Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected tr/crypt.xpack.gen2 trojan


  • This topic is locked This topic is locked
13 replies to this topic

#1 BradPittWasATrojan

BradPittWasATrojan

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 26 January 2017 - 07:40 PM

Hey, it appears that I got a pretty nasty trojan today. I'm not certain how exactly I got this thing. The two sites I had visited right before I noticed something was up were Twitch.tv and dailywire.com. I was reading an article on dailywire and when I finished I closed my Chrome browser and walked away (nothing on my computer was open at this point). Upon returning, all the icons on my desktop had been rearranged and there was a browser window open to dingit.tv. I was confused, so I opened my browser history and saw that my browser had been redirected to around 10 or so video game/stream related sites as well as some other redirect sites (engine.4dsply.com was another site that had apparently been visited).
 
I ran an Avira scan and nothing came up. I quickly downloaded Bitdefender and Adaware and still came up with nothing. Then right when I was about to write it off and consider giving up the chase, Avira warned me that it had quarantined around 5 files. That's how I came up with the tr/crypt diagnosis. I looked it up, found this site, and downloaded Adwcleaner and FRST. I will post all the logs I got from running those programs. Thanks in advance for any help.
 
 
 
---
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-01-2017 01
Ran by Andrew (administrator) on DESKTOP-BAVC55L (26-01-2017 19:13:51)
Running from C:\Users\Andrew\Downloads
Loaded Profiles: Andrew (Available Profiles: Andrew & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\PixelMaster Video HDR\DriverMFTService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\PreSonus\AudioBox\AudioBox.exe
(Spotify Ltd) C:\Users\Andrew\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Hammer & Chisel, Inc.) C:\Users\Andrew\AppData\Local\Discord\app-0.0.297\Discord.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Hammer & Chisel, Inc.) C:\Users\Andrew\AppData\Local\Discord\app-0.0.297\Discord.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Hammer & Chisel, Inc.) C:\Users\Andrew\AppData\Local\Discord\app-0.0.297\Discord.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTray.exe [9533688 2016-12-15] ()
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe [63272 2015-05-31] ()
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-06] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1696093611-1018890965-437183417-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-28] (Skype Technologies S.A.)
HKU\S-1-5-21-1696093611-1018890965-437183417-1001\...\Run: [AudioBox VSL] => C:\Program Files\PreSonus\AudioBox\AudioBox.exe [7593984 2014-07-16] ()
HKU\S-1-5-21-1696093611-1018890965-437183417-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-1696093611-1018890965-437183417-1001\...\Run: [Spotify Web Helper] => C:\Users\Andrew\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-08] (Spotify Ltd)
HKU\S-1-5-21-1696093611-1018890965-437183417-1001\...\Run: [Spotify] => C:\Users\Andrew\AppData\Roaming\Spotify\Spotify.exe [7153264 2017-01-08] (Spotify Ltd)
HKU\S-1-5-21-1696093611-1018890965-437183417-1001\...\Run: [Discord] => C:\Users\Andrew\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1696093611-1018890965-437183417-1001\...\MountPoints2: {b0196987-5849-11e5-9bc5-806e6f6e6963} - "E:\start.exe" 
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2015-11-30] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-06-03]
ShortcutTarget: Curse.lnk -> C:\Users\Andrew\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.252.0.12
Tcpip\..\Interfaces\{19db12a8-a4df-4356-80bd-dd38e4e1b565}: [DhcpNameServer] 192.168.1.1 71.252.0.12
Tcpip\..\Interfaces\{726efe7e-8eb1-486f-a04a-ee00827e8b9e}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1696093611-1018890965-437183417-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-1696093611-1018890965-437183417-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-1696093611-1018890965-437183417-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1696093611-1018890965-437183417-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_112\bin\ssv.dll [2016-11-28] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-11-28] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\ssv.dll [2016-11-28] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-11-28] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: dgr6rga5.default
FF ProfilePath: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\dgr6rga5.default [2017-01-26]
FF Extension: (Avira Browser Safety) - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\dgr6rga5.default\Extensions\abs@avira.com [2017-01-13]
FF Extension: (Firefox Hotfix) - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\dgr6rga5.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-10-10]
FF SearchPlugin: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\dgr6rga5.default\searchplugins\McSiteAdvisor.xml [2016-01-04]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-11-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-11-28] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-11-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-11-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://patrickjmt.com/
CHR StartupUrls: Default -> "hxxp://networkengineering.stackexchange.com/"
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default [2017-01-26]
CHR Extension: (Google Docs) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-30]
