Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.DNSChanger.ACMB2 Re-infection


  • This topic is locked This topic is locked
7 replies to this topic

#1 rdmed

rdmed

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 25 January 2017 - 10:54 PM

Hi Bleeping Computer team,

 

First of all, thank you for all you do!

 

I ran a Malwarebytes scan several days and found that my machine contained several instances of Trojan.DNSChanger.ACMB2 along with several other PUPs and items flagged as adware (see attached MWB log for 1/22).  I obviously quarantined and deleted these files through Malwarebytes. 

 

I ran a second scan today and the Trojan.DNSChanger.ACMB2 file was detected again (see second MWB log on 1/25).  As such, I am worried that I am still infected and require additional steps to purge my machine.  The third MWB log represents the blocked websites that appeared once I upgraded to the premium version of Malwarebytes.  As a note, I have not received any further notifications that a malicious website has been blocked.

 

I have not experienced any website redirects, machine sluggishness, or other abnormalities that would be indicative of an infection.

 

Thanks!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-01-2017 01
Ran by Rad Dieter (administrator) on RADPC (25-01-2017 21:42:51)
Running from C:\Users\Rad Dieter\Downloads
Loaded Profiles: Rad Dieter &  (Available Profiles: Rad Dieter)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8811776 2016-05-05] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-28] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [522552 2015-12-10] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2015-12-10] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976832 2009-12-17] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [NACAgentUI] => C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [593880 2012-05-24] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-02-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-19] (Valve Corporation)
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001\...\Run: [Discord] => C:\Users\Rad Dieter\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.)
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001\...\RunOnce: [Uninstall C:\Users\Rad Dieter\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rad Dieter\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-19] (Valve Corporation)
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Discord] => C:\Users\Rad Dieter\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.)
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Rad Dieter\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rad Dieter\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR A6210 Genie.lnk [2016-12-06]
ShortcutTarget: NETGEAR A6210 Genie.lnk -> C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE (NETGEAR)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ryos Driver.lnk [2016-05-06]
ShortcutTarget: Ryos Driver.lnk -> C:\Program Files (x86)\ROCCAT\Ryos Keyboard\Ryos MK Monitor.exe (ROCCAT GmbH Co., Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2017-01-25]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Rad Dieter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-01-20]
ShortcutTarget: Curse.lnk -> C:\Users\Rad Dieter\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Rad Dieter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-01-02] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{597b7e34-c548-45d2-87d9-ac19eebdb1e6}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{597b7e34-c548-45d2-87d9-ac19eebdb1e6}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8fb211da-0382-4a8a-87f7-414edcba5173}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{8fb211da-0382-4a8a-87f7-414edcba5173}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{b4eb5e9d-32b2-433c-8295-aab451b70c70}: [DhcpNameServer] 82.163.143.176

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3309802749-1856926909-1353750763-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3309802749-1856926909-1353750763-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)

