Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Survey Reveals Users Have No Clue About Router Security

Featured Deal: Get 96% off the MCSA SQL Server Training Deal

Photo

RKill Log

Started by TitanCMD , Aug 11 2016 09:39 PM

  • Please log in to reply
20 replies to this topic

#1 TitanCMD

TitanCMD

  • Members
  • 19 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:11:01 PM

Posted 11 August 2016 - 09:39 PM

Hi,

 

I have a log I would like to post from RKill. Is this a good place to post it?

 

I have about a dozen services that are missing, and I was wondering how to get them back. Also, if there is time, could you tell me what those services are/and why they're missing?

 

Thanks,

 

TitanCMD

Just a Tech.


BC AdBot (Login to Remove)

 

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:01 AM

Posted 12 August 2016 - 09:25 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

We need additional information to give you sound advice.

Please post your Rkill log. Run this farbar tool and include both logs for my review.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Let me know problems you are experiencing with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:01 AM

Posted 18 August 2016 - 08:38 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 TitanCMD

TitanCMD
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:11:01 PM

Posted 23 August 2016 - 10:38 PM

Hi,

 

Sorry for my last post going inactive, I can get very busy. I'll be back here soon as I can.

 

Two uTorrent processes were terminated, and I was downloading Ubuntu 16.04. So that may be a false positive.

 

Should I attach the log or post it?

 

Mod Edit:  Merged with original topic, reopened that topic - Hamluis


Edited by hamluis, 24 August 2016 - 11:47 AM.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:01 AM

Posted 26 August 2016 - 07:45 AM

TitanCMD

Please run the tool I suggested and post the logs for my review.

nasdaq

#6 TitanCMD

TitanCMD
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:11:01 PM

Posted 26 August 2016 - 11:24 PM

Okay, running the tool tonight.


#7 TitanCMD

TitanCMD
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:11:01 PM

Posted 26 August 2016 - 11:51 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by Zach (administrator) on LENOVO (26-08-2016 21:43:46)
Running from C:\Users\Zach\Desktop\FarBar
Loaded Profiles: Zach (Available Profiles: Zach)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
() C:\Program Files\Synergy\synergyd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\Zach\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\LiveBoost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5136\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.7939\Battle.net.exe
() C:\Program Files (x86)\Battle.net\Battle.net.7939\Battle.net Helper.exe
() C:\Program Files (x86)\Battle.net\Battle.net.7939\Battle.net Helper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files (x86)\xchat\xchat.exe
(Digital Wave Ltd) C:\Program Files (x86)\DVDVideoSoft\Free YouTube To MP3 Converter\FreeYouTubeToMP3Converter.exe
() C:\Program Files (x86)\Geany\bin\geany.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.23941.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.XboxApp_19.20.24006.0_x64__8wekyb3d8bbwe\XboxApp.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-04-28] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [210688 2015-10-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [528384 2015-11-10] (Greenshot)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2626512 2016-07-28] (Malwarebytes Corporation)
HKLM-x32\...\Run: [iolo Startup] => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [4612544 2016-02-19] (iolo technologies, LLC)
HKU\S-1-5-21-3193826544-631033974-2000860424-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-3193826544-631033974-2000860424-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [3975232 2016-07-10] (GOG.com)
HKU\S-1-5-21-3193826544-631033974-2000860424-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-3193826544-631033974-2000860424-1001\...\Run: [gs_mngr] => C:\Program Files (x86)\GameSave Manager v3\gs_mngr_3.exe [2813440 2016-07-23] (InsaneMatt)
HKU\S-1-5-21-3193826544-631033974-2000860424-1001\...\Run: [Spotify Web Helper] => C:\Users\Zach\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1555056 2016-08-12] (Spotify Ltd)
HKU\S-1-5-21-3193826544-631033974-2000860424-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-08-14] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{5603b695-dffe-437a-b305-a59b6f11ed41}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{c0d3c069-6f2e-49f7-b7d1-1462fe571a9f}: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
Internet Explorer:
==================
HKU\S-1-5-21-3193826544-631033974-2000860424-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-3193826544-631033974-2000860424-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?pc=UE01&ocid=UE01DHP
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-11] (Oracle Corporation)
BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll => No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-11] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-11] (Oracle Corporation)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll => No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-11] (Oracle Corporation)
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKU\S-1-5-21-3193826544-631033974-2000860424-1001 -> VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll No File
 