CHR Extension: (Google Drive) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-30]
CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-30]
CHR Extension: (JSONView) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc [2017-01-26]
CHR Extension: (Google Search) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-30]
CHR Extension: (Avira Browser Safety) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-01-13]
CHR Extension: (Google Docs Offline) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Unicorn Smasher) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmmeekapjbfjachdkgabdaoccfclpaa [2017-01-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-30]
CHR Extension: (Chrome Media Router) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-09]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe [71168 2015-05-31] (ASUS Cloud Corporation) [File not signed]
S4 ASUSGiftBoxDekstop; C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [315704 2015-07-20] (ASUS)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 DriverMFTService; C:\Program Files (x86)\Asus\PixelMaster Video HDR\DriverMFTService.exe [20992 2015-05-19] (ASUSTek Computer Inc.) [File not signed]
R2 ftpsvc; C:\WINDOWS\system32\inetsrv\ftpsvc.dll [382976 2016-08-29] (Microsoft Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel Corporation)
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [17408 2016-08-29] (Microsoft Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareService.exe [630976 2016-12-15] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-07-09] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 WMSVC; C:\WINDOWS\system32\inetsrv\wmsvc.exe [12288 2016-08-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-07-09] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUS Corporation)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [151352 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [153904 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [35488 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [78208 2016-12-06] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [28272 2016-12-06] (Avira Operations GmbH & Co. KG)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R2 IntelHaxm; C:\WINDOWS\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel  Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-25] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [4043544 2015-07-16] (Intel Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 paeusbaudio; C:\WINDOWS\System32\drivers\paeusbaudio_x64.sys [260096 2014-04-16] ()
R3 paeusbaudiodsp; C:\WINDOWS\System32\drivers\paeusbaudiodsp_x64.sys [62464 2014-07-16] ()
R3 paeusbaudioks; C:\WINDOWS\system32\DRIVERS\paeusbaudioks_x64.sys [46080 2014-04-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-14] (Realtek                                            )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-06-15] (Realsil Semiconductor Corporation)
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [485512 2016-04-28] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-26 19:13 - 2017-01-26 19:14 - 00022582 _____ C:\Users\Andrew\Downloads\FRST.txt
2017-01-26 19:13 - 2017-01-26 19:13 - 02420736 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2017-01-26 19:13 - 2017-01-26 19:13 - 00000000 ____D C:\FRST
2017-01-26 19:12 - 2017-01-26 19:12 - 01762816 _____ (Farbar) C:\Users\Andrew\Downloads\FRST.exe
2017-01-26 18:56 - 2017-01-26 19:00 - 00000000 ____D C:\AdwCleaner
2017-01-26 18:55 - 2017-01-26 18:56 - 03988944 _____ C:\Users\Andrew\Downloads\AdwCleaner.exe
2017-01-26 18:49 - 2017-01-26 18:49 - 00000000 ____D C:\Users\Andrew\Desktop\All pictures
2017-01-26 18:47 - 2017-01-26 18:50 - 00000000 ____D C:\Users\Andrew\Desktop\Information
2017-01-26 18:28 - 2017-01-26 19:08 - 00000165 _____ C:\Users\Andrew\AppData\Roaming\sp_data.sys
2017-01-26 17:32 - 2017-01-26 17:32 - 00000000 ____D C:\WINDOWS\LastGood
2017-01-26 17:26 - 2017-01-26 17:26 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Lavasoft
2017-01-26 17:18 - 2017-01-26 17:18 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\WildTangent
2017-01-26 17:09 - 2017-01-26 19:06 - 00002425 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2017-01-26 17:09 - 2017-01-26 17:09 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\LavasoftStatistics
2017-01-26 17:09 - 2017-01-26 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2017-01-26 17:09 - 2017-01-26 17:09 - 00000000 ____D C:\Program Files\Lavasoft
2017-01-26 17:08 - 2017-01-26 17:08 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2017-01-26 17:07 - 2017-01-26 17:07 - 02586928 _____ C:\Users\Andrew\Downloads\Adaware_Installer.exe
2017-01-26 17:07 - 2017-01-26 17:07 - 00000000 ____D C:\ProgramData\Lavasoft
2017-01-26 16:57 - 2017-01-26 16:58 - 48750920 _____ C:\Users\Andrew\Downloads\BDPUARLauncher.exe
2017-01-26 16:44 - 2017-01-26 16:44 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-01-26 16:43 - 2017-01-26 16:44 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-01-25 03:57 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 03:57 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-20 11:23 - 2017-01-20 11:23 - 00001111 _____ C:\Users\Public\Desktop\Guitar Pro 6.lnk
2017-01-20 11:23 - 2017-01-20 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6
2017-01-20 11:22 - 2017-01-20 11:22 - 00000000 ____D C:\Program Files (x86)\Guitar Pro 6
2017-01-20 11:20 - 2017-01-20 11:21 - 40277264 _____ (Arobas Music ) C:\Users\Andrew\Downloads\gp6-full-win-r11686.exe
2017-01-13 19:34 - 2017-01-13 19:34 - 05855084 _____ C:\Users\Andrew\Downloads\pics1.zip
