:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-15 02:16 - 2016-05-28 01:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-15 02:16 - 2016-05-28 01:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-15 02:16 - 2016-05-28 00:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-06-15 02:16 - 2016-05-28 00:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-15 02:16 - 2016-05-28 00:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-06-15 02:16 - 2016-05-28 00:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-06-15 02:16 - 2016-05-28 00:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-06-15 02:16 - 2016-05-28 00:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-06-15 02:16 - 2016-05-28 00:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-15 02:16 - 2016-05-28 00:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-15 02:16 - 2016-05-28 00:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-15 02:16 - 2016-05-28 00:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-15 02:16 - 2016-05-28 00:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-06-15 02:16 - 2016-05-28 00:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-15 02:16 - 2016-05-28 00:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-06-15 02:16 - 2016-05-28 00:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-15 02:16 - 2016-05-28 00:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-15 02:16 - 2016-05-28 00:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-15 02:16 - 2016-05-28 00:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-06-15 02:16 - 2016-05-28 00:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
2016-06-15 02:16 - 2016-05-28 00:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-15 02:16 - 2016-05-28 00:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-15 02:16 - 2016-05-27 23:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-15 02:15 - 2016-05-28 01:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2016-06-15 02:15 - 2016-05-28 01:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-15 02:15 - 2016-05-28 01:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-06-15 02:15 - 2016-05-28 01:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-15 02:15 - 2016-05-28 01:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-15 02:15 - 2016-05-28 01:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-15 02:15 - 2016-05-28 01:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-15 02:15 - 2016-05-28 01:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-15 02:15 - 2016-05-28 01:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-15 02:15 - 2016-05-28 01:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-15 02:15 - 2016-05-28 00:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-15 02:15 - 2016-05-28 00:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-06-15 02:15 - 2016-05-28 00:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-15 02:15 - 2016-05-28 00:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-06-15 02:15 - 2016-05-28 00:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-06-15 02:15 - 2016-05-28 00:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-06-15 02:15 - 2016-05-28 00:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-15 02:15 - 2016-05-28 00:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-06-15 02:15 - 2016-05-28 00:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-06-15 02:15 - 2016-05-28 00:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-15 02:15 - 2016-05-28 00:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-15 02:15 - 2016-05-28 00:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-06-15 02:15 - 2016-05-28 00:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-15 02:15 - 2016-05-28 00:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-15 02:15 - 2016-05-28 00:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-06-15 02:15 - 2016-05-28 00:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-15 02:15 - 2016-05-28 00:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-15 02:15 - 2016-05-28 00:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-06-15 02:15 - 2016-05-28 00:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-15 02:15 - 2016-05-28 00:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-15 02:15 - 2016-05-28 00:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-06-15 02:15 - 2016-05-27 23:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-15 02:15 - 2016-05-27 23:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-15 02:14 - 2016-05-28 02:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-15 02:14 - 2016-05-28 01:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-15 02:14 - 2016-05-28 01:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-06-15 02:14 - 2016-05-28 01:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-06-15 02:14 - 2016-05-28 01:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-15 02:14 - 2016-05-28 01:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-15 02:14 - 2016-05-28 01:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-15 02:14 - 2016-05-28 01:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-15 02:14 - 2016-05-28 01:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-15 02:14 - 2016-05-28 01:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-15 02:14 - 2016-05-28 01:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-15 02:14 - 2016-05-28 01:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-06-15 02:14 - 2016-05-28 01:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-06-15 02:14 - 2016-05-28 01:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-15 02:14 - 2016-05-28 00:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-15 02:14 - 2016-05-28 00:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-15 02:14 - 2016-05-28 00:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-06-15 02:14 - 2016-05-28 00:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-15 02:14 - 2016-05-28 00:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-06-15 02:14 - 2016-05-28 00:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-06-15 02:14 - 2016-05-28 00:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-15 02:14 - 2016-05-28 00:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-06-15 02:14 - 2016-05-28 00:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-06-15 02:14 - 2016-05-28 00:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-15 02:14 - 2016-05-28 00:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-15 02:14 - 2016-05-28 00:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-15 02:14 - 2016-05-28 00:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-15 02:14 - 2016-05-28 00:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-15 02:14 - 2016-05-28 00:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-15 02:14 - 2016-05-28 00:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-15 02:14 - 2016-05-28 00:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-15 02:14 - 2016-05-28 00:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-15 02:14 - 2016-05-28 00:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-15 02:14 - 2016-05-28 00:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-15 02:14 - 2016-05-28 00:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-15 02:14 - 2016-05-27 23:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-15 02:13 - 2016-05-28 02:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-15 