FireFox:
========
FF ProfilePath: C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\wkp20v3f.default
FF Homepage: hxxp://www.google.com/
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-11] (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-11] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://msn.com/"
CHR Profile: C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-11]
CHR Extension: (Google Drive) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-11]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-08-08]
CHR Extension: (YouTube) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-11]
CHR Extension: (Adblock Plus) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-23]
CHR Extension: (Google Play Music) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-08-18]
CHR Extension: (Hacker News (YC)) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\gellakhkblaacmgbglekhoccapjmcebd [2016-08-11]
CHR Extension: (Google Docs Offline) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-11]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-07-11]
CHR Extension: (Window Resizer) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkelicaakdanhinjdeammmilcgefonfh [2016-05-11]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-11]
CHR Extension: (Gmail) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-11]
CHR Extension: (Chrome Media Router) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]
CHR HKU\S-1-5-21-3193826544-631033974-2000860424-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [391656 2016-06-20] (Digital Wave Ltd.)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [244800 2016-07-10] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6506048 2016-08-11] (GOG.com)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [363440 2015-11-20] (Intel Corporation)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4759600 2016-02-19] (iolo technologies, LLC)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-28] (Logitech Inc.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [749008 2016-07-28] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [452576 2016-02-09] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [901088 2016-02-09] (Malwarebytes Corporation)
R2 Synergy; C:\Program Files\Synergy\synergyd.exe [312488 2016-03-18] ()
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcmsmbsp; C:\Windows\System32\drivers\bcmsmbsp.sys [54552 2015-12-17] (Broadcom Corporation.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [75368 2016-08-04] ()
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [85160 2016-04-18] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-02-09] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-23] (Malwarebytes)
R3 PLTHD1; C:\Windows\system32\DRIVERS\RIG5020HD.sys [4206560 2015-10-15] (Plantronics)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [41576 2016-02-19] (EldoS Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [611608 2015-10-07] (Realtek Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3057920 2015-10-16] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [3445248 2015-10-30] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-08-14] ()
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [121248 2016-08-16] (Oracle Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-26 21:41 - 2016-08-26 21:43 - 00000000 ____D C:\Users\Zach\Desktop\FarBar
2016-08-26 21:40 - 2016-08-26 21:43 - 00000000 ____D C:\FRST
2016-08-26 21:24 - 2016-08-26 21:29 - 00378035 _____ C:\Users\Zach\Downloads\Unconfirmed 82111.crdownload
2016-08-26 21:11 - 2016-08-26 21:11 - 00022162 _____ C:\Users\Zach\Downloads\[Kanavid] Serial Experiments Lain 1-13(END) [BD][1080p][AAC][MP4].torrent
2016-08-26 20:08 - 2016-08-26 20:12 - 00000000 ____D C:\Users\Zach\AppData\Roaming\X-Chat 2
2016-08-26 20:08 - 2016-08-26 20:08 - 01001381 _____ C:\Users\Zach\Downloads\xchat-2.8.9.exe
2016-08-26 20:08 - 2016-08-26 20:08 - 00001898 _____ C:\Users\Zach\Desktop\XChat.lnk
2016-08-26 20:08 - 2016-08-26 20:08 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XChat
2016-08-26 20:08 - 2016-08-26 20:08 - 00000000 ____D C:\Program Files (x86)\xchat
2016-08-26 19:41 - 2016-08-26 19:41 - 00000000 ___HD C:\OneDriveTemp
2016-08-24 22:26 - 2016-08-24 22:26 - 00031823 _____ C:\Users\Zach\AppData\Local\recently-used.xbel
2016-08-24 20:56 - 2016-08-24 20:56 - 00000000 ____D C:\Users\Zach\Desktop\System Maintenance 08-24-2016
2016-08-24 20:50 - 2010-08-31 10:00 - 02648181 _____ (Red Hat) C:\Windows\system32\cygwin1.dll
2016-08-24 20:46 - 2015-01-18 12:45 - 01789952 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\cygcrypto-1.0.0.dll
2016-08-24 20:44 - 2016-08-24 20:49 - 00000000 ____D C:\Users\Zach\Downloads\DLLs
2016-08-24 20:33 - 2016-08-24 20:36 - 00000000 ____D C:\Users\Zach\Desktop\http%3a%2f%2fcygwin.mirror.constant.com%2f
2016-08-23 21:13 - 2016-08-23 20:39 - 1531445248 ____R C:\Users\Zach\Documents\ubuntu-16.04.1-desktop-i386.iso
2016-08-23 20:46 - 2016-08-23 20:46 - 00000000 ____D C:\Users\Zach\VirtualBox VMs
2016-08-23 20:35 - 2016-08-23 20:35 - 00004630 _____ C:\Users\Zach\Desktop\Rkill 08-23-2016.txt
2016-08-23 20:26 - 2016-08-23 21:20 - 00000000 ____D C:\Users\Zach\.VirtualBox
2016-08-23 20:25 - 2016-08-23 20:25 - 00000000 ____D C:\Program Files\Oracle
2016-08-23 20:22 - 2016-08-23 20:23 - 121962464 _____ (Oracle Corporation) C:\Users\Zach\Downloads\VirtualBox-5.1.4-110228-Win.exe
2016-08-23 20:21 - 2016-08-23 20:21 - 00000565 _____ C:\Users\Public\Desktop\Cygwin64 Terminal.lnk
2016-08-23 20:21 - 2016-08-23 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin
2016-08-23 20:18 - 2016-08-23 20:21 - 00000000 ____D C:\cygwin64
2016-08-23 20:18 - 2016-08-23 20:19 - 00000000 ____D C:\Users\Zach\Downloads\http%3a%2f%2fcygwin.mirror.constant.com%2f
2016-08-23 20:17 - 2016-08-23 20:17 - 00860672 _____ C:\Users\Zach\Downloads\setup-x86_64.exe
2016-08-20 19:46 - 2016-08-20 19:46 - 00000382 _____ C:\Users\Zach\Downloads\audible_setup
2016-08-19 08:59 - 2016-08-19 08:59 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-08-19 08:59 - 2016-08-19 08:59 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-08-17 09:02 - 2016-08-17 09:02 - 00001242 _____ C:\Windows\SysWOW64\ServiceConfig.xml
2016-08-16 20:18 - 2016-08-16 20:18 - 00195936 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetLwf.sys
2016-08-16 20:18 - 2016-08-16 20:18 - 00121248 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp6.sys
2016-08-15 21:18 - 2016-08-15 21:18 - 00003320 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task
2016-08-15 21:17 - 2016-08-15 21:17 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Skype
2016-08-15 20:49 - 2016-08-15 20:50 - 00779736 _____ (PortableApps.com) C:\Users\Zach\Downloads\JkDefrag_Portable_3.36.paf.exe