2017-01-13 09:26 - 2017-01-13 09:26 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Avira
2017-01-13 09:25 - 2017-01-13 09:25 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-01-13 09:25 - 2016-12-06 16:01 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2017-01-13 09:25 - 2016-12-06 16:01 - 00028272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2017-01-13 09:24 - 2016-12-06 16:01 - 00153904 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2017-01-13 09:24 - 2016-12-06 16:01 - 00151352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2017-01-13 09:24 - 2016-12-06 16:01 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2017-01-13 09:22 - 2017-01-13 09:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-01-13 09:22 - 2017-01-13 09:24 - 00000000 ____D C:\ProgramData\Avira
2017-01-13 09:22 - 2017-01-13 09:24 - 00000000 ____D C:\Program Files (x86)\Avira
2017-01-13 09:22 - 2017-01-13 09:22 - 04581024 _____ (Avira Operations GmbH & Co. KG) C:\Users\Andrew\Downloads\avira_en_av_5878e27f03cb4__ws (1).exe
2017-01-13 09:22 - 2017-01-13 09:22 - 00001279 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-01-13 09:21 - 2017-01-13 09:22 - 04581024 _____ (Avira Operations GmbH & Co. KG) C:\Users\Andrew\Downloads\avira_en_av_5878e27f03cb4__ws.exe
2017-01-12 03:09 - 2017-01-12 03:09 - 00000982 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk
2017-01-12 03:09 - 2017-01-12 03:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2017-01-12 02:43 - 2017-01-24 06:12 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-01-12 02:43 - 2017-01-12 03:09 - 00000000 ____D C:\Users\Andrew\Documents\Heroes of the Storm
2017-01-12 02:41 - 2017-01-12 02:42 - 03343856 _____ (Blizzard Entertainment) C:\Users\Andrew\Downloads\Heroes-of-the-Storm-Setup.exe
2017-01-11 02:55 - 2017-01-11 02:55 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-01-10 21:41 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 21:41 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 21:41 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 21:41 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 21:41 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 21:41 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 21:41 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 21:41 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 21:41 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 21:41 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 21:41 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 21:41 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 21:41 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 21:41 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 21:41 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 21:41 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 21:41 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 21:41 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 21:41 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 21:41 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 21:41 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 21:41 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 21:41 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 21:41 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 21:41 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 21:41 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 21:41 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 21:41 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 21:41 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 21:41 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 21:41 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 21:41 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 21:41 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 21:41 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 21:41 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 21:41 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 21:41 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 21:41 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 21:41 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 21:41 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 21:41 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 21:41 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 21:41 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 21:41 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 21:41 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 21:41 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 21:41 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 21:41 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 21:41 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 21:41 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 21:41 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 21:41 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 21:41 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 21:41 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 21:41 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 21:41 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 21:41 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 21:40 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 21:40 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 21:40 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 21:40 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 21:40 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 21:40 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 21:40 