02:13 - 2016-05-28 02:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-15 02:13 - 2016-05-28 01:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-06-15 02:13 - 2016-05-28 01:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-15 02:13 - 2016-05-28 01:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-06-15 02:13 - 2016-05-28 01:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-15 02:13 - 2016-05-28 01:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-15 02:13 - 2016-05-28 01:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-15 02:13 - 2016-05-28 01:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-15 02:13 - 2016-05-28 00:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-06-15 02:13 - 2016-05-28 00:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-06-15 02:13 - 2016-05-28 00:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-06-15 02:13 - 2016-05-28 00:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-06-15 02:13 - 2016-05-28 00:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-15 02:13 - 2016-05-28 00:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-06-15 02:13 - 2016-05-28 00:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-15 02:13 - 2016-05-28 00:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-06-15 02:13 - 2016-05-28 00:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-06-15 02:13 - 2016-05-28 00:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-06-15 02:13 - 2016-05-28 00:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-06-15 02:13 - 2016-05-28 00:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-06-15 02:13 - 2016-05-28 00:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-06-15 02:13 - 2016-05-28 00:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2016-06-15 02:13 - 2016-05-28 00:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-15 02:13 - 2016-05-28 00:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-15 02:13 - 2016-05-28 00:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-06-15 02:13 - 2016-05-28 00:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-15 02:13 - 2016-05-28 00:13 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-06-15 02:13 - 2016-05-28 00:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-15 02:13 - 2016-05-28 00:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-15 02:13 - 2016-05-28 00:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-06-15 02:13 - 2016-05-28 00:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-15 02:13 - 2016-05-28 00:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-15 02:13 - 2016-05-27 23:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-15 02:12 - 2016-05-28 00:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-06-15 02:12 - 2016-05-28 00:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-06-15 02:12 - 2016-05-28 00:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-06-15 02:12 - 2016-05-28 00:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-15 02:12 - 2016-05-28 00:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-15 02:12 - 2016-05-28 00:25 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-06-15 02:12 - 2016-05-28 00:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-15 02:12 - 2016-05-28 00:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-15 02:12 - 2016-05-28 00:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-15 02:12 - 2016-05-28 00:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-06-15 02:12 - 2016-05-28 00:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-15 02:12 - 2016-05-28 00:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-15 02:12 - 2016-05-28 00:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-15 02:12 - 2016-05-28 00:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-15 02:12 - 2016-05-28 00:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-06-15 02:12 - 2016-05-28 00:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-06-15 02:12 - 2016-05-28 00:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-06-15 02:12 - 2016-05-28 00:13 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-06-15 02:12 - 2016-05-28 00:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-06-15 02:12 - 2016-05-28 00:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-15 02:12 - 2016-05-28 00:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-15 02:12 - 2016-05-27 23:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-15 16:43 - 2016-02-05 13:26 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-15 01:51 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-15 01:51 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-07-15 01:31 - 2016-06-12 13:07 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-14 22:14 - 2016-02-06 01:08 - 00000024 _____ C:\Users\mike\jagexappletviewer.preferences
2016-07-14 21:28 - 2016-03-04 16:14 - 00000000 ____D C:\Users\mike\AppData\Roaming\TS3Client
2016-07-14 17:43 - 2016-02-05 13:26 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-14 11:12 - 2016-02-06 01:08 - 00000043 _____ C:\Users\mike\jagex_cl_oldschool_LIVE.dat
2016-07-14 04:29 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-07-14 04:24 - 2016-02-10 06:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-07-14 04:20 - 2016-02-10 06:28 - 144749672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-07-13 03:46 - 2016-02-05 13:28 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-13 03:46 - 2016-02-05 13:28 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-07-11 11:05 - 2016-05-21 01:10 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-11 11:05 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-07-11 09:01 - 2016-05-21 00:52 - 00000000 ____D C:\Users\mike
2016-07-11 09:01 - 2016-05-21 00:48 - 00000000 ____D C:\Program Files\Elantech
2016-07-11 09:01 - 2016-02-04 23:02 - 00000000 __SHD C:\Users\mike\IntelGraphicsProfiles
2016-07-11 03:30 - 2016-02-13 09:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-11 03:30 - 2015-10-30 02:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-07-06 20:39 - 2016-06-07 00:02 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-03 15:41 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-07-02 00:37 - 2015-10-30 03:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-07-02 00:37 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-01 08:47 - 2016-02-13 09:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-07-01 08:36 - 2016-02-13 09:11 - 00215576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-07-01 08:33 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-07-01 08:33 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-07-01 08:33 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\setup
2016-07-01 08:33 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-07-01 08:33 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-30 14:22 - 2016-02-04 23:02 - 00000000 ____D C:\Users\mike\AppData\Local\Packages
2016-06-30 02:36 - 2016-03-04 16:14 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-06-30 02:23 - 2014-05-06 07:14 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-06-30 02:18 - 2016-05-21 00:48 - 00000000 ____D C:\Program Files\CONEXANT
2016-06-30 01:59 - 2016-02-04 23:02 - 00000000 ____D C:\Users\mike\AppData\Local\VirtualStore
2016-06-29 02:13 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-22 06:01 - 2016-05-21 04:40 - 00000000 ____D C:\Windows.old
2016-06-16 21:02 - 2016-05-21 00:48 - 00000000 ____D C:\ProgramData\Conexant
 