2016-08-14 14:34 - 2016-08-14 14:34 - 00000000 ____D C:\Users\Zach\AppData\Local\My Games
2016-08-14 12:07 - 2016-08-14 12:08 - 451162447 _____ C:\Users\Zach\Desktop\System Maintenance Tasks v1_1.zip
2016-08-14 11:52 - 2016-08-14 12:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-08-14 11:52 - 2016-08-14 11:52 - 00000000 ____D C:\Users\Zach\AppData\Roaming\SUPERAntiSpyware.com
2016-08-14 11:52 - 2016-08-14 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-08-14 10:35 - 2016-08-14 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-08-13 22:07 - 2016-08-13 22:07 - 00003222 _____ C:\Windows\System32\Tasks\iolo Process Governor
2016-08-13 22:07 - 2016-08-13 22:07 - 00000000 ____D C:\Users\Zach\AppData\Roaming\ioloGovernor
2016-08-13 22:07 - 2016-08-13 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Professional
2016-08-13 22:07 - 2016-08-13 22:07 - 00000000 ____D C:\ProgramData\ioloGovernor
2016-08-13 22:07 - 2016-08-13 22:07 - 00000000 ____D C:\Program Files (x86)\iolo
2016-08-13 22:07 - 2016-02-19 07:30 - 00066392 _____ (iolo technologies, LLC) C:\Windows\system32\iolobtdfg.exe
2016-08-13 22:07 - 2016-02-19 07:30 - 00034736 _____ (iolo technologies, LLC) C:\Windows\system32\smrgdf.exe
2016-08-13 22:07 - 2016-02-19 07:20 - 02182248 _____ (iolo technologies, LLC) C:\Windows\system32\Incinerator64.dll
2016-08-13 22:07 - 2016-02-19 07:20 - 02123552 _____ (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll
2016-08-13 22:04 - 2016-08-13 22:04 - 00491120 _____ C:\Users\Zach\Downloads\smpro_dm.exe
2016-08-13 22:01 - 2016-08-14 16:43 - 00000000 ____D C:\Users\Zach\AppData\Roaming\iolo
2016-08-13 22:01 - 2016-08-14 12:00 - 00000000 ____D C:\ProgramData\iolo
2016-08-13 22:01 - 2016-08-13 22:01 - 00074703 _____ C:\Windows\SysWOW64\mfc45.dat
2016-08-13 20:36 - 2016-08-13 20:36 - 00000000 ____D C:\Program Files\HitmanPro
2016-08-13 20:35 - 2016-08-13 20:36 - 11438608 _____ (SurfRight B.V.) C:\Users\Zach\Downloads\hitmanpro_x64.exe
2016-08-13 20:07 - 2016-08-13 20:07 - 00000000 ____D C:\Users\Zach\AppData\Local\IsolatedStorage
2016-08-13 19:58 - 2016-08-13 19:58 - 00000000 _____ C:\Windows\system32\SBRC.dat
2016-08-13 19:52 - 2016-08-17 09:02 - 00003032 _____ C:\Windows\SysWOW64\VipreEdgeProtectionOff.ini
2016-08-13 19:52 - 2016-08-17 09:02 - 00003032 _____ C:\Windows\system32\VipreEdgeProtectionOff.ini
2016-08-13 19:51 - 2016-08-17 09:03 - 00000000 ____D C:\Program Files (x86)\VIPRE
2016-08-13 19:51 - 2016-08-16 18:57 - 00000000 ____D C:\ProgramData\VIPRE
2016-08-13 19:51 - 2016-08-13 19:51 - 00000000 ____D C:\ProgramData\Downloaded Installations
2016-08-13 19:50 - 2016-08-13 20:07 - 00000000 ____D C:\Users\Zach\AppData\Roaming\VIPRE
2016-08-13 19:50 - 2016-08-13 19:50 - 06566728 _____ (ThreatTrack Security, Inc) C:\Users\Zach\Downloads\setup-vipre-internet-security.exe
2016-08-13 19:50 - 2016-08-13 19:50 - 00000000 ____D C:\Users\Zach\AppData\Local\VIPRE
2016-08-13 18:02 - 2016-08-13 19:49 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-13 18:02 - 2016-08-13 18:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-08-13 18:02 - 2016-08-13 18:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-08-13 17:59 - 2016-08-13 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2016-08-13 17:59 - 2016-08-13 18:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2016-08-13 17:59 - 2016-08-13 17:59 - 00001178 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-13 17:59 - 2016-02-09 12:54 - 00027008 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2016-08-12 21:59 - 2016-08-13 18:31 - 00000000 ____D C:\Users\Zach\AppData\Local\Spotify
2016-08-12 21:59 - 2016-08-12 21:59 - 00001845 _____ C:\Users\Zach\Desktop\Spotify.lnk
2016-08-12 21:59 - 2016-08-12 21:59 - 00001831 _____ C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-08-12 21:58 - 2016-08-13 18:31 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Spotify
2016-08-12 21:58 - 2016-08-12 21:58 - 00348376 _____ (Spotify Ltd) C:\Users\Zach\Downloads\SpotifySetup.exe
2016-08-12 21:15 - 2016-08-18 20:52 - 00915780 _____ C:\Users\Zach\Desktop\Thoughts by Stick Figure.xcf
2016-08-12 20:23 - 2016-08-12 20:33 - 00652878 _____ C:\Users\Zach\Desktop\Table with Risers.xcf
2016-08-11 21:05 - 2016-08-11 21:05 - 00082473 _____ C:\Users\Zach\Desktop\DxDiag.txt
2016-08-11 20:58 - 2016-08-11 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gangsters [GOG.com]
2016-08-11 20:50 - 2016-08-11 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-08-09 21:11 - 2016-08-03 03:22 - 00808288 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-08-09 21:11 - 2016-08-03 03:21 - 00566112 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2016-08-09 21:11 - 2016-08-03 02:51 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-08-09 21:11 - 2016-08-03 02:44 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2016-08-09 21:11 - 2016-08-03 02:40 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2016-08-09 21:11 - 2016-08-03 02:30 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\OneDriveSettingSyncProvider.dll
2016-08-09 21:11 - 2016-08-03 02:29 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2016-08-09 21:11 - 2016-08-03 02:18 - 06974464 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-08-09 21:11 - 2016-08-03 02:11 - 04171264 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-08-09 21:11 - 2016-08-02 21:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-09 21:11 - 2016-08-02 21:44 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-09 21:11 - 2016-08-02 21:32 - 12585984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-08-09 21:11 - 2016-08-02 21:19 - 02180096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2016-08-09 21:10 - 2016-08-03 04:14 - 01505984 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-08-09 21:10 - 2016-08-03 04:14 - 00092352 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-08-09 21:10 - 2016-08-03 04:14 - 00050368 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-08-09 21:10 - 2016-08-03 03:36 - 07469408 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-08-09 21:10 - 2016-08-03 03:36 - 00099680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2016-08-09 21:10 - 2016-08-03 03:36 - 00037744 _____ (Microsoft Corporation) C:\Windows\system32\wldp.dll