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 21:40 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 21:40 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 21:40 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 21:40 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 21:40 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 21:40 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 21:40 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 21:40 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 21:40 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 21:40 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 21:40 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 21:40 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 21:40 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 21:40 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 21:40 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 21:40 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 21:40 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 21:40 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 21:40 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 21:40 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 21:40 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 21:40 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 21:40 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 21:40 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 21:40 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 21:40 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 21:40 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 21:40 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 21:40 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 21:40 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 21:40 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 21:40 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 21:40 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 21:40 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 21:40 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 21:40 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 21:40 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 21:40 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 21:40 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 21:40 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 21:40 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 21:40 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 21:40 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 21:40 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 21:40 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 21:40 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 21:40 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 21:40 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 21:40 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 21:40 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 21:40 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 21:40 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 21:40 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 21:40 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 21:40 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 21:40 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 21:40 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 21:40 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 21:40 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 21:40 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 21:40 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 21:40 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 21:40 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 21:40 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 21:40 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 21:40 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 21:40 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 21:40 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 21:40 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 21:40 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 21:40 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 21:40 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 21:40 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 21:40 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 21:40 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 21:40 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 21:40 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 21:40 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 21:40 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 21:40 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 21:40 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 21:40 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 21:40 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 21:40 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 21:40 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 21:40 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 21:40 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 21:40 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 21:40 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 21:40 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 21:40 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 21:40 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 21:40 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 21:40 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 21:40 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 21:40 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 21:40 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 21:40 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 21:40 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 21:40 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 21:40 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-10 21:40 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-09 23:14 - 2017-01-09 23:14 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\com.pearson.ccna.NetworkSimulator.ICND1.100-105.lite