FireFox:
========
FF DefaultProfile: 9nxib8ou.default
FF ProfilePath: C:\Users\Rad Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\9nxib8ou.default [2017-01-25]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\9nxib8ou.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\9nxib8ou.default -> google.com
FF Extension: (Firefox Hotfix) - C:\Users\Rad Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\9nxib8ou.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-02]
FF Extension: (Adblock Plus) - C:\Users\Rad Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\9nxib8ou.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-12-10] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Rad Dieter\AppData\Local\Google\Chrome\User Data\Default [2016-11-24]
CHR Extension: (Google Slides) - C:\Users\Rad Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-30]
CHR Extension: (Google Docs) - C:\Users\Rad Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-30]
CHR Extension: (Google Drive) - C:\Users\Rad Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-30]
CHR Extension: (YouTube) - C:\Users\Rad Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-30]
CHR Extension: (Adblock Plus) - C:\Users\Rad Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-20]
CHR Extension: (Google Search) - C:\Users\Rad Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-30]
CHR Extension: (Google Sheets) - C:\Users\Rad Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-30]
CHR Extension: (Google Docs Offline) - C:\Users\Rad Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rad Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-20]
CHR Extension: (Gmail) - C:\Users\Rad Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-30]
CHR Extension: (Chrome Media Router) - C:\Users\Rad Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-20]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2297104 2015-10-12] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-03-14] (Hi-Rez Studios) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NACAgent; C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [1259480 2012-05-24] (Cisco Systems, Inc.)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR)
R2 NetgearSwitchUSB; C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe [192232 2015-09-17] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3519984 2016-01-27] (INCA Internet Co., Ltd.)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-11-24] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180624 2016-11-24] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2016-01-21] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2016-01-21] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [227144 2015-10-12] (Broadcom Corporation.)
R3 iaLPSS2_UART2; C:\WINDOWS\System32\drivers\iaLPSS2_UART2.sys [281896 2015-07-20] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-01-25] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2016-07-16] (MediaTek Inc.)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2016-04-25] (CACE Technologies, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_bf2d88c4ea749bb8\nvlddmkm.sys [14242880 2016-09-23] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2015-02-19] (Cisco Systems, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [36904 2016-03-09] (Wellbia.com Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-25 21:42 - 2017-01-25 21:42 - 00024562 _____ C:\Users\Rad Dieter\Downloads\FRST.txt
2017-01-25 21:30 - 2017-01-25 21:42 - 00000000 ____D C:\FRST
2017-01-25 21:30 - 2017-01-25 21:30 - 02420736 _____ (Farbar) C:\Users\Rad Dieter\Downloads\FRST64.exe
2017-01-25 21:25 - 2017-01-25 21:25 - 00010468 _____ C:\Users\Rad Dieter\Desktop\MWB_Log_1_22.txt
2017-01-25 21:21 - 2017-01-25 21:21 - 00003860 _____ C:\Users\Rad Dieter\Desktop\MWBProt_Log.txt
2017-01-25 21:20 - 2017-01-25 21:20 - 00003219 _____ C:\Users\Rad Dieter\Desktop\MWB_Log_1_25.txt
2017-01-25 20:21 - 2017-01-25 20:21 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-01-25 20:15 - 2017-01-25 20:15 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2017-01-25 20:15 - 2017-01-25 20:15 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2017-01-25 20:15 - 2017-01-25 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-01-25 20:14 - 2017-01-25 20:14 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-01-25 20:14 - 2017-01-25 20:14 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2017-01-25 20:14 - 2017-01-25 20:14 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2017-01-25 20:14 - 2017-01-25 20:14 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2017-01-25 20:14 - 2017-01-25 20:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2017-01-25 20:14 - 2017-01-25 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-25 20:14 - 2017-01-25 20:14 - 00000000 ____D C:\Program Files\iTunes
2017-01-25 20:14 - 2017-01-25 20:14 - 00000000 ____D C:\Program Files\iPod
2017-01-25 20:12 - 2017-01-25 20:13 - 135175480 _____ (Apple Inc.) C:\Users\Rad Dieter\Downloads\iCloudSetup(1).exe
2017-01-25 20:09 - 2017-01-25 20:09 - 04002104 _____ (Secunia) C:\Users\Rad Dieter\Downloads\PSISetup.exe
2017-01-25 20:09 - 2017-01-25 20:09 - 00001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2017-01-25 20:09 - 2017-01-25 20:09 - 00000000 ____D C:\Program Files (x86)\Secunia
2017-01-25 16:40 - 2017-01-25 16:40 - 00143807 _____ C:\Users\Rad Dieter\Documents\Aortoenteric Fistula_EDITS.pdf
2017-01-24 22:31 - 2016-12-21 01:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-24 22:31 - 2016-12-20 22:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 20:12 - 2017-01-24 20:12 - 00448588 _____ C:\Users\Rad Dieter\Documents\SchedulingSheet_S17.pdf
2017-01-24 20:10 - 2017-01-24 20:11 - 00523555 _____ C:\Users\Rad Dieter\Documents\PreceptorLog1_S17.pdf
2017-01-23 19:09 - 2017-01-23 19:09 - 00003982 _____ C:\WINDOWS\System32\Tasks\{E167CF11-56CC-78BA-AA78-77A9FC85A8FF}
2017-01-23 19:09 - 2017-01-23 19:09 - 00003982 _____ C:\WINDOWS\System32\Tasks\{21A15D0E-960A-EAA5-4220-7D6FBD646AAB}
2017-01-23 19:04 - 2017-01-25 20:21 - 00000000 ____D C:\ProgramData\{A04D739F-17E6-C434-D69C-017C33CE3B6C}
2017-01-23 19:04 - 2017-01-23 19:04 - 00003982 _____ C:\WINDOWS\System32\Tasks\{9B8E5535-2C25-E29E-397A-B1089CFE8F60}
2017-01-23 19:04 - 2017-01-23 19:04 - 00003982 _____ C:\WINDOWS\System32\Tasks\{7AFD8556-CD56-32FD-796D-3E64CBC8CB5B}
2017-01-22 15:36 - 2017-01-22 15:37 - 03988944 _____ C:\Users\Rad Dieter\Downloads\AdwCleaner(3).exe
2017-01-22 12:07 - 2017-01-22 15:20 - 00000000 ____D C:\ProgramData\{D9561E8E-6EFD-A925-7416-DE5C1BBD6889}
2017-01-22 12:07 - 2017-01-22 12:07 - 00003982 _____ C:\WINDOWS\System32\Tasks\{D79C0F11-6037-B8BA-8A04-96E46DA626E7}
2017-01-22 07:46 - 2017-01-22 15:20 - 00000000 ____D C:\ProgramData\{B927ADC5-0E8C-1A6E-C75F-B81119E446DA}
2017-01-22 07:46 - 2017-01-22 07:46 - 00003982 _____ C:\WINDOWS\System32\Tasks\{6E5C6D8B-D9F7-DA20-A13D-FF166C007506}
2017-01-22 07:45 - 2017-01-22 07:45 - 00003982 _____ C:\WINDOWS\System32\Tasks\{95F22926-2259-9E8D-1FA5-8C940704244A}
2017-01-22 07:45 - 2017-01-22 07:45 - 00003982 _____ C:\WINDOWS\System32\Tasks\{7E64D125-C9CF-668E-4390-FC793155D757}
2017-01-21 19:04 - 2017-01-22 15:20 - 00000000 ____D C:\ProgramData\{34109459-83BB-23F2-26CB-51EA6493307B}
2017-01-21 19:04 - 2017-01-21 19:04 - 00003982 _____ C:\WINDOWS\System32\Tasks\{68550676-DFFE-B1DD-D03B-03EB201E3A28}
2017-01-21 15:37 - 2017-01-21 15:37 - 00003982 _____ C:\WINDOWS\System32\Tasks\{D0DECD93-6775-7A38-0BDA-A0A1896D0759}
2017-01-21 15:37 - 2017-01-21 15:37 - 00003982 _____ C:\WINDOWS\System32\Tasks\{A02CF57E-1787-42D5-4E9D-57B9E90B0C0A}
2017-01-21 11:03 - 2017-01-22 15:20 - 00000000 ____D C:\ProgramData\{985E6549-2FF5-D2E2-BB9B-7D9E7B080691}
2017-01-21 11:03 - 2017-01-21 11:03 - 00003982 _____ C:\WINDOWS\System32\Tasks\{A5915363-123A-E4C8-3128-4EB40D808CF6}
2017-01-21 07:37 - 2017-01-21 07:37 - 00003982 _____ C:\WINDOWS\System32\Tasks\{CBC0106C-7C6B-A7C7-DBDE-5878CEC71A9A}
2017-01-21 07:37 - 2017-01-21 07:37 - 00003982 _____ C:\WINDOWS\System32\Tasks\{07F093EC-B05B-2447-B936-99B410533D39}
2017-01-21 07:32 - 2017-01-23 19:04 - 00003892 _____ C:\WINDOWS\System32\Tasks\{93EEC322-C794-9AA4-27F9-EAD0786A861C}
2017-01-21 07:32 - 2017-01-22 15:20 - 00000000 ____D C:\ProgramData\{F9C05618-4E6B-E1B3-7980-5074DD7B7BDA}
2017-01-21 07:32 - 2017-01-21 07:32 - 00003982 _____ C:\WINDOWS\System32\Tasks\{CA9588A5-7D3E-3F0E-1ED5-7F3A7BED0F01}
2017-01-21 07:32 - 2017-01-21 07:32 - 00003982 _____ C:\WINDOWS\System32\Tasks\{52565290-E5FD-E53B-A997-53A697AB8D2C}
2017-01-19 20:52 - 2017-01-19 20:52 - 00127372 _____ C:\Users\Rad Dieter\Downloads\11_HO_Immunoassays_2017.pdf
2017-01-13 06:53 - 2017-01-13 06:53 - 00022568 _____ C:\Users\Rad Dieter\Downloads\CORE_SPED_1_Schedule.V2.xlsx
2017-01-12 09:50 - 2017-01-12 09:51 - 08803648 _____ (Piriform Ltd) C:\Users\Rad Dieter\Downloads\ccsetup525.exe
2017-01-10 21:51 - 2016-12-21 02:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 21:51 - 2016-12-21 02:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 21:51 - 2016-12-21 02:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 21:51 - 2016-12-21 01:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 21:51 - 2016-12-21 01:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 21:51 - 2016-12-21 01:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 21:51 - 2016-12-21 01:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 21:51 - 2016-12-21 01:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 21:51 - 2016-12-21 01:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 21:51 - 2016-12-21 01:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 21:51 - 2016-12-21 01:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 21:51 - 2016-12-21 01:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 21:51 - 2016-12-21 01:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 21:51 - 2016-12-21 01:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 21:51 - 2016-12-21 01:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 21:51 - 2016-12-21 01:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 21:51 - 2016-12-21 01:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 21:51 - 2016-12-21 01:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 21:51 - 2016-12-21 01:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 21:51 - 2016-12-21 01:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 21:51 - 2016-12-21 01:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 21:51 - 2016-12-21 01:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 21:51 - 2016-12-21 01:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 21:51 - 2016-12-21 01:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 21:51 - 2016-12-21 01:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 21:51 - 2016-12-21 01:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 21:51 - 2016-12-21 01:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 21:51 - 2016-12-21 01:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 21:51 - 2016-12-21 01:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 21:51 - 2016-12-21 01:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 21:51 - 2016-12-21 01:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 21:51 - 2016-12-21 01:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 21:51 - 2016-12-21 01:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 21:51 - 2016-12-21 01:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 21:51 - 2016-12-21 01:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 21:51 - 2016-12-21 01:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 21:51 - 2016-12-21 01:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 21:51 - 2016-12-21 01:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 21:51 - 2016-12-21 01:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 21:51 - 2016-12-21 00:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 21:51 - 2016-12-21 00:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 21:51 - 2016-12-21 00:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 21:51 - 2016-12-21 00:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 21:51 - 2016-12-21 00:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 21:51 - 2016-12-21 00:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 21:51 - 2016-12-21 00:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 21:51 - 2016-12-21 00:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 21:51 - 2016-12-21 00:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 21:51 - 2016-12-21 00:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 21:51 - 2016-12-21 00:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 21:51 - 2016-12-21 00:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 21:51 - 2016-12-21 00:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 21:51 - 2016-12-21 00:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 21:51 - 2016-12-21 00:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 21:51 - 2016-12-21 00:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 21:51 - 2016-12-21 00:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 21:51 - 2016-12-21 00:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 21:51 - 2016-12-21 00:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 21:51 - 2016-12-21 00:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 21:51 - 2016-12-20 23:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 21:51 - 2016-12-20 23:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 21:51 - 2016-12-20 23:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 21:51 - 2016-12-20 23:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 21:51 - 2016-12-20 23:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 21:51 - 2016-12-20 23:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 21:51 - 2016-12-20 23:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 21:51 - 2016-12-20 23:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 21:51 - 2016-12-20 23:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 21:51 - 2016-12-20 22:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 21:51 - 2016-12-20 22:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 21:51 - 2016-12-20 22:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 21:51 - 2016-12-20 22:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 21:51 - 2016-12-20 22:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 21:51 - 2016-12-20 22:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 21:51 - 2016-12-20 22:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 21:51 - 2016-12-20 22:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 21:51 - 2016-12-20 22:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 21:51 - 2016-12-20 22:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 21:51 - 2016-12-20 22:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 21:51 - 2016-12-20 22:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 21:51 - 2016-12-20 22:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 21:51 - 2016-12-20 22:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 21:51 - 2016-12-20 22:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 21:51 - 2016-12-20 22:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 21:51 - 2016-12-20 22:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 21:51 - 2016-12-20 22:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 21:51 - 2016-12-20 22:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 21:51 - 2016-12-20 22:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 21:51 - 2016-12-20 22:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 21:51 - 2016-12-20 22:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 21:51 - 2016-12-20 22:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 21:51 - 2016-12-20 22:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 21:51 - 2016-12-20 22:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 21:51 - 2016-12-20 22:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 21:51 - 2016-12-20 22:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 21:51 - 2016-12-20 22:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 21:51 - 2016-12-13 23:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 21:51 - 2016-12-13 23:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 21:51 - 2016-12-13 23:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 21:51 - 2016-12-13 23:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 21:51 - 2016-12-13 23:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 21:51 - 2016-12-13 23:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 21:51 - 2016-12-13 23:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 21:51 - 2016-12-13 23:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 21:51 - 2016-12-13 23:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 21:51 - 2016-12-13 23:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 21:51 - 2016-12-13 23:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 21:51 - 2016-12-13 23:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 21:51 - 2016-12-13 23:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 21:51 - 2016-12-13 23:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 21:51 - 2016-12-13 23:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 21:51 - 2016-12-13 23:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 21:51 - 2016-12-13 23:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 21:51 - 2016-12-13 23:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 21:51 - 2016-12-13 22:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 21:51 - 2016-12-13 22:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 21:51 - 2016-12-13 22:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 21:51 - 2016-12-13 22:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 21:51 - 2016-12-13 22:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 21:51 - 2016-12-13 22:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 21:51 - 2016-12-13 22:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 21:51 - 2016-12-13 22:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 21:51 - 2016-12-13 22:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 21:51 - 2016-12-13 22:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 21:51 - 2016-12-13 22:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 21:51 - 2016-12-13 22:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 21:51 - 2016-12-13 22:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 21:51 - 2016-12-13 22:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 21:51 - 2016-12-13 22:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 21:51 - 2016-12-13 22:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 21:51 - 2016-12-13 22:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 21:51 - 2016-12-13 22:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 21:51 - 2016-12-13 22:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 21:51 - 2016-12-13 22:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 21:51 - 2016-12-13 22:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 21:51 - 2016-12-13 22:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 21:51 - 2016-12-13 22:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 21:51 - 2016-12-13 22:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 21:51 - 2016-12-13 22:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 21:51 - 2016-12-13 22:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 21:51 - 2016-12-13 22:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 21:51 - 2016-12-13 22:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 21:51 - 2016-12-13 22:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 21:51 - 2016-12-13 22:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 21:51 - 2016-12-13 22:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 21:51 - 2016-12-13 22:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 21:51 - 2016-12-13 22:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 21:51 - 2016-12-13 22:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 21:51 - 2016-12-13 22:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 21:51 - 2016-12-13 22:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 21:51 - 2016-12-13 22:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 21:51 - 2016-12-13 22:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 21:51 - 2016-12-13 22:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 21:51 - 2016-12-13 22:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 21:51 - 2016-12-13 22:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 21:51 - 2016-12-13 22:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 21:51 - 2016-12-13 22:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 21:51 - 2016-12-13 22:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 21:51 - 2016-12-13 22:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 21:51 - 2016-12-13 22:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 21:51 - 2016-11-02 06:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 21:51 - 2016-11-02 05:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 21:51 - 2016-11-02 04:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 21:51 - 2016-11-02 04:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 21:51 - 2016-11-02 04:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-10 21:51 - 2016-08-01 22:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-08 09:56 - 2017-01-25 17:26 - 00000000 ____D C:\Users\Rad Dieter\Documents\Anki
2017-01-08 09:55 - 2017-01-08 09:55 - 26514352 _____ C:\Users\Rad Dieter\Downloads\anki-2.0.38.exe
2017-01-08 09:55 - 2017-01-08 09:55 - 00000788 _____ C:\Users\Rad Dieter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2017-01-08 09:55 - 2017-01-08 09:55 - 00000758 _____ C:\Users\Rad Dieter\Desktop\Anki.lnk
2017-01-08 09:55 - 2017-01-08 09:55 - 00000000 ____D C:\Program Files (x86)\Anki
2016-12-31 21:40 - 2016-12-31 21:40 - 00210311 _____ C:\Users\Rad Dieter\Documents\Hansen_AEF_and_GermCell.pdf
2016-12-31 19:27 - 2016-12-31 19:27 - 01033376 _____ C:\Users\Rad Dieter\Documents\Laiyemo_et_al_AEF_malignancy.pdf
2016-12-31 19:25 - 2016-12-31 19:25 - 00089805 _____ C:\Users\Rad Dieter\Documents\Xiromeritis_et_al_AEF_Statistics.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-25 20:42 - 2015-12-30 18:15 - 00000000 ____D C:\AdwCleaner
2017-01-25 20:36 - 2015-12-31 08:30 - 01422014 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-25 20:35 - 2016-11-16 10:49 - 00000000 ____D C:\Users\Rad Dieter\AppData\LocalLow\Mozilla
2017-01-25 20:35 - 2016-11-15 20:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-25 20:35 - 2015-12-30 18:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-25 20:30 - 2016-09-28 14:29 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-25 20:30 - 2016-09-28 14:24 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-25 20:30 - 2015-12-30 18:02 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-25 20:29 - 2016-07-16 00:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-25 20:21 - 2016-09-28 14:25 - 00000000 ____D C:\Users\Rad Dieter
2017-01-25 20:21 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\Web
2017-01-25 20:21 - 2015-12-31 09:48 - 00000000 ____D C:\Users\Rad Dieter\AppData\Local\Packages
2017-01-25 20:15 - 2016-04-25 14:59 - 00000000 ____D C:\ProgramData\Adobe
2017-01-25 20:15 - 2016-04-25 14:59 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-01-25 20:14 - 2016-01-03 22:37 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-25 20:13 - 2015-12-30 18:30 - 00000000 ____D C:\Users\Rad Dieter\AppData\Local\Battle.net
2017-01-25 20:04 - 2016-04-29 13:37 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-01-25 19:34 - 2016-09-28 14:24 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-25 15:03 - 2016-01-01 12:47 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-01-25 15:03 - 2015-12-30 18:32 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2017-01-25 15:03 - 2015-12-30 18:29 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-01-25 14:09 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-25 14:09 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-24 22:39 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-22 15:34 - 2016-12-15 10:52 - 00000000 ____D C:\ProgramData\Oracle
2017-01-22 15:32 - 2016-04-25 15:00 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-22 15:26 - 2016-12-15 10:52 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-01-22 15:26 - 2016-12-15 10:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-22 15:26 - 2016-12-15 10:52 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-22 15:20 - 2016-07-16 05:49 - 00000000 ____D C:\WINDOWS\Setup
2017-01-18 13:36 - 2016-02-10 15:38 - 00000000 ____D C:\Program Files (x86)\Diablo III
2017-01-14 16:24 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-12 21:51 - 2016-07-16 05:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-12 21:51 - 2015-12-30 18:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-12 21:33 - 2016-09-28 14:24 - 00338680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-12 21:33 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-12 21:33 - 2015-12-31 19:32 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-12 21:33 - 2015-12-31 09:48 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-12 21:32 - 2016-07-16 05:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-12 21:32 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-12 21:32 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-12 21:32 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-12 21:32 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-12 09:51 - 2016-03-16 10:47 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-11 19:49 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-11 19:49 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-11 13:51 - 2016-09-28 14:29 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-11 13:51 - 2015-12-30 17:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 13:50 - 2015-12-30 17:52 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-01 01:53 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-31 16:32 - 2015-12-30 18:26 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-30 23:16 - 2016-04-25 18:37 - 00000000 ____D C:\Users\Rad Dieter\AppData\Local\NETGEARGenie
2016-12-29 11:58 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-29 11:57 - 2016-01-01 11:45 - 00000000 ____D C:\Users\Rad Dieter\AppData\Local\Diagnostics
2016-12-29 00:12 - 2016-02-06 11:05 - 00000000 ____D C:\Program Files (x86)\Hearthstone