==================== Files in the root of some directories =======
 
2016-02-05 15:38 - 2016-02-05 15:38 - 0007602 _____ () C:\Users\mike\AppData\Local\Resmon.ResmonCfg
2016-05-21 00:48 - 2016-05-21 00:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-08 12:41
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-07-2016 02
Ran by mike (2016-07-15 16:54:11)
Running from C:\Users\mike\Desktop
Windows 10 Home Version 1511 (X64) (2016-05-21 05:14:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-726742185-1581409300-3016182445-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-726742185-1581409300-3016182445-503 - Limited - Disabled)
Guest (S-1-5-21-726742185-1581409300-3016182445-501 - Limited - Disabled)
mike (S-1-5-21-726742185-1581409300-3016182445-1001 - Administrator - Enabled) => C:\Users\mike
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Camtasia Studio 8 (HKLM-x32\...\{A2A41B60-D51F-4C04-BC94-B4C94F7B6DC0}) (Version: 8.6.0.2054 - TechSmith Corporation)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.17 - Lenovo)
Energy Manager (x32 Version: 1.5.0.17 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-726742185-1581409300-3016182445-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-726742185-1581409300-3016182445-1001_Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}\InprocServer32 -> %LOCALAPPDATA%\Pokki\ocdeskband_0.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {169BD988-30C4-4261-9DB7-47128EF80321} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2B30F126-37F2-4060-86B8-DC2FCC43BBDF} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {37F6D8C6-AA00-4972-8194-A321ACAADF64} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3BDA901D-500F-498E-87CD-2C368C09AB98} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6038BEC5-3C60-4686-8818-B473181B447E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {66A01620-08B4-44BE-8BA7-B092B9A4BB48} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6CEF8EB3-7E56-4A94-AD18-1EA669ABA46D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {73DD0A44-D217-4B5E-9F43-D295AF067134} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7E215122-4027-488E-86F7-42C61DF5CFB1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2016-07-14] (Microsoft Corporation)
Task: {857A809F-C460-45D9-905A-8218830D9D60} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8FF9A0E3-7A3A-412E-A6AA-20D3D2B19606} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {A38F9EDD-F7EB-4380-88DD-6D04C7213FFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-05] (Google Inc.)
Task: {B174C560-39DF-4306-A1C8-D0E56C63E00D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B4D23B62-7E88-4AD0-A83F-72DB8ECAEEFD} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {D8E1A398-1958-4375-BDD7-EC93BF601F3B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-05] (Google Inc.)
Task: {DCDDABA2-FA93-4939-B242-FEFAF9AF3540} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DDFC01D5-044F-4BDC-9FAE-D964C1844065} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job => C:\WINDOWS\vVX1000.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-05-21 04:36 - 2016-05-21 04:36 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-05-21 04:36 - 2016-05-21 04:36 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-02-13 08:54 - 2016-02-13 08:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-21 04:36 - 2016-05-21 04:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-15 02:18 - 2016-05-27 23:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-15 02:18 - 2016-05-27 23:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-15 02:18 - 2016-05-27 23:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-15 02:18 - 2016-05-27 23:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-03-26 21:05 - 2015-03-26 21:05 - 00014336 _____ () C:\Users\mike\jagexcache\jagexlauncher\bin\JagexLauncher.exe
2016-04-05 00:49 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\mike\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2016-04-05 00:49 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\mike\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2011-11-10 21:35 - 2011-11-10 21:35 - 03198464 _____ () C:\Users\mike\jagexcache\jagexlauncher\bin\jvm.dll
2011-11-10 22:16 - 2011-11-10 22:16 - 00402944 _____ () C:\Users\mike\jagexcache\jagexlauncher\bin\freetype.dll
2016-02-06 01:08 - 2016-07-14 11:12 - 00066048 _____ () C:\.jagex_cache_32\browsercontrol.dll
2016-07-12 21:24 - 2016-07-06 18:01 - 17602240 _____ () C:\Users\mike\AppData\Local\Google\Chrome\User Data\PepperFlash\22.0.0.209\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-726742185-1581409300-3016182445-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AJRouter => 3
MSCONFIG\Services: LSCWinService => 3
MSCONFIG\Services: RichVideo64 => 2
HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "ForteConfig"
HKLM\...\StartupApproved\Run: => "PhoneCompanion"
HKLM\...\StartupApproved\Run: => "Lenovo Utility"
HKLM\...\StartupApproved\Run: => "BtServer"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run: => "VX1000"
HKLM\...\StartupApproved\Run32: => "UpdateP2GShortCut"
HKLM\...\StartupApproved\Run32: => "LifeCam"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FB1D2611-F4CE-40A0-9AD5-D44015D32C1C}] => (Allow) LPort=8317
FirewallRules: [{498917E1-4D43-4FC7-8549-B94C8565C888}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{062D24BB-FDE3-4FB8-8E4B-F775706D5155}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{1D380FFE-C8E1-474B-84B5-2D5A9E05D57D}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{41B9A452-8712-4E1C-9A7B-0CADA155BDD5}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{55A836DA-F959-43C1-A439-F89D67F5C4B8}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{827630A4-B765-4351-861A-78AB8B411BC3}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{7AD2F7A2-1870-4CA7-A168-F653224E8F9A}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{91D3113A-7AD8-4AFE-AA1F-299295F8DABC}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{C3FDCD48-8882-4426-8B90-2E15381ACB5C}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{8DD81882-9DC7-4380-A220-A2C09BC6D095}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{1EE9B0D5-3411-49BE-AB99-E2EDF5A71FBF}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{E5FC01D6-D714-4A40-B7BD-BAE35225C63F}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{871BEA13-FF8C-4A02-9190-641D5C16AD36}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
24-06-2016 11:24:29 Scheduled Checkpoint
30-06-2016 02:22:38 Removed Realtek Card Reader
08-07-2016 12:41:43 Windows Update
14-07-2016 04:19:48 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Realtek Bluetooth 4.0 Adapter
Description: Realtek Bluetooth 4.0 Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Realtek Semiconductor Corp.
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Realtek RTL8723BE Wireless LAN 802.11n PCI-E NIC
Description: Realtek RTL8723BE Wireless LAN 802.11n PCI-E NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTWlanE
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/14/2016 04:24:29 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (07/14/2016 04:20:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (07/08/2016 12:41:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (07/05/2016 04:07:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Leno)
Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.
 