2017-01-09 23:13 - 2017-01-09 23:13 - 00001745 _____ C:\Users\Andrew\Desktop\ICND1 100-105 Network Simulator Lite.lnk
2017-01-09 23:12 - 2017-01-09 23:13 - 00000000 ___HD C:\Program Files (x86)\Zero G Registry
2017-01-09 23:12 - 2017-01-09 23:13 - 00000000 ____D C:\Program Files (x86)\ICND1 100-105 Network Simulator Lite
2017-01-09 23:12 - 2017-01-09 23:12 - 00000000 ___HD C:\Users\Andrew\InstallAnywhere
2017-01-09 23:12 - 2017-01-09 23:12 - 00000000 ____D C:\ProgramData\ICND1 100-105 Network Simulator Lite
2017-01-09 15:48 - 2017-01-20 20:36 - 00000000 ____D C:\Users\Andrew\Desktop\Highlights
2017-01-08 19:56 - 2017-01-19 07:11 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\discord
2017-01-08 19:56 - 2017-01-17 01:47 - 00002240 _____ C:\Users\Andrew\Desktop\Discord.lnk
2017-01-08 19:56 - 2017-01-11 16:17 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-01-08 19:55 - 2017-01-11 16:16 - 00000000 ____D C:\Users\Andrew\AppData\Local\Discord
2017-01-08 19:55 - 2017-01-08 19:56 - 00000000 ____D C:\Users\Andrew\AppData\Local\SquirrelTemp
2017-01-08 19:55 - 2017-01-08 19:55 - 50343608 _____ (Hammer & Chisel, Inc.) C:\Users\Andrew\Downloads\DiscordSetup.exe
2017-01-08 19:02 - 2017-01-26 19:06 - 00000000 ____D C:\Users\Andrew\AppData\Local\Spotify
2017-01-08 19:02 - 2017-01-08 19:02 - 00001857 _____ C:\Users\Andrew\Desktop\Spotify.lnk
2017-01-08 19:02 - 2017-01-08 19:02 - 00001843 _____ C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-01-08 19:01 - 2017-01-26 19:06 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Spotify
2017-01-08 19:01 - 2017-01-08 19:01 - 00353488 _____ (Spotify Ltd) C:\Users\Andrew\Downloads\SpotifySetup (1).exe
2017-01-07 21:52 - 2017-01-07 21:52 - 00001264 _____ C:\Users\Public\Desktop\Pearson IT Certification Practice Test.lnk
2017-01-07 21:52 - 2017-01-07 21:52 - 00000113 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2017-01-07 21:52 - 2017-01-07 21:52 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Pearson IT Certification Practice Test
2017-01-07 21:52 - 2017-01-07 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pearson IT Certification Practice Test
2017-01-07 21:52 - 2017-01-07 21:52 - 00000000 ____D C:\Program Files (x86)\Pearson IT Certification Practice Test
2017-01-07 21:51 - 2017-01-07 21:51 - 22902299 _____ C:\Users\Andrew\Downloads\engine.zip
2017-01-06 19:44 - 2017-01-06 19:50 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Wireshark
2017-01-06 19:17 - 2017-01-26 17:44 - 00003292 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-06 02:36 - 2017-01-06 02:36 - 00003338 _____ C:\WINDOWS\System32\Tasks\{C4370182-8C1F-4463-AD2A-E7502B8099A5}
2017-01-04 00:18 - 2017-01-04 00:18 - 00000000 ____D C:\Users\Andrew\Desktop\Solarwind Toolset
2017-01-04 00:05 - 2017-01-04 00:06 - 227510136 _____ C:\Users\Andrew\Downloads\Toolset-v10.9.1.zip
2017-01-03 22:22 - 2017-01-03 22:22 - 00001649 _____ C:\Users\Andrew\Desktop\GNS3.lnk
2017-01-03 22:22 - 2017-01-03 22:22 - 00000000 ____D C:\Users\Andrew\AppData\Local\SolarWinds
2017-01-03 22:22 - 2017-01-03 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GNS3
2017-01-03 22:21 - 2017-01-03 22:22 - 00000000 ____D C:\Program Files\GNS3
2017-01-03 22:21 - 2017-01-03 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarWinds Response Time Viewer
2017-01-03 22:21 - 2017-01-03 22:21 - 00000000 ____D C:\Program Files (x86)\SolarWinds
2017-01-03 22:16 - 2017-01-03 22:21 - 00000000 ____D C:\ProgramData\Solarwinds
2017-01-03 22:13 - 2017-01-03 22:15 - 52361376 _____ C:\Users\Andrew\Downloads\GNS3-1.5.2-all-in-one.exe
2017-01-03 22:11 - 2017-01-03 22:11 - 00001829 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2017-01-03 22:11 - 2017-01-03 22:11 - 00001817 _____ C:\Users\Public\Desktop\Wireshark.lnk
2017-01-03 22:11 - 2017-01-03 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2017-01-03 22:11 - 2017-01-03 22:11 - 00000000 ____D C:\Program Files (x86)\WinPcap
2017-01-03 22:10 - 2017-01-03 22:10 - 00001571 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2017-01-03 22:09 - 2017-01-03 22:11 - 00000000 ____D C:\Program Files\Wireshark
2017-01-03 22:08 - 2017-01-03 22:09 - 49358520 _____ (Wireshark development team) C:\Users\Andrew\Downloads\Wireshark-win64-2.2.3.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-26 19:08 - 2016-02-22 03:33 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-01-26 19:06 - 2016-05-28 13:54 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-26 19:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-01-26 19:03 - 2016-08-29 02:57 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-26 19:03 - 2015-11-30 07:28 - 00000000 __SHD C:\Users\Andrew\IntelGraphicsProfiles
2017-01-26 19:02 - 2016-08-29 03:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-26 19:02 - 2016-07-16 01:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-01-26 19:02 - 2016-01-27 13:23 - 00000091 _____ C:\HaxLogs.txt
2017-01-26 18:47 - 2016-01-28 13:23 - 00000000 ____D C:\Users\Andrew\Documents\League of Legends