==================== Files in the root of some directories =======

2016-09-28 14:24 - 2016-09-28 14:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-01-22 15:25 - 2017-01-22 15:25 - 0739904 _____ (Oracle Corporation) C:\Users\Rad Dieter\AppData\Local\Temp\jre-8u121-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-16 21:56

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017 01
Ran by Rad Dieter (25-01-2017 21:43:30)
Running from C:\Users\Rad Dieter\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-28 20:29:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3309802749-1856926909-1353750763-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3309802749-1856926909-1353750763-503 - Limited - Disabled)
Guest (S-1-5-21-3309802749-1856926909-1353750763-501 - Limited - Disabled)
Rad Dieter (S-1-5-21-3309802749-1856926909-1353750763-1001 - Administrator - Enabled) => C:\Users\Rad Dieter

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version:  - )
Ansel (Version: 372.70 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battleborn Open Beta (HKLM\...\Steam App 451070) (Version:  - )
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.9.53998 - Electronic Arts)
Battlerite (HKLM\...\Steam App 504370) (Version:  - Stunlock Studios)
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.5 - Daum Games EU)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.237 - NC Interactive, LLC) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.07021 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.07021 - Cisco Systems, Inc.) Hidden
Cisco NAC Agent  (HKLM-x32\...\{7ECF4252-E10A-4BCC-AF34-A21E6F9A7852}) (Version: 4.9.1.6 - Cisco Systems, Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.4.0.8014 - Citrix Systems, Inc.)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Curse Client (HKU\S-1-5-21-3309802749-1856926909-1353750763-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Curse Client (HKU\S-1-5-21-3309802749-1856926909-1353750763-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version:  - Splash Damage®)
Discord (HKU\S-1-5-21-3309802749-1856926909-1353750763-1001\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Discord (HKU\S-1-5-21-3309802749-1856926909-1353750763-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dishonored (HKLM\...\Steam App 205100) (Version:  - Arkane Studios)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.12 - Electronic Arts)
Dragon's Dogma: Dark Arisen (HKLM-x32\...\Steam App 367500) (Version:  - Capcom)
Dungeon Defenders II (HKLM\...\Steam App 236110) (Version:  - Trendy Entertainment)
Epson Event Manager (HKLM-x32\...\{089EC7B5-6480-4478-ACF0-DEFD4047343C}) (Version: 2.40.0004 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hero Siege (HKLM-x32\...\Steam App 269210) (Version:  - Elias Viglione)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 51.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0 (x86 en-US)) (Version: 51.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0 - Mozilla)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NETGEAR A6210 Genie (HKLM-x32\...\InstallShield_{75F86B5E-3DE3-4274-ACCA-28C48FA11612}) (Version: 1.0.0.35 - NETGEAR)
NETGEAR A6210 Genie (x32 Version: 1.0.0.35 - NETGEAR) Hidden
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.15.07 - NETGEAR Inc.)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.90 - NVIDIA Corporation)
NVIDIA Graphics Driver 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.90 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.4.0.8014 - Citrix Systems, Inc.) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.3.2.64935 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PDFsam Basic (HKLM-x32\...\{67DFA6CA-3FCA-46A3-8C78-8C668BCDE9AD}) (Version: 3.20.5.0 - Andrea Vacondio)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7811 - Realtek Semiconductor Corp.)
ROCCAT Ryos Keyboard Driver (HKLM-x32\...\{70F3EF93-44F4-446A-90B8-33DAB2799AF1}) (Version: 1.29.0006 - Roccat GmbH)
Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
Self-service Plug-in (x32 Version: 4.4.0.11833 - Citrix Systems, Inc.) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 3.7.3371.0 - Hi-Rez Studios)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TERA (HKLM-x32\...\{A0D70C31-D5CB-4491-A508-5CF2C9F25EE0}) (Version: 1.00.0000 - En Masse Entertainment)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3309802749-1856926909-1353750763-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{19c5a7c4-7cc0-4758-8b73-b95b84288807}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3309802749-1856926909-1353750763-1001_Classes\CLSID\{19c5a7c4-7cc0-4758-8b73-b95b84288807}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00A62024-D462-477C-9515-F4D5B7845E2D} - System32\Tasks\{CA9588A5-7D3E-3F0E-1ED5-7F3A7BED0F01} => C:\ProgramData\{F9C05618-4E6B-E1B3-7980-5074DD7B7BDA}\9C4D0371-2BE6-B4DA-36F0-97FFF3801FB0.exe <==== ATTENTION
Task: {00EF0ACF-0AC9-404C-ADE0-D34371E9D197} - System32\Tasks\{CBC0106C-7C6B-A7C7-DBDE-5878CEC71A9A} => C:\ProgramData\{35C1959A-826A-2231-10AC-01E725604E98}\2C818606-9B2A-31AD-3C06-74307D7D5319.exe <==== ATTENTION
Task: {092519A7-FACD-4BA4-B0AF-C09E1A86B47D} - System32\Tasks\{9B8E5535-2C25-E29E-397A-B1089CFE8F60} => C:\ProgramData\{A04D739F-17E6-C434-D69C-017C33CE3B6C}\9553D226-22F8-658D-EA85-B5FDE15A2E14.exe <==== ATTENTION
Task: {0B5C3BC1-766B-4C1C-8624-EE10FA3903F2} - System32\Tasks\{7E64D125-C9CF-668E-4390-FC793155D757} => C:\ProgramData\{6888716B-DF23-C6C0-4085-E558198F9253}\F98F3842-4E24-8FE9-92DD-72246721FFE0.exe <==== ATTENTION
Task: {0BA086B2-4A97-4B3F-AFB6-703B2F1BDA62} - System32\Tasks\{52565290-E5FD-E53B-A997-53A697AB8D2C} => C:\ProgramData\{E7311B8A-509A-AC21-DE53-7796A22A2FEB}\4962013A-FEC9-B691-DF98-22FAB75C72F9.exe <==== ATTENTION
Task: {157812A5-07E2-4F9A-97A2-EFE53EDB6072} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-12-28] (Microsoft Corporation)
Task: {17BA49AA-7B93-4C7E-84E9-307A700E8462} - System32\Tasks\{07F093EC-B05B-2447-B936-99B410533D39} => C:\ProgramData\{4CCD172D-FB66-A086-A115-BA929BAD77FC}\755B27C3-C2F0-9068-BEAA-5842066AC28D.exe <==== ATTENTION
Task: {1980CEC7-B425-4AAE-A974-B5D658C4BAFE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {1C530A91-14CB-48EB-881F-2D91EDB7A8E9} - System32\Tasks\{D79C0F11-6037-B8BA-8A04-96E46DA626E7} => C:\ProgramData\{D9561E8E-6EFD-A925-7416-DE5C1BBD6889}\DCBDFB5B-6B16-4CF0-4C5E-FAADF285062A.exe <==== ATTENTION
Task: {33895799-ACB3-416C-8C53-E673CB5F2110} - System32\Tasks\{7AFD8556-CD56-32FD-796D-3E64CBC8CB5B} => C:\ProgramData\{0DC39BD4-BA68-2C7F-2CA8-D0D64122DC04}\86839365-3128-24CE-DF46-AF4313A311EC.exe <==== ATTENTION
Task: {4D2D427A-62AD-4527-9723-EFA326538083} - System32\Tasks\{6E5C6D8B-D9F7-DA20-A13D-FF166C007506} => C:\ProgramData\{B927ADC5-0E8C-1A6E-C75F-B81119E446DA}\E4EBEA18-5340-5DB3-E4A3-95CE7576DBFA.exe <==== ATTENTION
Task: {581AF7A9-482D-4426-9BA5-CEC26999AFFE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-01-11] (Microsoft Corporation)
Task: {68C427BB-C5EA-4C31-B954-5DB92AA33ED1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {6E42CEF6-1EB4-45BA-8768-A04751E76C34} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-28] (Microsoft Corporation)
Task: {6F5E3D29-CF6D-49E0-ACD8-D094F775FB8A} - \{780C0D47-780D-0C0A-0D11-087E7E0C1105} -> No File <==== ATTENTION
Task: {6F860EA2-5D2B-4737-B3BA-B99EC28A5AE1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {779D557D-2566-44BC-BA56-1A78EF4D1AF6} - System32\Tasks\{E167CF11-56CC-78BA-AA78-77A9FC85A8FF} => C:\ProgramData\{40DAA10F-F771-16A4-A865-3DD578C90658}\F6A639A0-410D-8E0B-31C6-D59240359A12.exe <==== ATTENTION
Task: {8159403D-39A2-4FAC-8C91-77205E2C77B2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-11] (Adobe Systems Incorporated)
Task: {8ADA5672-CC67-4EC7-8F7A-6E401A377691} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-28] (Microsoft Corporation)
Task: {8E2516C0-288E-4D54-A2DD-404BC5C00C38} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {8E6ED7FF-E40F-4E04-A25F-AFBD68D96D95} - System32\Tasks\{D0DECD93-6775-7A38-0BDA-A0A1896D0759} => C:\ProgramData\{AFBD7B19-1816-CCB2-839F-B7004EE35BDA}\EAE088EE-5D4B-3F45-7911-EF6F1DC2FA79.exe <==== ATTENTION
Task: {94E988D3-857D-4DA4-8D71-C84915F53019} - System32\Tasks\{95F22926-2259-9E8D-1FA5-8C940704244A} => C:\ProgramData\{5FEE4FD4-E845-F87F-2B45-18524452E725}\42EB0218-F540-B5B3-1F8F-9BCF2818A209.exe <==== ATTENTION
Task: {99754ABB-052D-474A-A52A-55C4F4C2BB8E} - System32\Tasks\{68550676-DFFE-B1DD-D03B-03EB201E3A28} => C:\ProgramData\{34109459-83BB-23F2-26CB-51EA6493307B}\6772774A-D0D9-C0E1-D4AB-A990D9C987C3.exe <==== ATTENTION
Task: {9A0D1A7D-CE7C-4A67-9FCD-048E90CBDA02} - System32\Tasks\{A5915363-123A-E4C8-3128-4EB40D808CF6} => C:\ProgramData\{985E6549-2FF5-D2E2-BB9B-7D9E7B080691}\B0E605D3-074D-B278-517D-E5B528141FF5.exe <==== ATTENTION
Task: {A5D1BE65-F857-4089-83B1-EDCD488EFBE4} - System32\Tasks\{93EEC322-C794-9AA4-27F9-EAD0786A861C} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\46872de3\100c440d.dll" <==== ATTENTION
Task: {AD1A04A0-8035-439F-926C-181F0CC02372} - System32\Tasks\{21A15D0E-960A-EAA5-4220-7D6FBD646AAB} => C:\ProgramData\{C2DF79E1-7574-CE4A-445F-1D11BB14FF1D}\937D2472-24D6-93D9-5C99-6D23D8288326.exe <==== ATTENTION
Task: {BDC0275C-3359-4E66-BB13-246BA6EF407F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {FCDE3268-F95F-43EF-8654-A2790D5D5C94} - System32\Tasks\{A02CF57E-1787-42D5-4E9D-57B9E90B0C0A} => C:\ProgramData\{1733E6E4-A098-514F-136D-14651AE4E151}\321EF487-85B5-432C-AD60-15573C622C38.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 15:35 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-28 14:24 - 2016-09-16 16:54 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-01-21 00:14 - 2016-01-21 00:19 - 00066872 _____ () C:\WINDOWS\SysWoW64\PnkBstrA.exe
2016-02-21 11:54 - 2016-06-14 14:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2015-12-31 14:11 - 2016-06-14 14:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-04-04 20:02 - 2016-06-14 14:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-02-21 11:54 - 2016-06-14 14:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-09-17 17:42 - 2015-09-17 17:42 - 00192232 _____ () C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe
2016-01-21 00:14 - 2016-01-21 00:19 - 00107832 _____ () C:\WINDOWS\SysWoW64\PnkBstrB.exe
2016-04-04 20:02 - 2016-06-14 14:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-04 20:02 - 2016-06-14 14:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-04-04 20:02 - 2016-06-14 14:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-17 16:00 - 2016-06-14 14:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-12-13 15:35 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-28 14:36 - 2016-09-28 14:36 - 01864384 _____ () C:\Users\Rad Dieter\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-08-07 16:07 - 2016-12-28 11:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-28 17:21 - 2016-09-28 17:21 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 21:51 - 2016-12-21 01:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-04-04 20:02 - 2016-06-14 14:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-04 20:02 - 2016-06-14 14:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2017-01-10 21:51 - 2016-12-21 00:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 21:51 - 2016-12-21 00:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 21:51 - 2016-12-21 00:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 21:51 - 2016-12-21 00:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 21:51 - 2016-12-21 00:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 21:51 - 2016-12-21 00:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-23 12:40 - 2017-01-23 12:40 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-01-23 12:40 - 2017-01-23 12:40 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-01-23 12:40 - 2017-01-23 12:40 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 06:11 - 2016-12-14 06:12 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\roottools.dll
2015-02-19 15:37 - 2015-02-19 15:37 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-10-30 12:55 - 2016-11-24 14:01 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2016-08-07 16:07 - 2016-12-28 05:41 - 08924872 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2015-12-31 14:11 - 2016-06-14 14:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-05-27 13:59 - 2016-05-27 13:59 - 00122880 _____ () C:\Program Files (x86)\NETGEAR\A6210\Ralink.dll
2017-01-17 17:07 - 2017-01-17 17:07 - 22950480 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2016-12-23 12:10 - 2016-12-23 12:10 - 00323152 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2016-09-30 17:36 - 2016-09-30 17:36 - 46476472 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3309802749-1856926909-1353750763-1001\...\sharepoint.com -> hxxps://liveutk-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-3309802749-1856926909-1353750763-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\sharepoint.com -> hxxps://liveutk-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 01:24 - 2015-10-30 01:21 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Ryos Driver.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKLM\...\StartupApproved\Run32: => "NACAgentUI"
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001\...\StartupApproved\StartupFolder: => "OneDrive for Business.lnk"
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "OneDrive for Business.lnk"
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3309802749-1856926909-1353750763-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "iCloudServices"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{5AB99340-E6E1-482B-8D94-596A7B4A9296}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{798C950B-AAAE-4E7B-80B1-3B59FBCA1472}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{537AC781-C747-4CB6-9E02-C7502C120487}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{77E2A8E7-FC6B-447C-99CC-89CCA75D76F7}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{EA572837-89E7-466E-ADE9-6024FD514164}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{5A2ED39C-2113-4BF3-A786-989337B20854}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{4591B061-96A6-44BC-A91C-42114FDC69CE}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{645A3D82-5F3D-424A-8EFD-2C82E8EF2A93}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{3DA786D7-682D-4D53-A23F-EAD4788963AD}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{E5CAD01B-A039-4E9B-817A-EC35747D32B0}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win32\starbound.exe