Error: (07/05/2016 06:06:18 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (06/30/2016 02:22:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (06/24/2016 11:24:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (06/21/2016 07:47:54 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Leno)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/17/2016 04:28:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (06/15/2016 05:35:58 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
 
System errors:
=============
Error: (07/15/2016 04:52:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (07/13/2016 07:25:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (07/13/2016 07:17:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (07/13/2016 03:00:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (07/13/2016 02:35:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_a88c2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (07/13/2016 02:22:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Conexant Audio Message Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/13/2016 02:21:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Elan Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/13/2016 02:09:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Conexant SmartAudio service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/13/2016 02:09:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (07/11/2016 09:04:38 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
 
 
CodeIntegrity:
===================================
  Date: 2016-07-14 04:33:09.261
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-02 04:43:46.075
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-01 08:37:08.416
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-17 23:52:12.204
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-16 03:17:17.334
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-30 03:36:21.152
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-28 02:47:15.027
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-21 03:19:29.231
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-21 01:07:02.209
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-21 01:05:11.727
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU N3530 @ 2.16GHz
Percentage of memory in use: 64%
Total physical RAM: 3979.21 MB
Available physical RAM: 1415.68 MB
Total Virtual: 4683.21 MB
Available Virtual: 1325.08 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:424.49 GB) (Free:302.42 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.93 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: DB082AC9)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:27 PM

Posted 17 July 2016 - 09:50 PM

I was away for he weekend.. This needs to be reposted as per Step 7
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 shaveeveverything

shaveeveverything
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 18 July 2016 - 09:54 AM

Alright my bad



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:27 PM

Posted 18 July 2016 - 10:28 AM

Thank you, Our techs will look at it there.

New topic
http://www.bleepingcomputer.com/forums/t/620286/2-laptops-infected-and-pc-possible-network-infection/

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 3 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users