2017-01-26 18:45 - 2016-03-20 21:23 - 00000000 ____D C:\Users\Andrew\Desktop\Song Projects
2017-01-26 18:39 - 2015-12-08 12:30 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\vlc
2017-01-26 18:17 - 2016-08-29 02:53 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-26 17:44 - 2015-11-30 07:30 - 00002368 _____ C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-26 17:44 - 2015-11-30 07:30 - 00000000 ___RD C:\Users\Andrew\OneDrive
2017-01-26 17:31 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-26 17:29 - 2016-08-29 03:02 - 00000000 ____D C:\Users\Andrew
2017-01-26 17:18 - 2015-08-18 03:38 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-01-26 17:18 - 2015-08-18 03:37 - 00000000 ____D C:\ProgramData\WildTangent
2017-01-26 16:44 - 2016-08-29 02:57 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-01-26 13:37 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-26 12:00 - 2016-08-29 03:21 - 00003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2017-01-26 12:00 - 2016-08-29 03:21 - 00003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2017-01-26 05:45 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-26 05:40 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-01-25 12:00 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 06:31 - 2016-01-15 07:14 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\NVIDIA
2017-01-24 06:12 - 2015-12-08 01:25 - 00000000 ____D C:\Users\Andrew\AppData\Local\Battle.net
2017-01-24 05:32 - 2015-12-08 01:24 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-01-21 01:19 - 2016-05-20 19:35 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\OBS
2017-01-20 23:35 - 2016-05-20 19:35 - 00000000 ____D C:\Program Files (x86)\OBS
2017-01-19 03:34 - 2016-08-29 03:01 - 14795148 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-13 09:53 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-13 09:22 - 2015-09-11 01:04 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-13 06:32 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-13 06:31 - 2015-09-11 01:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-12 05:05 - 2015-12-01 22:25 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Skype
2017-01-12 03:09 - 2015-12-08 01:25 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2017-01-12 02:42 - 2015-12-08 01:25 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Battle.net
2017-01-12 02:42 - 2015-12-08 01:24 - 00000000 ____D C:\ProgramData\Battle.net
2017-01-11 13:58 - 2015-09-11 01:01 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 13:55 - 2016-08-29 02:53 - 00385312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-11 05:13 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 05:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 05:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 05:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 05:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 02:55 - 2016-08-29 03:02 - 00000000 ____D C:\Users\DefaultAppPool
2017-01-11 00:08 - 2015-12-03 12:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 00:05 - 2015-12-03 12:41 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 21:12 - 2016-02-28 14:50 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-10 19:38 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-10 19:38 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-09 21:51 - 2016-10-10 19:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-09 21:51 - 2015-12-23 16:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
 
==================== Files in the root of some directories =======
 
2017-01-26 18:28 - 2017-01-26 19:08 - 0000165 _____ () C:\Users\Andrew\AppData\Roaming\sp_data.sys
2016-08-29 02:57 - 2016-08-29 02:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-01-07 21:52 - 2017-01-07 21:52 - 0000113 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-20 07:05
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017 01
Ran by Andrew (26-01-2017 19:14:58)
Running from C:\Users\Andrew\Downloads
Windows 10 Home Version 1607 (X64) (2016-08-29 08:32:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1696093611-1018890965-437183417-500 - Administrator - Disabled)
Andrew (S-1-5-21-1696093611-1018890965-437183417-1001 - Administrator - Enabled) => C:\Users\Andrew
DefaultAccount (S-1-5-21-1696093611-1018890965-437183417-503 - Limited - Disabled)
Guest (S-1-5-21-1696093611-1018890965-437183417-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Antivirus (HKLM\...\{AD9CEBD6-442D-4979-9D1D-E1050F2E272D}_AdAwareUpdater) (Version: 11.15.1046.10613 - Lavasoft)
AdAwareInstaller (Version: 11.15.1046.10613 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.15.1046.10613 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Analog Lab 1.2.3 (HKLM-x32\...\Analog Lab_is1) (Version: 1.2.3 - Arturia)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
AntimalwareEngine (Version: 3.0.129.0 - Lavasoft) Hidden
Arduino (HKLM-x32\...\Arduino) (Version: 1.6.7 - Arduino LLC)
Arturia Software Center 1.1.0 (HKLM-x32\...\Arturia Software Center_is1) (Version: 1.1.0 - Arturia)
ASUS GIFTBOX Desktop (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 1.1.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.027 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.11.0001 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.30 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0039 - ASUS)
AudioBox version 1.3 (HKLM\...\{554BB593-3543-4AEB-A192-2AC87EC3FF31}_is1) (Version: 1.3 - PreSonus)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Counter-Strike (HKLM\...\Steam App 10) (Version: - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.)