FirewallRules: [{A7682FAF-BAAC-47E2-881D-DCF77B8FE891}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win32\starbound.exe
FirewallRules: [{1A211AEA-E21B-4AEA-871B-8400EF8B4199}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\mod_uploader.exe
FirewallRules: [{549526C5-F700-4EB2-A233-59967265CD09}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\mod_uploader.exe
FirewallRules: [{DF5139DE-4FDB-48A8-B729-197DECB41616}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\starbound_server.exe
FirewallRules: [{A134536C-7FA7-4420-AE6D-01FE0E77FD13}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\starbound_server.exe
FirewallRules: [{26D7A984-6B5D-4C84-9707-D36CC8F4E945}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\starbound.exe
FirewallRules: [{4C0EFD89-9D81-4B5D-A8B8-8F32951A6093}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\starbound.exe
FirewallRules: [{0C89A1FF-B22F-4B6D-AFC7-B4A2540718E0}] => C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{623595DA-13CE-4C7B-9DA3-6DFBDAA0D9C9}] => C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{9CBBF067-CFCD-4886-AF8E-C5BA90CC07D7}] => C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{8C8EED2B-4826-41E7-BE51-D5629E005CCE}] => C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{E90C26B3-3D45-46C6-8919-4918BBE5B2EE}] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{FAE1DF9B-C18A-4C49-B37B-F8B7ABE1F269}] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [UDP Query User{DD98D2CB-9125-4DE0-A978-B119866B2F18}C:\program files (x86)\steam\steamapps\common\siryouarebeinghunted\x86\multiplayer\sir.exe] => C:\program files (x86)\steam\steamapps\common\siryouarebeinghunted\x86\multiplayer\sir.exe
FirewallRules: [TCP Query User{103D6198-9EF8-4A5E-88CD-68E22CFCC166}C:\program files (x86)\steam\steamapps\common\siryouarebeinghunted\x86\multiplayer\sir.exe] => C:\program files (x86)\steam\steamapps\common\siryouarebeinghunted\x86\multiplayer\sir.exe
FirewallRules: [UDP Query User{99A908DF-162B-4BE6-9104-79BE6B6595CD}C:\program files (x86)\steam\steamapps\common\siryouarebeinghunted\x64\multiplayer\sir.exe] => C:\program files (x86)\steam\steamapps\common\siryouarebeinghunted\x64\multiplayer\sir.exe
FirewallRules: [TCP Query User{A2AC315E-1713-4DDC-9060-3C4975399696}C:\program files (x86)\steam\steamapps\common\siryouarebeinghunted\x64\multiplayer\sir.exe] => C:\program files (x86)\steam\steamapps\common\siryouarebeinghunted\x64\multiplayer\sir.exe
FirewallRules: [{A2D05C50-5E83-4BFC-A2A3-3B382D8F37A5}] => C:\Program Files (x86)\Steam\steamapps\common\SirYouAreBeingHunted\launcher\sir.exe
FirewallRules: [{1519B33B-5D6C-4139-91E9-185188DA1B9D}] => C:\Program Files (x86)\Steam\steamapps\common\SirYouAreBeingHunted\launcher\sir.exe
FirewallRules: [UDP Query User{7233DA67-BE37-409F-B41E-584FA15AF8BC}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [TCP Query User{F94FFEAD-49A7-4444-8381-3AA1B58FE005}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{7DF4D316-7974-43F1-A9DE-3F00169F34D4}] => C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{D4243DE3-0C72-49B2-ADB8-6A28B8CE83F3}] => C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [UDP Query User{9AFFECF1-7F32-434F-B7F6-51F04C81314F}C:\program files (x86)\steam\steamapps\common\dead by daylight alpha access\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => C:\program files (x86)\steam\steamapps\common\dead by daylight alpha access\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [TCP Query User{40C8AD48-6C15-49F7-A506-09C1B4DB8008}C:\program files (x86)\steam\steamapps\common\dead by daylight alpha access\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => C:\program files (x86)\steam\steamapps\common\dead by daylight alpha access\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{F21EC02D-DB75-4F7C-B610-FB46713CA19A}C:\program files (x86)\heroes of the storm\versions\base42958\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base42958\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{8D7BEA63-0D72-41CD-B875-2E7720653422}C:\program files (x86)\heroes of the storm\versions\base42958\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base42958\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{45EC896B-6D73-4685-8605-8E18A4328AF6}C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F7BAD4B3-8BEE-49BE-81D7-5A72F9251DC7}C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{0F38D81A-54F6-4972-BFB6-A90B1A89AFE4}C:\program files (x86)\hearthstone\hearthstone.exe] => C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{77059313-21E9-4418-BF57-B28E3CA0441E}C:\program files (x86)\hearthstone\hearthstone.exe] => C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{71AC5626-A6B5-4FD3-9FE1-F59E089A5128}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{F9775B9F-88E5-4392-BA0D-07C9A63841DF}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{4346813A-B653-444A-9164-83C054DAD004}] => C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{CE980F2B-721F-4AEA-91AE-A399865F1D0E}] => C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [UDP Query User{26D8D845-37E0-4976-9192-D0D499580D81}C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{0EECFD29-739D-4DFB-9FCB-DE7383E2ED33}C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{7DC5CBE2-7163-48B9-9CFB-F466FAAF03B2}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{93B7AA04-557C-44EE-9FBF-3E99DD7221FE}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{4A6F4E87-24BD-4F82-86DA-B33399B27603}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{CE0EEAC5-4F14-4F06-BA0F-543536E5EA85}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{439D4F80-6B00-4CC1-9DC4-873F6D8491E7}] => C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{6F7B1C5D-23C6-4D69-B2CA-B25F9BAFAB5A}] => C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{118BC40B-BA03-444D-BEE8-D722C83707E0}] => C:\Program Files (x86)\Steam\steamapps\common\Battleborn Open Beta\Binaries\Win64\Battleborn.exe
FirewallRules: [{B5BAC5BF-DE68-4240-A42D-94D6BFF4142B}] => C:\Program Files (x86)\Steam\steamapps\common\Battleborn Open Beta\Binaries\Win64\Battleborn.exe
FirewallRules: [{E2ECC065-66E0-4AD2-B992-B7BD388E0F7F}] => C:\Program Files (x86)\Steam\steamapps\common\Dungeon Defenders 2\DunDefLauncher.exe
FirewallRules: [{1B524F7E-0287-4342-9A15-D768B9440A12}] => C:\Program Files (x86)\Steam\steamapps\common\Dungeon Defenders 2\DunDefLauncher.exe
FirewallRules: [{940FDEDA-1524-4A16-8138-54D3BE43EF36}] => C:\Users\Rad Dieter\Downloads\BlackDesert_Downloader.exe
FirewallRules: [{BC128739-8447-4953-83AE-58240B3831AF}] => C:\Users\Rad Dieter\Downloads\BlackDesert_Launcher.exe
FirewallRules: [{701B3B35-5E55-4131-AB6A-CCBE24A1A1F6}] => C:\Users\Rad Dieter\Downloads\bin64\BlackDesert64.exe
FirewallRules: [{78EFA31E-2A06-4665-B2C3-7B241E454A59}] => C:\Users\Rad Dieter\Downloads\bin\BlackDesert32.exe
FirewallRules: [UDP Query User{42E784BA-71C8-4BB9-ACE4-DE62D8DA8C8F}C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{935305DE-45F9-4C90-A868-6AD7084D09E7}C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{0C4A805F-0FD7-428B-95CE-9D9425FAFBE2}C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{5362E503-7211-451E-A1A8-FBB828BAFD6D}C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{33560717-D983-44BA-B366-3753FF58CE76}C:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe] => C:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe
FirewallRules: [TCP Query User{6C51BFE7-D5B0-4F32-AD5B-536D75F11522}C:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe] => C:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe
FirewallRules: [UDP Query User{84A80D75-EFDA-4BA1-BC1F-E13C2D27258C}C:\program files (x86)\diablo iii\diablo iii.exe] => C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{92F499E6-244B-49B0-8269-40665A0005FC}C:\program files (x86)\diablo iii\diablo iii.exe] => C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{F84A6EF9-16BE-4C9D-932F-2EDBBD4A5FCC}] => C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{B3CD205C-3D1F-4FC4-89AF-EA346FF2BE0F}] => C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [UDP Query User{3B09CFB7-DDF2-4C23-8276-1D94C0014D81}C:\program files (x86)\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{BB6B9BFD-7DE5-4F86-9B8E-A295A691BA10}C:\program files (x86)\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe
FirewallRules: [{B374E08D-7686-4DDB-8523-1CEC61A2E839}] => C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{19E4E08C-A17A-4BD5-B4EF-4355DEB20974}] => C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [UDP Query User{7B760D69-83B6-4C9C-A6F8-F4901E1A6DEE}C:\program files (x86)\hearthstone\hearthstone.exe] => C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{F20F39CB-6FBA-4B86-999F-F494DABD71F1}C:\program files (x86)\hearthstone\hearthstone.exe] => C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{40951323-2338-4440-AFE3-C48CAEC00E28}] => C:\Program Files (x86)\Steam\steamapps\common\DDDA\DDDA.exe
FirewallRules: [{88D3620E-0E03-48E6-A3C3-3F2EED76FCEF}] => C:\Program Files (x86)\Steam\steamapps\common\DDDA\DDDA.exe
FirewallRules: [{9C25D061-1CEE-4F60-A39E-B45301E5ACFF}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B6A8C6C5-BD36-4168-AAA9-F98CCEC9A592}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4268D752-0E23-4D02-A317-72EDC1DC6ACD}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6610A036-2B86-4D74-88E5-CBE31163BAAD}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [UDP Query User{43FFFC7C-55D6-4892-BB31-C2E6ED9262A1}C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3116939D-6A72-41D1-8A30-03098D8BE8EA}C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
FirewallRules: [{1B9BA99A-4494-480E-8C48-4080EC21734B}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D4A575F8-CE36-48E5-A66B-B1528C8BAEEB}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CBD3050B-55A6-49F4-A92F-90B4C1919369}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{026A2B38-561F-4F6F-B68E-FBFEAFF71F23}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{0D830DCA-2B94-4706-81FE-3286C8C1A71A}C:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{AF4AB920-990D-45A7-9BD5-1E13AF94CC12}C:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe
FirewallRules: [{AD7B4019-01FC-4BB4-8E10-6E14E8957F8D}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{50781C2B-0E9A-4234-8102-7848F2E156D4}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{115760C8-2CE4-44DA-9994-75AFAC48184E}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{FD2AA160-A3A6-40FD-B39B-03CEBB067616}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{97A90E71-C0CC-4348-BCC1-F0CB2934A59A}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B159E3C7-0B51-40F3-9BE1-949D890B3427}] => C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{11B1BAA2-3370-4469-8ED7-80B2CAF1C79E}] => C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{603E5D92-23BE-436A-B746-05A62E4F5FF3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{22442A42-9970-459C-A13B-B4D01CADD9AC}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9898576B-9015-42CB-975E-E9CF7BD21A4B}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{12BFBEFC-E35B-4E88-8580-8A1955202B29}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AA8528C5-7FC7-458F-B252-D74BB5B87EE9}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3F2C4251-0DE9-40AF-91BC-A58AD416A6C1}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D05F9FF8-0E4D-4B94-91FF-2F1A2B62155C}] => C:\Program Files (x86)\Steam\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{FCDF9812-8212-4E0C-8E3B-3C54DD5DCEFC}] => C:\Program Files (x86)\Steam\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{BB7EF82C-A93C-43B6-9047-5B5CC8D15356}] => C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{713FD4E9-F38C-4DF7-9431-43D3029AA905}] => C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{DE910C3B-CEA6-46B3-B70B-EFF6298465A3}] => C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{CC747E1F-9AB6-4DCB-9533-82C6A19AEC9A}] => C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [TCP Query User{A37063B1-4480-4AF6-AAB0-9AA0990942DF}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{89986A8F-4FFE-4937-8712-E823DA91232C}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{DA213C23-C0B8-4794-A300-3C0D51EDA1B8}C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D7DC25C6-C98C-44BE-B847-89A1C3D8CC0F}C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{EBA8B3C4-69CE-49C8-96B7-BADCDFC78C8B}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{FD8838FD-7EC6-447C-920F-49D1B4B8E897}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{D676FC27-2B2E-4FDB-B8F8-07CEB01E83B5}C:\program files (x86)\diablo iii\diablo iii.exe] => C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{EAFBD2FE-D417-41C5-B00B-81BF19AB0389}C:\program files (x86)\diablo iii\diablo iii.exe] => C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{BDEF55E3-64EF-48A6-8426-9894D927CF8C}] => C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{14A129A7-2672-431B-A598-A87ECB46F177}] => C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{4F112D85-8D10-41B5-B6B1-39D100429597}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{10482EAE-2F66-48A9-8E5B-6AA48681DE03}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{D1D3411B-E886-40F4-8889-BB16AA0E6EA1}C:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CEF04A07-24A9-4BF6-8643-E8AE1729B718}C:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe
FirewallRules: [{1607D2BA-889B-4706-9ECE-E6C88C3DC8C9}] => C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{F8F6C6F0-138C-44E6-AEA9-AE80520439B1}] => C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{A1160079-BDA5-4A17-8BE9-42946968B129}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{68C49B56-BF1A-4B5B-9107-DA69F6DA65EB}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{9982578F-583E-4A9C-A80A-17307EFCB466}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1E542957-6EB1-461E-A808-067B6C43FAF7}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A1E26B69-F503-4A3B-8600-30051F3275A4}] => C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