2016-08-09 21:10 - 2016-08-03 03:30 - 00026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-08-09 21:10 - 2016-08-03 03:23 - 00693600 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-08-09 21:10 - 2016-08-03 03:23 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2016-08-09 21:10 - 2016-08-03 03:22 - 01322760 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-08-09 21:10 - 2016-08-03 03:22 - 00465248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-08-09 21:10 - 2016-08-03 03:22 - 00331616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-08-09 21:10 - 2016-08-03 03:21 - 22561256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-08-09 21:10 - 2016-08-03 03:21 - 03675512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-09 21:10 - 2016-08-03 03:21 - 00303216 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2016-08-09 21:10 - 2016-08-03 03:20 - 01540224 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2016-08-09 21:10 - 2016-08-03 03:20 - 00692136 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2016-08-09 21:10 - 2016-08-03 03:19 - 00604928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-08-09 21:10 - 2016-08-03 03:19 - 00161632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-09 21:10 - 2016-08-03 03:13 - 01988448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-08-09 21:10 - 2016-08-03 03:13 - 00576864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-08-09 21:10 - 2016-08-03 03:13 - 00393056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-08-09 21:10 - 2016-08-03 02:51 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\tdlrecover.exe
2016-08-09 21:10 - 2016-08-03 02:46 - 22384128 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-08-09 21:10 - 2016-08-03 02:44 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2016-08-09 21:10 - 2016-08-03 02:44 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2016-08-09 21:10 - 2016-08-03 02:43 - 16985088 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-08-09 21:10 - 2016-08-03 02:41 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2016-08-09 21:10 - 2016-08-03 02:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2016-08-09 21:10 - 2016-08-03 02:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryClient.dll
2016-08-09 21:10 - 2016-08-03 02:41 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryBroker.dll
2016-08-09 21:10 - 2016-08-03 02:40 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2016-08-09 21:10 - 2016-08-03 02:40 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\VEDataLayerHelpers.dll
2016-08-09 21:10 - 2016-08-03 02:40 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2016-08-09 21:10 - 2016-08-03 02:39 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-08-09 21:10 - 2016-08-03 02:39 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\BluetoothApis.dll
2016-08-09 21:10 - 2016-08-03 02:38 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2016-08-09 21:10 - 2016-08-03 02:38 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2016-08-09 21:10 - 2016-08-03 02:37 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\IdCtrls.dll
2016-08-09 21:10 - 2016-08-03 02:36 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-08-09 21:10 - 2016-08-03 02:36 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-08-09 21:10 - 2016-08-03 02:35 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-08-09 21:10 - 2016-08-03 02:35 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2016-08-09 21:10 - 2016-08-03 02:33 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2016-08-09 21:10 - 2016-08-03 02:31 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2016-08-09 21:10 - 2016-08-03 02:31 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\SensorsApi.dll
2016-08-09 21:10 - 2016-08-03 02:31 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\wevtutil.exe
2016-08-09 21:10 - 2016-08-03 02:30 - 24613888 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-09 21:10 - 2016-08-03 02:29 - 14252544 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-08-09 21:10 - 2016-08-03 02:29 - 02127360 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-09 21:10 - 2016-08-03 02:29 - 01500160 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2016-08-09 21:10 - 2016-08-03 02:29 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-08-09 21:10 - 2016-08-03 02:29 - 00954368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2016-08-09 21:10 - 2016-08-03 02:29 - 00784384 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-09 21:10 - 2016-08-03 02:28 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-08-09 21:10 - 2016-08-03 02:28 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-08-09 21:10 - 2016-08-03 02:28 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2016-08-09 21:10 - 2016-08-03 02:27 - 07536640 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-08-09 21:10 - 2016-08-03 02:27 - 01752576 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-09 21:10 - 2016-08-03 02:27 - 01717760 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-08-09 21:10 - 2016-08-03 02:27 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2016-08-09 21:10 - 2016-08-03 02:20 - 13390336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-09 21:10 - 2016-08-03 02:18 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-08-09 21:10 - 2016-08-03 02:18 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-09 21:10 - 2016-08-03 02:17 - 02175488 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-08-09 21:10 - 2016-08-03 02:16 - 05123072 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2016-08-09 21:10 - 2016-08-03 02:16 - 03589120 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-08-09 21:10 - 2016-08-03 02:16 - 02635776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-08-09 21:10 - 2016-08-03 02:16 - 01732096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-09 21:10 - 2016-08-03 02:15 - 07833088 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-08-09 21:10 - 2016-08-03 02:14 - 04895232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-09 21:10 - 2016-08-03 02:14 - 01997824 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2016-08-09 21:10 - 2016-08-03 02:13 - 03025920 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-09 21:10 - 2016-08-03 02:13 - 02280960 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-08-09 21:10 - 2016-08-03 02:12 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2016-08-09 21:10 - 2016-08-02 22:52 - 00034088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wldp.dll
2016-08-09 21:10 - 2016-08-02 22:34 - 00501592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-08-09 21:10 - 2016-08-02 22:34 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2016-08-09 21:10 - 2016-08-02 22:33 - 00051128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsNativeApi.dll
2016-08-09 21:10 - 2016-08-02 22:31 - 02921368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-09 21:10 - 2016-08-02 22:31 - 00957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-08-09 21:10 - 2016-08-02 22:31 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-08-09 21:10 - 2016-08-02 22:30 - 21123320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-08-09 21:10 - 2016-08-02 22:30 - 00465760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2016-08-09 21:10 - 2016-08-02 22:30 - 00255168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2016-08-09 21:10 - 2016-08-02 21:57 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdlrecover.exe