CyberLink PhotoDirector 5 (Version: 5.0.5.6515 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.4010.0 - CyberLink Corp.) Hidden
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
Discord (HKU\S-1-5-21-1696093611-1018890965-437183417-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation)
GitHub (HKU\S-1-5-21-1696093611-1018890965-437183417-1001\...\5f7eb300e2ea4ebf) (Version: 3.0.12.0 - GitHub, Inc.)
GNS3 1.5.2 (HKLM-x32\...\GNS3) (Version: 1.5.2 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
ICND1 100-105 Network Simulator Lite (HKLM-x32\...\ICND1 100-105 Network Simulator Lite) (Version: 4.0.0.4 - Pearson IT Certification)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{795ee3a0-97fa-489a-9543-7564ccc43be4}) (Version: 18.12.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
IntelliJ IDEA Community Edition 2016.3 (HKLM-x32\...\IntelliJ IDEA Community Edition 2016.3) (Version: 163.7743.44 - JetBrains s.r.o.)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java 8 Update 112 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)
Java 8 Update 112 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Java SE Development Kit 8 Update 112 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180112}) (Version: 8.0.1120.15 - Oracle Corporation)
Java SE Development Kit 8 Update 112 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180112}) (Version: 8.0.1120.15 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 4.1.1) (Version: 4.1.1 - Riot Games)
League of Legends (x32 Version: 4.1.1 - Riot Games) Hidden
Left 4 Dead (HKLM\...\Steam App 500) (Version: - Valve)
LMMS 1.1.3 (HKLM-x32\...\LMMS) (Version: 1.1.3 - LMMS Developers)
Maxx Audio Installer (x64) (Version: 1.6.5230.111 - Waves Audio Ltd.) Hidden
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1696093611-1018890965-437183417-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
NVIDIA Graphics Driver 353.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.54 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Pearson IT Certification Practice Test (HKLM-x32\...\Pearson IT Certification Practice Test_is1) (Version: 1.0.26.1 - Pearson IT Certification)
PixelMaster Video HDR (HKLM\...\{65302154-AAF6-4020-A070-76CAA9CEC8D3}) (Version: 1.1.33 - ASUS)
PreSonus Studio One 2 x64 (HKLM\...\PreSonus Studio One 2) (Version: 2.6.5.30360 - PreSonus Audio Electronics)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
Rocksmith 2014 (HKLM\...\Steam App 221680) (Version: - Ubisoft - San Francisco)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
SolarWinds Response Time Viewer (HKLM-x32\...\{5B415E10-D1C1-4E54-9061-AE0FB3D7F2B2}) (Version: 1.0.0.162 - SolarWinds)
Spotify (HKU\S-1-5-21-1696093611-1018890965-437183417-1001\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sublime Text Build 3083 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.2.524 - ASUS Cloud Corporation)
Windows Driver Package - ASUS (ATP) Mouse (11/11/2015 1.0.0.262) (HKLM\...\A044C5901003C24E6891688653ABA1068D04A1A0) (Version: 11/11/2015 1.0.0.262 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.2.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.3 - The Wireshark developer community, hxxps://www.wireshark.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00294C11-6A6E-41F2-A96E-B0198F174C1A} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-29] (Realtek Semiconductor)
Task: {11C481C7-4923-435A-83E7-FEDAD411F865} - System32\Tasks\{A58D242D-FEFA-42CF-AA02-983E9D422B6A} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\"
Task: {16A89541-94CF-420C-A832-05CE51A584CD} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {1BC04EF6-7B80-4D53-91B5-91D1045B9B44} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-29] (Realtek Semiconductor)
Task: {23F1890C-A27A-4423-818E-44C606BFAD5E} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-06-09] (ASUS)
Task: {2E3F849B-AA30-412D-9AE8-8435E08ED9D3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-12-28] (Microsoft Corporation)
Task: {3413CDD6-8CF5-4DA5-872E-93C5A562BF61} - System32\Tasks\{C4370182-8C1F-4463-AD2A-E7502B8099A5} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\"
Task: {4ACF7601-9DF9-4F16-8271-D11BA074D455} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {58F32564-1E3B-4E38-A54B-1AA84668B074} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {59964921-BCB3-4E92-B2D5-9595101A4409} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {607B3938-BE80-4BE3-B2F8-CEE6321F9D1D} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {62B150C1-1605-478C-868B-20E661629F90} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {672E9F6F-F4CC-4714-AA90-917A6FA16063} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {674DE2B8-3DF6-40FC-A861-233598B0BF9B} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
Task: {6DBC041A-A5C9-49F1-9D48-6554EEE94C04} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-28] (Microsoft Corporation)
Task: {77AA4F16-1758-43AE-BA2A-D8DC4FC9D8BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-30] (Google Inc.)