19-01-2017 21:21:27 Scheduled Checkpoint
24-01-2017 22:39:20 Windows Update

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2017 08:21:34 PM) (Source: COM) (EventID: 18221) (User: NT AUTHORITY)
Description: The attempt to connect to the RPCSS service was denied access for the COM Server application C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe to the user Unavailable\Unavailable SID (S-1-5-18) running in the application container Unavailable SID (Unavailable). The most likely cause is that the machine wide Access Limits do not grant the user or application local access permissions. The Access Limits can be modified using the Component Services administrative tool.

Error: (01/25/2017 08:21:34 PM) (Source: COM) (EventID: 18221) (User: NT AUTHORITY)
Description: The attempt to connect to the RPCSS service was denied access for the COM Server application C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe to the user Unavailable\Unavailable SID (S-1-5-18) running in the application container Unavailable SID (Unavailable). The most likely cause is that the machine wide Access Limits do not grant the user or application local access permissions. The Access Limits can be modified using the Component Services administrative tool.

Error: (01/25/2017 08:21:34 PM) (Source: COM) (EventID: 18221) (User: NT AUTHORITY)
Description: The attempt to connect to the RPCSS service was denied access for the COM Server application C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe to the user Unavailable\Unavailable SID (S-1-5-18) running in the application container Unavailable SID (Unavailable). The most likely cause is that the machine wide Access Limits do not grant the user or application local access permissions. The Access Limits can be modified using the Component Services administrative tool.

Error: (01/25/2017 08:21:34 PM) (Source: COM) (EventID: 18221) (User: NT AUTHORITY)
Description: The attempt to connect to the RPCSS service was denied access for the COM Server application C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe to the user Unavailable\Unavailable SID (S-1-5-18) running in the application container Unavailable SID (Unavailable). The most likely cause is that the machine wide Access Limits do not grant the user or application local access permissions. The Access Limits can be modified using the Component Services administrative tool.

Error: (01/25/2017 08:21:34 PM) (Source: COM) (EventID: 18221) (User: NT AUTHORITY)
Description: The attempt to connect to the RPCSS service was denied access for the COM Server application C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe to the user Unavailable\Unavailable SID (S-1-5-18) running in the application container Unavailable SID (Unavailable). The most likely cause is that the machine wide Access Limits do not grant the user or application local access permissions. The Access Limits can be modified using the Component Services administrative tool.

Error: (01/25/2017 08:21:34 PM) (Source: COM) (EventID: 18221) (User: NT AUTHORITY)
Description: The attempt to connect to the RPCSS service was denied access for the COM Server application C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe to the user Unavailable\Unavailable SID (S-1-5-18) running in the application container Unavailable SID (Unavailable). The most likely cause is that the machine wide Access Limits do not grant the user or application local access permissions. The Access Limits can be modified using the Component Services administrative tool.

Error: (01/25/2017 08:21:34 PM) (Source: COM) (EventID: 18221) (User: NT AUTHORITY)
Description: The attempt to connect to the RPCSS service was denied access for the COM Server application C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe to the user Unavailable\Unavailable SID (S-1-5-18) running in the application container Unavailable SID (Unavailable). The most likely cause is that the machine wide Access Limits do not grant the user or application local access permissions. The Access Limits can be modified using the Component Services administrative tool.

Error: (01/25/2017 08:21:34 PM) (Source: COM) (EventID: 18221) (User: NT AUTHORITY)
Description: The attempt to connect to the RPCSS service was denied access for the COM Server application C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe to the user Unavailable\Unavailable SID (S-1-5-18) running in the application container Unavailable SID (Unavailable). The most likely cause is that the machine wide Access Limits do not grant the user or application local access permissions. The Access Limits can be modified using the Component Services administrative tool.

Error: (01/25/2017 08:21:34 PM) (Source: COM) (EventID: 18221) (User: NT AUTHORITY)
Description: The attempt to connect to the RPCSS service was denied access for the COM Server application C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe to the user Unavailable\Unavailable SID (S-1-5-18) running in the application container Unavailable SID (Unavailable). The most likely cause is that the machine wide Access Limits do not grant the user or application local access permissions. The Access Limits can be modified using the Component Services administrative tool.

Error: (01/25/2017 08:21:34 PM) (Source: COM) (EventID: 18221) (User: NT AUTHORITY)
Description: The attempt to connect to the RPCSS service was denied access for the COM Server application C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe to the user Unavailable\Unavailable SID (S-1-5-18) running in the application container Unavailable SID (Unavailable). The most likely cause is that the machine wide Access Limits do not grant the user or application local access permissions. The Access Limits can be modified using the Component Services administrative tool.


System errors:
=============
Error: (01/25/2017 08:30:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/25/2017 08:30:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/25/2017 08:30:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/25/2017 08:29:56 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (01/25/2017 08:29:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/25/2017 08:22:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/25/2017 08:22:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/25/2017 08:22:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/25/2017 08:21:54 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (01/25/2017 08:21:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-01-25 20:57:09.448
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-25 20:57:09.446
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-25 20:57:09.442
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-25 20:18:46.101
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-25 20:18:46.100
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-25 20:18:46.098
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-25 20:18:45.000
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-25 20:18:44.999
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-25 20:18:44.997
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-25 20:18:43.910
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 29%
Total physical RAM: 16340.1 MB
Available physical RAM: 11545.93 MB
Total Virtual: 18772.1 MB
Available Virtual: 13597.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.96 GB) (Free:483.6 GB) NTFS
Drive d: (A6210) (CDROM) (Total:0.12 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by rdmed, 25 January 2017 - 11:39 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:26 AM

Posted 26 January 2017 - 11:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: {00A62024-D462-477C-9515-F4D5B7845E2D} - System32\Tasks\{CA9588A5-7D3E-3F0E-1ED5-7F3A7BED0F01} => C:\ProgramData\{F9C05618-4E6B-E1B3-7980-5074DD7B7BDA}\9C4D0371-2BE6-B4DA-36F0-97FFF3801FB0.exe <==== ATTENTION
Task: {00EF0ACF-0AC9-404C-ADE0-D34371E9D197} - System32\Tasks\{CBC0106C-7C6B-A7C7-DBDE-5878CEC71A9A} => C:\ProgramData\{35C1959A-826A-2231-10AC-01E725604E98}\2C818606-9B2A-31AD-3C06-74307D7D5319.exe <==== ATTENTION
Task: {092519A7-FACD-4BA4-B0AF-C09E1A86B47D} - System32\Tasks\{9B8E5535-2C25-E29E-397A-B1089CFE8F60} => C:\ProgramData\{A04D739F-17E6-C434-D69C-017C33CE3B6C}\9553D226-22F8-658D-EA85-B5FDE15A2E14.exe <==== ATTENTION
Task: {0B5C3BC1-766B-4C1C-8624-EE10FA3903F2} - System32\Tasks\{7E64D125-C9CF-668E-4390-FC793155D757} => C:\ProgramData\{6888716B-DF23-C6C0-4085-E558198F9253}\F98F3842-4E24-8FE9-92DD-72246721FFE0.exe <==== ATTENTION
Task: {0BA086B2-4A97-4B3F-AFB6-703B2F1BDA62} - System32\Tasks\{52565290-E5FD-E53B-A997-53A697AB8D2C} => C:\ProgramData\{E7311B8A-509A-AC21-DE53-7796A22A2FEB}\4962013A-FEC9-B691-DF98-22FAB75C72F9.exe <==== ATTENTION
Task: {17BA49AA-7B93-4C7E-84E9-307A700E8462} - System32\Tasks\{07F093EC-B05B-2447-B936-99B410533D39} => C:\ProgramData\{4CCD172D-FB66-A086-A115-BA929BAD77FC}\755B27C3-C2F0-9068-BEAA-5842066AC28D.exe <==== ATTENTION
Task: {1C530A91-14CB-48EB-881F-2D91EDB7A8E9} - System32\Tasks\{D79C0F11-6037-B8BA-8A04-96E46DA626E7} => C:\ProgramData\{D9561E8E-6EFD-A925-7416-DE5C1BBD6889}\DCBDFB5B-6B16-4CF0-4C5E-FAADF285062A.exe <==== ATTENTION
Task: {33895799-ACB3-416C-8C53-E673CB5F2110} - System32\Tasks\{7AFD8556-CD56-32FD-796D-3E64CBC8CB5B} => C:\ProgramData\{0DC39BD4-BA68-2C7F-2CA8-D0D64122DC04}\86839365-3128-24CE-DF46-AF4313A311EC.exe <==== ATTENTION
Task: {4D2D427A-62AD-4527-9723-EFA326538083} - System32\Tasks\{6E5C6D8B-D9F7-DA20-A13D-FF166C007506} => C:\ProgramData\{B927ADC5-0E8C-1A6E-C75F-B81119E446DA}\E4EBEA18-5340-5DB3-E4A3-95CE7576DBFA.exe <==== ATTENTION
Task: {6F5E3D29-CF6D-49E0-ACD8-D094F775FB8A} - \{780C0D47-780D-0C0A-0D11-087E7E0C1105} -> No File <==== ATTENTION
Task: {779D557D-2566-44BC-BA56-1A78EF4D1AF6} - System32\Tasks\{E167CF11-56CC-78BA-AA78-77A9FC85A8FF} => C:\ProgramData\{40DAA10F-F771-16A4-A865-3DD578C90658}\F6A639A0-410D-8E0B-31C6-D59240359A12.exe <==== ATTENTION
Task: {94E988D3-857D-4DA4-8D71-C84915F53019} - System32\Tasks\{95F22926-2259-9E8D-1FA5-8C940704244A} => C:\ProgramData\{5FEE4FD4-E845-F87F-2B45-18524452E725}\42EB0218-F540-B5B3-1F8F-9BCF2818A209.exe <==== ATTENTION
Task: {99754ABB-052D-474A-A52A-55C4F4C2BB8E} - System32\Tasks\{68550676-DFFE-B1DD-D03B-03EB201E3A28} => C:\ProgramData\{34109459-83BB-23F2-26CB-51EA6493307B}\6772774A-D0D9-C0E1-D4AB-A990D9C987C3.exe <==== ATTENTION
Task: {9A0D1A7D-CE7C-4A67-9FCD-048E90CBDA02} - System32\Tasks\{A5915363-123A-E4C8-3128-4EB40D808CF6} => C:\ProgramData\{985E6549-2FF5-D2E2-BB9B-7D9E7B080691}\B0E605D3-074D-B278-517D-E5B528141FF5.exe <==== ATTENTION
Task: {A5D1BE65-F857-4089-83B1-EDCD488EFBE4} - System32\Tasks\{93EEC322-C794-9AA4-27F9-EAD0786A861C} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\46872de3\100c440d.dll" <==== ATTENTION
Task: {AD1A04A0-8035-439F-926C-181F0CC02372} - System32\Tasks\{21A15D0E-960A-EAA5-4220-7D6FBD646AAB} => C:\ProgramData\{C2DF79E1-7574-CE4A-445F-1D11BB14FF1D}\937D2472-24D6-93D9-5C99-6D23D8288326.exe <==== ATTENTION
Task: {FCDE3268-F95F-43EF-8654-A2790D5D5C94} - System32\Tasks\{A02CF57E-1787-42D5-4E9D-57B9E90B0C0A} => C:\ProgramData\{1733E6E4-A098-514F-136D-14651AE4E151}\321EF487-85B5-432C-AD60-15573C622C38.exe <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rad Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-20]
CHR Extension: (Chrome Media Router) - C:\Users\Rad Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-20]
C:\ProgramData\{F9C05618-4E6B-E1B3-7980-5074DD7B7BDA}
C:\ProgramData\{35C1959A-826A-2231-10AC-01E725604E98}
C:\ProgramData\{A04D739F-17E6-C434-D69C-017C33CE3B6C}
C:\ProgramData\{6888716B-DF23-C6C0-4085-E558198F9253}
C:\ProgramData\{E7311B8A-509A-AC21-DE53-7796A22A2FEB}
C:\ProgramData\{4CCD172D-FB66-A086-A115-BA929BAD77FC}
C:\ProgramData\{D9561E8E-6EFD-A925-7416-DE5C1BBD6889}
C:\ProgramData\{0DC39BD4-BA68-2C7F-2CA8-D0D64122DC04}
C:\ProgramData\{B927ADC5-0E8C-1A6E-C75F-B81119E446DA}
C:\ProgramData\{40DAA10F-F771-16A4-A865-3DD578C90658}
C:\ProgramData\{5FEE4FD4-E845-F87F-2B45-18524452E725}
C:\ProgramData\{34109459-83BB-23F2-26CB-51EA6493307B}
C:\ProgramData\{985E6549-2FF5-D2E2-BB9B-7D9E7B080691}
C:\PROGRA~3\46872de3
C:\ProgramData\{C2DF79E1-7574-CE4A-445F-1D11BB14FF1D}
C:\ProgramData\{1733E6E4-A098-514F-136D-14651AE4E151}
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#3 rdmed