2016-08-09 21:10 - 2016-08-02 21:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll
2016-08-09 21:10 - 2016-08-02 21:47 - 13018112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-08-09 21:10 - 2016-08-02 21:42 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BluetoothApis.dll
2016-08-09 21:10 - 2016-08-02 21:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IdCtrls.dll
2016-08-09 21:10 - 2016-08-02 21:39 - 19351040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-09 21:10 - 2016-08-02 21:37 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2016-08-09 21:10 - 2016-08-02 21:35 - 00286208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsApi.dll
2016-08-09 21:10 - 2016-08-02 21:35 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtutil.exe
2016-08-09 21:10 - 2016-08-02 21:34 - 00792064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-09 21:10 - 2016-08-02 21:34 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-09 21:10 - 2016-08-02 21:33 - 18677760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-08-09 21:10 - 2016-08-02 21:33 - 02050048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-09 21:10 - 2016-08-02 21:33 - 00687616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-09 21:10 - 2016-08-02 21:32 - 01526272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-09 21:10 - 2016-08-02 21:32 - 01467392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-08-09 21:10 - 2016-08-02 21:32 - 00434688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2016-08-09 21:10 - 2016-08-02 21:31 - 06743040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-08-09 21:10 - 2016-08-02 21:31 - 00705536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-08-09 21:10 - 2016-08-02 21:29 - 12133376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-09 21:10 - 2016-08-02 21:28 - 03663360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-09 21:10 - 2016-08-02 21:25 - 05323776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-08-09 21:10 - 2016-08-02 21:25 - 04078080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2016-08-09 21:10 - 2016-08-02 21:23 - 05660672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-08-09 21:10 - 2016-08-02 21:23 - 01799680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-08-09 21:10 - 2016-08-02 21:22 - 02501120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-09 21:10 - 2016-08-02 21:22 - 01502208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-09 21:10 - 2016-08-02 21:21 - 01708032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2016-08-09 21:09 - 2016-08-03 03:22 - 00058408 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.dll
2016-08-09 21:09 - 2016-08-03 03:11 - 00422744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2016-08-09 21:09 - 2016-08-03 02:40 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\bthserv.dll
2016-08-09 21:09 - 2016-08-03 02:36 - 00221696 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-09 21:09 - 2016-08-03 02:34 - 00383488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-09 21:09 - 2016-08-03 02:33 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2016-08-09 21:09 - 2016-08-03 02:30 - 00970752 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-09 21:09 - 2016-08-02 21:37 - 00335872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-08 20:49 - 2016-08-08 20:49 - 00000254 _____ C:\Users\Zach\Desktop\repeat.bat
2016-08-08 20:24 - 2016-08-24 21:40 - 00001378 _____ C:\Users\Zach\Desktop\Rkill.txt
2016-08-08 19:58 - 2016-08-08 20:02 - 00000000 ____D C:\Users\Zach\AppData\Local\NPE
2016-08-08 19:58 - 2016-08-08 19:58 - 00000000 ____D C:\ProgramData\Norton
2016-08-08 19:47 - 2016-08-08 19:47 - 26901128 _____ (SUPERAntiSpyware) C:\Users\Zach\Downloads\SAS_893449D3.EXE
2016-08-07 18:21 - 2016-08-07 18:21 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-08-07 16:57 - 2016-08-26 19:44 - 00004146 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C31FD828-D1EE-4D14-88F6-1CE4B1602E84}
2016-08-07 16:22 - 2016-08-07 16:22 - 00000039 _____ C:\Users\Zach\Desktop\URL Batch command for system reinstalls.txt
2016-08-07 16:09 - 2016-08-07 16:09 - 04498888 _____ (HTTrack ) C:\Users\Zach\Downloads\httrack_x64-3.48.22.exe
2016-08-07 15:42 - 2016-08-07 16:13 - 00000000 ____D C:\Users\Zach\Documents\Dell Website
2016-08-07 15:37 - 2016-08-07 15:37 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-08-07 15:37 - 2016-08-07 15:37 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Mozilla
2016-08-07 15:37 - 2016-08-07 15:37 - 00000000 ____D C:\Users\Zach\AppData\Local\Mozilla
2016-08-07 15:37 - 2016-08-07 15:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-07 15:37 - 2016-08-07 15:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-07 15:32 - 2016-08-07 15:32 - 01238056 _____ (WinWget Team ) C:\Users\Zach\Downloads\WinWget_0.20beta_setup.exe
2016-08-07 15:16 - 2016-08-07 15:24 - 03638608 _____ C:\Users\Zach\Downloads\wget64.exe
2016-08-07 15:02 - 2016-08-07 15:02 - 02038876 _____ (GnuWin <gnuwin32.sourceforge.net> ) C:\Users\Zach\Downloads\sed-4.2.1-setup.exe
2016-08-07 14:49 - 2016-08-07 14:49 - 00000021 _____ C:\Users\Zach\Desktop\wget.txt
2016-08-07 14:29 - 2016-08-07 14:29 - 00000000 ____D C:\Users\Zach\Downloads\Driver Database
2016-08-06 19:25 - 2016-08-06 19:25 - 48605301 _____ C:\Users\Zach\Desktop\System Maintenance Tasks.rar
2016-08-06 18:20 - 2016-08-06 18:20 - 00000000 ____D C:\Users\Zach\Downloads\CCleaner Portable
2016-08-06 17:27 - 2016-08-15 21:08 - 00000000 ____D C:\Users\Zach\Desktop\System Maintenance Tasks
2016-08-06 14:50 - 2016-08-06 14:50 - 00000181 _____ C:\Users\Zach\Desktop\BT - 1 006.bat
2016-08-06 14:48 - 2016-08-06 14:48 - 00000177 _____ C:\Users\Zach\Desktop\BT - 1 005.bat
2016-08-06 14:38 - 2016-08-06 14:38 - 00000073 _____ C:\Users\Zach\Desktop\BT - 1 004.bat
2016-08-06 14:35 - 2016-08-06 14:35 - 00000092 _____ C:\Users\Zach\Desktop\BT - 1 002.bat
2016-08-06 14:33 - 2016-08-06 14:33 - 00000095 _____ C:\Users\Zach\Desktop\BT - 1 003.bat
2016-08-06 14:21 - 2016-08-06 14:21 - 05225403 _____ (Jos van der Zande) C:\Users\Zach\Downloads\SciTE4AutoIt3.exe
2016-08-06 14:19 - 2016-08-11 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
2016-08-06 14:16 - 2016-08-06 14:18 - 12273456 _____ (AutoIt Team) C:\Users\Zach\Downloads\autoit-v3-setup.exe
2016-08-06 12:53 - 2016-08-06 12:53 - 00537141 _____ C:\Users\Zach\Documents\How To Become A Hacker.pdf
2016-08-06 12:33 - 2016-08-06 12:33 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Greenshot
2016-08-06 12:33 - 2016-08-06 12:33 - 00000000 ____D C:\Users\Zach\AppData\Local\Greenshot
2016-08-06 12:31 - 2016-08-06 12:31 - 01374661 _____ (Greenshot ) C:\Users\Zach\Downloads\Greenshot-INSTALLER-1.2.8.12-RELEASE.exe