rdmed
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 26 January 2017 - 11:27 AM

Hi nasdaq,

 

I very much appreciate your help!

 

Here is the requested log.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017 01
Ran by Rad Dieter (26-01-2017 10:22:26) Run:1
Running from C:\Users\Rad Dieter\Downloads
Loaded Profiles: Rad Dieter (Available Profiles: Rad Dieter)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: {00A62024-D462-477C-9515-F4D5B7845E2D} - System32\Tasks\{CA9588A5-7D3E-3F0E-1ED5-7F3A7BED0F01} => C:\ProgramData\{F9C05618-4E6B-E1B3-7980-5074DD7B7BDA}\9C4D0371-2BE6-B4DA-36F0-97FFF3801FB0.exe <==== ATTENTION
Task: {00EF0ACF-0AC9-404C-ADE0-D34371E9D197} - System32\Tasks\{CBC0106C-7C6B-A7C7-DBDE-5878CEC71A9A} => C:\ProgramData\{35C1959A-826A-2231-10AC-01E725604E98}\2C818606-9B2A-31AD-3C06-74307D7D5319.exe <==== ATTENTION
Task: {092519A7-FACD-4BA4-B0AF-C09E1A86B47D} - System32\Tasks\{9B8E5535-2C25-E29E-397A-B1089CFE8F60} => C:\ProgramData\{A04D739F-17E6-C434-D69C-017C33CE3B6C}\9553D226-22F8-658D-EA85-B5FDE15A2E14.exe <==== ATTENTION
Task: {0B5C3BC1-766B-4C1C-8624-EE10FA3903F2} - System32\Tasks\{7E64D125-C9CF-668E-4390-FC793155D757} => C:\ProgramData\{6888716B-DF23-C6C0-4085-E558198F9253}\F98F3842-4E24-8FE9-92DD-72246721FFE0.exe <==== ATTENTION
Task: {0BA086B2-4A97-4B3F-AFB6-703B2F1BDA62} - System32\Tasks\{52565290-E5FD-E53B-A997-53A697AB8D2C} => C:\ProgramData\{E7311B8A-509A-AC21-DE53-7796A22A2FEB}\4962013A-FEC9-B691-DF98-22FAB75C72F9.exe <==== ATTENTION
Task: {17BA49AA-7B93-4C7E-84E9-307A700E8462} - System32\Tasks\{07F093EC-B05B-2447-B936-99B410533D39} => C:\ProgramData\{4CCD172D-FB66-A086-A115-BA929BAD77FC}\755B27C3-C2F0-9068-BEAA-5842066AC28D.exe <==== ATTENTION
Task: {1C530A91-14CB-48EB-881F-2D91EDB7A8E9} - System32\Tasks\{D79C0F11-6037-B8BA-8A04-96E46DA626E7} => C:\ProgramData\{D9561E8E-6EFD-A925-7416-DE5C1BBD6889}\DCBDFB5B-6B16-4CF0-4C5E-FAADF285062A.exe <==== ATTENTION
Task: {33895799-ACB3-416C-8C53-E673CB5F2110} - System32\Tasks\{7AFD8556-CD56-32FD-796D-3E64CBC8CB5B} => C:\ProgramData\{0DC39BD4-BA68-2C7F-2CA8-D0D64122DC04}\86839365-3128-24CE-DF46-AF4313A311EC.exe <==== ATTENTION
Task: {4D2D427A-62AD-4527-9723-EFA326538083} - System32\Tasks\{6E5C6D8B-D9F7-DA20-A13D-FF166C007506} => C:\ProgramData\{B927ADC5-0E8C-1A6E-C75F-B81119E446DA}\E4EBEA18-5340-5DB3-E4A3-95CE7576DBFA.exe <==== ATTENTION
Task: {6F5E3D29-CF6D-49E0-ACD8-D094F775FB8A} - \{780C0D47-780D-0C0A-0D11-087E7E0C1105} -> No File <==== ATTENTION
Task: {779D557D-2566-44BC-BA56-1A78EF4D1AF6} - System32\Tasks\{E167CF11-56CC-78BA-AA78-77A9FC85A8FF} => C:\ProgramData\{40DAA10F-F771-16A4-A865-3DD578C90658}\F6A639A0-410D-8E0B-31C6-D59240359A12.exe <==== ATTENTION
Task: {94E988D3-857D-4DA4-8D71-C84915F53019} - System32\Tasks\{95F22926-2259-9E8D-1FA5-8C940704244A} => C:\ProgramData\{5FEE4FD4-E845-F87F-2B45-18524452E725}\42EB0218-F540-B5B3-1F8F-9BCF2818A209.exe <==== ATTENTION
Task: {99754ABB-052D-474A-A52A-55C4F4C2BB8E} - System32\Tasks\{68550676-DFFE-B1DD-D03B-03EB201E3A28} => C:\ProgramData\{34109459-83BB-23F2-26CB-51EA6493307B}\6772774A-D0D9-C0E1-D4AB-A990D9C987C3.exe <==== ATTENTION
Task: {9A0D1A7D-CE7C-4A67-9FCD-048E90CBDA02} - System32\Tasks\{A5915363-123A-E4C8-3128-4EB40D808CF6} => C:\ProgramData\{985E6549-2FF5-D2E2-BB9B-7D9E7B080691}\B0E605D3-074D-B278-517D-E5B528141FF5.exe <==== ATTENTION
Task: {A5D1BE65-F857-4089-83B1-EDCD488EFBE4} - System32\Tasks\{93EEC322-C794-9AA4-27F9-EAD0786A861C} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\46872de3\100c440d.dll" <==== ATTENTION
Task: {AD1A04A0-8035-439F-926C-181F0CC02372} - System32\Tasks\{21A15D0E-960A-EAA5-4220-7D6FBD646AAB} => C:\ProgramData\{C2DF79E1-7574-CE4A-445F-1D11BB14FF1D}\937D2472-24D6-93D9-5C99-6D23D8288326.exe <==== ATTENTION
Task: {FCDE3268-F95F-43EF-8654-A2790D5D5C94} - System32\Tasks\{A02CF57E-1787-42D5-4E9D-57B9E90B0C0A} => C:\ProgramData\{1733E6E4-A098-514F-136D-14651AE4E151}\321EF487-85B5-432C-AD60-15573C622C38.exe <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rad Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-20]
CHR Extension: (Chrome Media Router) - C:\Users\Rad Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-20]
C:\ProgramData\{F9C05618-4E6B-E1B3-7980-5074DD7B7BDA}
C:\ProgramData\{35C1959A-826A-2231-10AC-01E725604E98}
C:\ProgramData\{A04D739F-17E6-C434-D69C-017C33CE3B6C}
C:\ProgramData\{6888716B-DF23-C6C0-4085-E558198F9253}
C:\ProgramData\{E7311B8A-509A-AC21-DE53-7796A22A2FEB}
C:\ProgramData\{4CCD172D-FB66-A086-A115-BA929BAD77FC}
C:\ProgramData\{D9561E8E-6EFD-A925-7416-DE5C1BBD6889}
C:\ProgramData\{0DC39BD4-BA68-2C7F-2CA8-D0D64122DC04}
C:\ProgramData\{B927ADC5-0E8C-1A6E-C75F-B81119E446DA}
C:\ProgramData\{40DAA10F-F771-16A4-A865-3DD578C90658}
C:\ProgramData\{5FEE4FD4-E845-F87F-2B45-18524452E725}
C:\ProgramData\{34109459-83BB-23F2-26CB-51EA6493307B}
C:\ProgramData\{985E6549-2FF5-D2E2-BB9B-7D9E7B080691}
C:\PROGRA~3\46872de3
C:\ProgramData\{C2DF79E1-7574-CE4A-445F-1D11BB14FF1D}
C:\ProgramData\{1733E6E4-A098-514F-136D-14651AE4E151}
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00A62024-D462-477C-9515-F4D5B7845E2D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00A62024-D462-477C-9515-F4D5B7845E2D} => key removed successfully
C:\WINDOWS\System32\Tasks\{CA9588A5-7D3E-3F0E-1ED5-7F3A7BED0F01} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CA9588A5-7D3E-3F0E-1ED5-7F3A7BED0F01} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00EF0ACF-0AC9-404C-ADE0-D34371E9D197} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00EF0ACF-0AC9-404C-ADE0-D34371E9D197} => key removed successfully
C:\WINDOWS\System32\Tasks\{CBC0106C-7C6B-A7C7-DBDE-5878CEC71A9A} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CBC0106C-7C6B-A7C7-DBDE-5878CEC71A9A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{092519A7-FACD-4BA4-B0AF-C09E1A86B47D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{092519A7-FACD-4BA4-B0AF-C09E1A86B47D} => key removed successfully
C:\WINDOWS\System32\Tasks\{9B8E5535-2C25-E29E-397A-B1089CFE8F60} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9B8E5535-2C25-E29E-397A-B1089CFE8F60} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B5C3BC1-766B-4C1C-8624-EE10FA3903F2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B5C3BC1-766B-4C1C-8624-EE10FA3903F2} => key removed successfully
C:\WINDOWS\System32\Tasks\{7E64D125-C9CF-668E-4390-FC793155D757} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7E64D125-C9CF-668E-4390-FC793155D757} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0BA086B2-4A97-4B3F-AFB6-703B2F1BDA62} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BA086B2-4A97-4B3F-AFB6-703B2F1BDA62} => key removed successfully
C:\WINDOWS\System32\Tasks\{52565290-E5FD-E53B-A997-53A697AB8D2C} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{52565290-E5FD-E53B-A997-53A697AB8D2C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17BA49AA-7B93-4C7E-84E9-307A700E8462} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17BA49AA-7B93-4C7E-84E9-307A700E8462} => key removed successfully
C:\WINDOWS\System32\Tasks\{07F093EC-B05B-2447-B936-99B410533D39} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{07F093EC-B05B-2447-B936-99B410533D39} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C530A91-14CB-48EB-881F-2D91EDB7A8E9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C530A91-14CB-48EB-881F-2D91EDB7A8E9} => key removed successfully
C:\WINDOWS\System32\Tasks\{D79C0F11-6037-B8BA-8A04-96E46DA626E7} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D79C0F11-6037-B8BA-8A04-96E46DA626E7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33895799-ACB3-416C-8C53-E673CB5F2110} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33895799-ACB3-416C-8C53-E673CB5F2110} => key removed successfully
C:\WINDOWS\System32\Tasks\{7AFD8556-CD56-32FD-796D-3E64CBC8CB5B} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7AFD8556-CD56-32FD-796D-3E64CBC8CB5B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D2D427A-62AD-4527-9723-EFA326538083} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D2D427A-62AD-4527-9723-EFA326538083} => key removed successfully
C:\WINDOWS\System32\Tasks\{6E5C6D8B-D9F7-DA20-A13D-FF166C007506} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6E5C6D8B-D9F7-DA20-A13D-FF166C007506} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F5E3D29-CF6D-49E0-ACD8-D094F775FB8A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F5E3D29-CF6D-49E0-ACD8-D094F775FB8A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{780C0D47-780D-0C0A-0D11-087E7E0C1105} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{779D557D-2566-44BC-BA56-1A78EF4D1AF6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{779D557D-2566-44BC-BA56-1A78EF4D1AF6} => key removed successfully
C:\WINDOWS\System32\Tasks\{E167CF11-56CC-78BA-AA78-77A9FC85A8FF} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E167CF11-56CC-78BA-AA78-77A9FC85A8FF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94E988D3-857D-4DA4-8D71-C84915F53019} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94E988D3-857D-4DA4-8D71-C84915F53019} => key removed successfully
C:\WINDOWS\System32\Tasks\{95F22926-2259-9E8D-1FA5-8C940704244A} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{95F22926-2259-9E8D-1FA5-8C940704244A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99754ABB-052D-474A-A52A-55C4F4C2BB8E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99754ABB-052D-474A-A52A-55C4F4C2BB8E} => key removed successfully
C:\WINDOWS\System32\Tasks\{68550676-DFFE-B1DD-D03B-03EB201E3A28} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{68550676-DFFE-B1DD-D03B-03EB201E3A28} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A0D1A7D-CE7C-4A67-9FCD-048E90CBDA02} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A0D1A7D-CE7C-4A67-9FCD-048E90CBDA02} => key removed successfully
C:\WINDOWS\System32\Tasks\{A5915363-123A-E4C8-3128-4EB40D808CF6} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A5915363-123A-E4C8-3128-4EB40D808CF6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5D1BE65-F857-4089-83B1-EDCD488EFBE4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5D1BE65-F857-4089-83B1-EDCD488EFBE4} => key removed successfully
C:\WINDOWS\System32\Tasks\{93EEC322-C794-9AA4-27F9-EAD0786A861C} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{93EEC322-C794-9AA4-27F9-EAD0786A861C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD1A04A0-8035-439F-926C-181F0CC02372} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD1A04A0-8035-439F-926C-181F0CC02372} => key removed successfully
C:\WINDOWS\System32\Tasks\{21A15D0E-960A-EAA5-4220-7D6FBD646AAB} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{21A15D0E-960A-EAA5-4220-7D6FBD646AAB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCDE3268-F95F-43EF-8654-A2790D5D5C94} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCDE3268-F95F-43EF-8654-A2790D5D5C94} => key removed successfully
C:\WINDOWS\System32\Tasks\{A02CF57E-1787-42D5-4E9D-57B9E90B0C0A} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A02CF57E-1787-42D5-4E9D-57B9E90B0C0A} => key removed successfully
C:\Users\Rad Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Rad Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
C:\ProgramData\{F9C05618-4E6B-E1B3-7980-5074DD7B7BDA} => moved successfully
"C:\ProgramData\{35C1959A-826A-2231-10AC-01E725604E98}" => not found.
C:\ProgramData\{A04D739F-17E6-C434-D69C-017C33CE3B6C} => moved successfully
"C:\ProgramData\{6888716B-DF23-C6C0-4085-E558198F9253}" => not found.
"C:\ProgramData\{E7311B8A-509A-AC21-DE53-7796A22A2FEB}" => not found.
"C:\ProgramData\{4CCD172D-FB66-A086-A115-BA929BAD77FC}" => not found.
C:\ProgramData\{D9561E8E-6EFD-A925-7416-DE5C1BBD6889} => moved successfully
"C:\ProgramData\{0DC39BD4-BA68-2C7F-2CA8-D0D64122DC04}" => not found.
C:\ProgramData\{B927ADC5-0E8C-1A6E-C75F-B81119E446DA} => moved successfully
"C:\ProgramData\{40DAA10F-F771-16A4-A865-3DD578C90658}" => not found.
"C:\ProgramData\{5FEE4FD4-E845-F87F-2B45-18524452E725}" => not found.
C:\ProgramData\{34109459-83BB-23F2-26CB-51EA6493307B} => moved successfully
C:\ProgramData\{985E6549-2FF5-D2E2-BB9B-7D9E7B080691} => moved successfully
"C:\PROGRA~3\46872de3" => not found.
"C:\ProgramData\{C2DF79E1-7574-CE4A-445F-1D11BB14FF1D}" => not found.
"C:\ProgramData\{1733E6E4-A098-514F-136D-14651AE4E151}" => not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= IPCONFIG /release =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2601:3c1:c203:14e0:5c4e:a90f:bdd9:25b5
   Temporary IPv6 Address. . . . . . : 2601:3c1:c203:14e0:21df:16e:febc:d93d
   Link-local IPv6 Address . . . . . : fe80::5c4e:a90f:bdd9:25b5%7
   Default Gateway . . . . . . . . . : fe80::b27f:b9ff:fee1:e86a%7