2016-08-06 12:31 - 2016-08-06 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot
2016-08-06 12:31 - 2016-08-06 12:31 - 00000000 ____D C:\Program Files\Greenshot
2016-08-06 12:26 - 2016-08-06 13:08 - 00257042 _____ C:\Users\Zach\Documents\A Letter To Someone 08-06-2016.odt
2016-08-05 21:38 - 2016-08-05 21:38 - 00000113 _____ C:\Users\Zach\Desktop\BT - 1 001.bat
2016-08-05 21:36 - 2016-08-05 21:36 - 00000000 _____ C:\Windows\system32\]
2016-08-05 21:15 - 2016-08-05 21:15 - 00000119 _____ C:\Users\Zach\Desktop\Batch Training 08-05-2016.bat
2016-08-04 22:11 - 2016-08-04 22:11 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-08-04 22:11 - 2016-08-04 22:11 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-08-04 22:11 - 2016-08-04 22:11 - 00000000 ____D C:\Program Files\Realtek
2016-08-04 22:10 - 2016-08-04 22:10 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-08-04 22:10 - 2015-06-18 18:45 - 04496600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2016-08-04 22:10 - 2015-06-18 17:59 - 02862488 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2016-08-04 22:10 - 2015-06-17 19:47 - 02930904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2016-08-04 22:10 - 2015-06-17 14:45 - 03234520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2016-08-04 22:10 - 2015-06-15 17:39 - 01748184 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2016-08-04 22:10 - 2015-05-26 11:59 - 00166616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2016-08-04 22:10 - 2015-05-25 15:18 - 03195416 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2016-08-04 22:10 - 2015-05-18 14:47 - 02702040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2016-08-04 22:10 - 2015-05-15 19:27 - 02918104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2016-08-04 22:10 - 2015-05-15 16:32 - 01316056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2016-08-04 22:10 - 2015-01-19 18:10 - 72113152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2016-08-04 22:10 - 2014-11-11 13:44 - 00631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2016-08-04 22:10 - 2014-11-04 13:42 - 06242576 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2016-08-04 22:10 - 2014-11-04 13:42 - 01933584 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2016-08-04 22:10 - 2014-11-04 13:42 - 00336144 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2016-08-04 22:10 - 2014-11-04 13:42 - 00284944 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2016-08-04 22:10 - 2014-09-24 11:31 - 07087448 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2016-08-04 22:10 - 2014-09-24 11:31 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2016-08-04 22:10 - 2014-09-24 11:31 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2016-08-04 22:10 - 2014-09-24 11:31 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2016-08-04 22:10 - 2014-08-14 19:16 - 05804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2016-08-04 22:10 - 2014-06-09 10:59 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2016-08-04 22:10 - 2014-04-10 12:19 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2016-08-04 22:10 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2016-08-04 22:10 - 2013-10-11 11:31 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2016-08-04 22:10 - 2013-08-14 15:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2016-08-04 22:10 - 2013-08-14 15:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2016-08-04 22:10 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2016-08-04 22:10 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2016-08-04 22:10 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2016-08-04 22:10 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2016-08-04 22:10 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2016-08-04 22:10 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2016-08-04 22:10 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2016-08-04 22:10 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2016-08-04 22:10 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2016-08-04 22:10 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2016-08-04 22:10 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2016-08-04 22:10 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2016-08-04 22:10 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2016-08-04 22:10 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2016-08-04 22:10 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2016-08-04 22:10 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2016-08-04 22:10 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2016-08-04 22:10 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2016-08-04 22:10 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2016-08-04 22:10 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2016-08-04 22:10 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2016-08-04 22:10 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2016-08-04 22:10 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2016-08-04 22:10 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2016-08-04 22:10 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2016-08-04 22:10 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2016-08-04 22:10 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2016-08-04 22:10 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2016-08-04 22:10 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2016-08-04 22:10 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2016-08-04 22:10 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2016-08-04 22:10 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2016-08-04 22:10 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2016-08-04 22:10 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2016-08-04 22:10 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2016-08-04 22:09 - 2016-08-04 22:14 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-08-04 22:09 - 2015-05-27 17:38 - 02825944 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2016-08-04 22:08 - 2016-08-04 22:09 - 131494359 _____ (Realtek Semiconductor Corp.) C:\Users\Zach\Downloads\0006-64bit_Win7_Win8_Win81_Win10_R279.exe
2016-08-04 21:54 - 2016-08-04 21:56 - 00066753 _____ C:\Users\Zach\Documents\ACPI Backing Corporations.xcf
2016-08-04 21:23 - 2016-08-04 21:23 - 08136664 _____ (Piriform Ltd) C:\Users\Zach\Downloads\ccsetup520.exe
2016-08-04 20:57 - 2016-08-04 20:57 - 00000000 ____D C:\Users\Zach\Downloads\Computer System Infrastructure
2016-08-04 20:56 - 2016-08-04 20:57 - 00000000 ____D C:\Users\Zach\Downloads\Work
2016-08-04 20:56 - 2016-08-04 20:56 - 00000000 ____D C:\Users\Zach\Downloads\Entertainment
2016-08-04 20:42 - 2016-08-04 20:42 - 00000000 ____D C:\Users\Zach\Documents\Asus Warranty
2016-08-02 22:33 - 2016-08-02 23:00 - 00002468 _____ C:\Users\Zach\Desktop\Clear Clipboard Cache.lnk
2016-08-02 22:29 - 2016-08-02 22:29 - 00000000 ____D C:\Users\Zach\Documents\Career
2016-08-02 22:28 - 2016-08-02 22:28 - 00000000 ____D C:\Users\Zach\Documents\Synergy
2016-08-02 22:13 - 2016-08-02 22:27 - 00000000 ____D C:\Users\Zach\Documents\Personal Goals
2016-08-02 22:12 - 2016-08-02 22:29 - 00000000 ____D C:\Users\Zach\Documents\Family
2016-08-02 21:43 - 2016-08-02 21:43 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-08-02 21:19 - 2016-08-02 21:19 - 00002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synergy.lnk
2016-07-28 18:52 - 2016-08-11 19:58 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-26 21:40 - 2016-05-11 18:45 - 00000000 ____D C:\Users\Zach\AppData\Local\Battle.net
2016-08-26 21:37 - 2016-05-24 21:26 - 00000000 ____D C:\Users\Zach\AppData\Roaming\uTorrent
2016-08-26 20:59 - 2016-05-11 17:49 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-26 20:57 - 2016-05-11 19:49 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-08-26 20:49 - 2016-05-11 19:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-26 20:34 - 2016-06-26 10:44 - 00000000 ____D C:\Users\Zach\AppData\Roaming\DVDVideoSoft
2016-08-26 20:00 - 2016-05-21 17:30 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-08-26 20:00 - 2016-05-11 18:44 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-08-26 19:49 - 2016-06-15 20:29 - 00000000 ____D C:\Users\Zach\AppData\Roaming\vlc
2016-08-26 19:47 - 2016-05-11 16:14 - 00834360 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-26 19:47 - 2015-10-30 00:21 - 00000000 ____D C:\Windows\INF
2016-08-26 19:45 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-26 19:45 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\AppReadiness
2016-08-26 19:43 - 2016-05-21 17:40 - 00000000 ___RD C:\Users\Zach\Google Drive
2016-08-26 19:42 - 2016-06-17 21:16 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-26 19:42 - 2016-05-11 17:49 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-26 19:42 - 2016-05-11 17:39 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-08-26 19:42 - 2016-05-11 17:39 - 00000000 __SHD C:\Users\Zach\IntelGraphicsProfiles
2016-08-26 19:42 - 2016-05-11 16:19 - 00000000 ___RD C:\Users\Zach\OneDrive
2016-08-26 19:41 - 2016-05-21 18:24 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-08-26 19:41 - 2016-05-11 16:09 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-26 19:41 - 2015-10-29 23:28 - 02097152 ___SH C:\Windows\system32\config\BBI
2016-08-26 10:18 - 2016-07-24 19:58 - 00000000 ____D C:\Program Files\Synergy
2016-08-25 21:31 - 2016-05-11 21:54 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-08-24 21:35 - 2016-06-23 19:52 - 00000000 ____D C:\Users\Zach\AppData\Local\gtk-2.0
2016-08-24 19:20 - 2016-05-11 19:02 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-08-23 21:24 - 2016-05-30 16:19 - 00000000 ____D C:\Users\Zach\AppData\Local\CrashDumps
2016-08-23 20:46 - 2016-05-11 16:17 - 00000000 ____D C:\Users\Zach
2016-08-23 20:33 - 2016-05-21 18:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-23 19:33 - 2016-05-24 19:23 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-08-19 09:00 - 2016-05-21 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-18 20:52 - 2016-06-23 19:50 - 00000000 ____D C:\Users\Zach\.gimp-2.8
2016-08-15 21:18 - 2016-05-11 16:19 - 00002360 _____ C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-14 14:34 - 2016-06-18 21:32 - 00000000 ___HD C:\Users\Zach\Documents\My Games
2016-08-14 13:39 - 2016-06-04 20:53 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-08-14 12:03 - 2016-06-04 21:08 - 00000000 ____D C:\AdwCleaner
2016-08-14 12:00 - 2016-05-11 16:08 - 00240768 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-14 11:31 - 2016-06-18 18:39 - 00000000 ____D C:\Program Files\RogueKiller
2016-08-13 22:07 - 2015-10-30 00:24 - 00000000 __RSD C:\Windows\Media
2016-08-13 19:47 - 2016-05-11 16:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-13 18:41 - 2016-05-11 16:24 - 00000000 ____D C:\Program Files (x86)\CyberLink
2016-08-13 18:37 - 2016-05-11 16:24 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2016-08-13 18:37 - 2016-05-11 16:24 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2016-08-13 18:37 - 2016-05-11 16:24 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2016-08-13 18:26 - 2016-05-11 16:17 - 00000000 ____D C:\Users\Zach\AppData\Local\VirtualStore
2016-08-13 18:02 - 2016-05-21 17:36 - 00000000 ____D C:\Users\Zach\Desktop\mbar
2016-08-13 17:52 - 2016-05-21 19:26 - 00000408 _____ C:\Windows\SysWOW64\iolo.ini
2016-08-13 17:52 - 2016-05-21 19:26 - 00000408 _____ C:\Windows\system32\iolo.ini
2016-08-13 17:52 - 2016-05-21 19:26 - 00000392 _____ C:\Windows\SysWOW64\iolo.ini.txt
2016-08-13 17:46 - 2016-05-21 18:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-11 19:22 - 2015-10-30 02:07 - 00000000 ____D C:\Windows\ShellNew
2016-08-11 19:08 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\rescache
2016-08-11 08:52 - 2016-05-11 16:17 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-10 23:15 - 2015-10-30 02:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-10 23:15 - 2015-10-30 00:24 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-08-10 23:15 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-08-10 21:50 - 2016-05-21 18:00 - 00000000 ____D C:\Users\Zach\Documents\Resume
2016-08-10 21:42 - 2015-10-30 00:11 - 00000000 ____D C:\Windows\CbsTemp
2016-08-10 21:41 - 2016-05-11 17:43 - 00000000 ____D C:\Windows\system32\MRT
2016-08-10 21:41 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2016-08-10 21:20 - 2016-05-11 17:43 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-08 20:00 - 2016-05-11 17:50 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-06 19:23 - 2016-05-21 18:02 - 00000000 ____D C:\Users\Zach\Documents\WillsTech
2016-08-04 20:44 - 2016-05-21 18:04 - 00000000 ____D C:\Users\Zach\Documents\Windows 10
2016-08-04 08:24 - 2016-05-11 18:00 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-03 20:38 - 2016-06-17 21:23 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-07-30 17:27 - 2016-06-10 22:47 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-07-30 17:27 - 2016-05-23 22:09 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-07-28 18:54 - 2016-05-11 17:49 - 00003978 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 18:54 - 2016-05-11 17:49 - 00003746 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-27 18:56 - 2016-05-11 16:17 - 00000000 ____D C:\Users\Zach\AppData\Local\Packages
2016-07-27 12:25 - 2016-05-11 17:46 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2016-08-24 22:26 - 2016-08-24 22:26 - 0031823 _____ () C:\Users\Zach\AppData\Local\recently-used.xbel
2016-08-04 22:11 - 2016-08-04 22:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-18 09:17
 