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 10:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


========= IPCONFIG /renew =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : hsd1.tn.comcast.net.
   IPv6 Address. . . . . . . . . . . : 2601:3c1:c203:14e0:5c4e:a90f:bdd9:25b5
   Temporary IPv6 Address. . . . . . : 2601:3c1:c203:14e0:21df:16e:febc:d93d
   Link-local IPv6 Address . . . . . : fe80::5c4e:a90f:bdd9:25b5%7
   IPv4 Address. . . . . . . . . . . : 192.168.0.11
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::b27f:b9ff:fee1:e86a%7
                                       192.168.0.1

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 10:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:20f9:3d90:b4bf:28e7
   Link-local IPv6 Address . . . . . : fe80::20f9:3d90:b4bf:28e7%19
   Default Gateway . . . . . . . . . :

Tunnel adapter isatap.hsd1.tn.comcast.net.:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.tn.comcast.net.

========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv4 reset =========

Resetting , failed.
Access is denied.

There's no user specified settings to be reset.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{0D814FB7-BDED-4F59-A6E1-9A7070A44A7B} canceled.
{E69E7B93-A2EA-4A3F-9E48-9C23F091AE96} canceled.
{D0D70AC6-3E02-4770-B651-45DB586F16D0} canceled.
3 out of 3 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15241606 B
Java, Flash, Steam htmlcache => 820 B
Windows/system/drivers => 241170536 B
Edge => 36108 B
Chrome => 350208 B
Firefox => 395752155 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 3394 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 81920 B
NetworkService => 567124 B
Rad Dieter => 12131974 B

RecycleBin => 0 B
EmptyTemp: => 634.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:22:41 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:26 AM

Posted 26 January 2017 - 11:46 AM

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#5 rdmed

rdmed
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 26 January 2017 - 12:24 PM

Here are the RogueKiller results.

 

RogueKiller V12.9.5.0 (x64) [Jan 23 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Rad Dieter [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 01/26/2017 10:57:58 (Duration : 00:15:09)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 1 ¤¤¤
[Tr.Gen1|Suspicious.Path] \{D0DECD93-6775-7A38-0BDA-A0A1896D0759} -- C:\ProgramData\{AFBD7B19-1816-CCB2-839F-B7004EE35BDA}\EAE088EE-5D4B-3F45-7911-EF6F1DC2FA79.exe (/run) -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: MKNSSDRE1TB +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 99 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1126400 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1159168 | Size: 953303 MB
User = LL1 ... OK
User = LL2 ... OK

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:26 AM

Posted 26 January 2017 - 01:30 PM

Run the RogueKiller tool and delete what was identified.

How is it now?

#7 rdmed

rdmed
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 26 January 2017 - 04:52 PM

I deleted the file as you instructed.

 

Everything has been fine since that point.  I have not received any warnings from Malwarebytes indicating malicious websites have been blocked.

 

Thank you again.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:26 AM

Posted 27 January 2017 - 07:47 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users