==================== End of FRST.txt ============================

RKill Log:

 

 

 

 

 

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 08/23/2016 08:33:02 PM in x64 mode.
Windows Version: Windows 10 Home 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Users\Zach\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe (PID: 117256) [UP-HEUR]
 * C:\Users\Zach\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe (PID: 117172) [UP-HEUR]
 
2 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * AeLookupSvc [Missing Service]
 * AllUserInstallAgent [Missing Service]
 * hkmsvc [Missing Service]
 * THREADORDER [Missing Service]
 * WPCSvc [Missing Service]
 * adp94xx [Missing Service]
 * adpahci [Missing Service]
 * adpu320 [Missing Service]
 * arc [Missing Service]
 * discache [Missing Service]
 * FxPPM [Missing Service]
 * HyperVideo [Missing Service]
 * iirsp [Missing Service]
 * LSI_SAS2 [Missing Service]
 * LSI_SCSI [Missing Service]
 * nfrd960 [Missing Service]
 * viaide [Missing Service]
 * Wd [Missing Service]
 * AppMgmt [Missing Service]
 * CSC [Missing Service]
 * CscService [Missing Service]
 * PeerDistSvc [Missing Service]
 
 * napagent [Missing ImagePath]
 
 * MMCSS => \SystemRoot\system32\drivers\mmcss.sys [Incorrect ImagePath]
 * SystemEventsBroker => %SystemRoot%\system32\svchost.exe -k DcomLaunch [Incorrect ImagePath]
 * WSService => %SystemRoot%\System32\svchost.exe -k wsappx [Incorrect ImagePath]
 * CompositeBus => \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys [Incorrect ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1 localhost
 
Program finished at: 08/23/2016 08:33:23 PM
Execution time: 0 hours(s), 0 minute(s), and 21 seconds(s)

Attached Files


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:01 AM

Posted 27 August 2016 - 10:16 AM


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll => No File
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll => No File
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKU\S-1-5-21-3193826544-631033974-2000860424-1001 -> VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-11]
CHR HKU\S-1-5-21-3193826544-631033974-2000860424-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know what problems persists with this computer.
We may need to look at the services that are causing these issues.

To find out more about the missing services reported all you have to do is Google the name.
i.e.
AeLookupSvc
Keep in mind that you may or may need them.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)

#9 TitanCMD

TitanCMD
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:11:01 PM

Posted 27 August 2016 - 06:43 PM

Hi nasdaq,

 

I see why the no file lines need to be fixed, but why do the lines below need top be fixed?

 

CHR Extension: (Chrome Web Store Payments) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-11]
CHR HKU\S-1-5-21-3193826544-631033974-2000860424-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

 

Thanks,

Zach


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:01 AM

Posted 28 August 2016 - 08:49 AM



CHR Extension: (Chrome Web Store Payments) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-11]
If you have installed it the the Google store keep it. It not then if may be infected.

CHR HKU\S-1-5-21-3193826544-631033974-2000860424-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx


Part of BuyNSave and support Adware.
http://www.systemlookup.com/search.php?list=&type=name&search=BuyNSave+&s=

Your call if you want to keep it.

===

If you decide to kept all remove these lines from my suggested fix before you save the file.
CHR Extension: (Chrome Web Store Payments) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-11]
CHR HKU\S-1-5-21-3193826544-631033974-2000860424-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

#11 TitanCMD

TitanCMD
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:11:01 PM

Posted 28 August 2016 - 04:44 PM

Thanks, nasdaq. Running the fix now.


#12 TitanCMD

TitanCMD
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:11:01 PM

Posted 01 September 2016 - 05:45 PM

FRST64 keeps crashing with the window 'Not Responding'

 

I'm going to run it again.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:01 AM

Posted 02 September 2016 - 08:06 AM

When running the fix or when just running a new scan?

#14 TitanCMD

TitanCMD
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:11:01 PM

Posted 04 September 2016 - 08:32 PM

When running the fix. I had FRST64 in a folder on the desktop and the fixlist in that folder too.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:01 AM

Posted 05 September 2016 - 07:45 AM

Try to run this tool for now.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.


============ EXTRA CLEANING ==========


Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===
Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·