Task: {7A025F39-8198-4A9F-B50B-D1999A1C6042} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {88287153-0471-457C-93F2-08F4733887A2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-11] (Microsoft Corporation)
Task: {97B3B6BE-A7EC-445E-98BE-5399BA74E88B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {9E5A5F7C-4737-4282-9D48-67EC86A217C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {B0797D3D-3EE4-4513-B83A-E9A83A653F8C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-30] (Google Inc.)
Task: {B1FEBEE7-A432-4594-8D69-F5B48E0F6A02} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-14] (AsusTek)
Task: {B37369E5-DD17-47A2-BECF-B93A3219E5D9} - System32\Tasks\{571D8E21-8239-48AA-B4AD-6CDD1922D1B3} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends"
Task: {BF5A6933-6B22-4C66-A57A-E47F6BC2E5DD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-28] (Microsoft Corporation)
Task: {C9175492-4887-4878-B32B-495FBD5880D6} - System32\Tasks\{5213E613-3CC0-4007-83E7-7BDFC9A9659A} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends"
Task: {CDD3ACB4-B835-4EFE-9760-2EA33917C5C0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {E3743588-7A16-4C43-8C71-1C01151FD07B} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] (ASUSTek Computer Inc.)
Task: {F2934B13-2D0C-4A65-BFA8-FC5BCC335173} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {F7D6637B-6E02-4FC1-A4D3-F6A4A04F9C61} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2015-07-29] (Realtek Semiconductor)
Task: {FE95DF86-5B6C-452F-8261-A07A3D97930A} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 19:41 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-08-29 02:56 - 2015-07-13 12:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-19 11:11 - 2015-05-19 11:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2015-09-11 01:36 - 2014-04-14 20:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-12-15 13:02 - 2016-12-15 13:02 - 00630976 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareService.exe
2016-12-15 13:06 - 2016-12-15 13:06 - 00122104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_thread-vc140-mt-1_61.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 00030968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_system-vc140-mt-1_61.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 00067832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_date_time-vc140-mt-1_61.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 00145144 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_filesystem-vc140-mt-1_61.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 00733432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_log-vc140-mt-1_61.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 00525048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_locale-vc140-mt-1_61.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 00039672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_chrono-vc140-mt-1_61.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 11504888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareServiceKernel.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 03713272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\RCF.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 01001208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_regex-vc140-mt-1_61.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01061624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareActivation.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00634616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareApplicationUpdater.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00843000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareGamingMode.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00120568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareReset.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00142584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTime.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01025272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareDefinitionsUpdater.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00904440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareDefinitionsUpdaterScheduler.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01468664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareIgnoreList.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00252664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareQuarantine.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01644280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareAntiMalwareEngine.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00223992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareAntiRootkitEngine.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01192184 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareScannerHistory.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01370360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareScanner.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 00039672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_timer-vc140-mt-1_61.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01030904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareScannerScheduler.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01212152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareRealTimeProtection.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 02879736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareIncompatibles.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01524472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareAntiSpam.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01456376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareAntiPhishing.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 03462904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareParentalControl.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01599224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareWebProtection.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01339640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareEmailProtection.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 00073464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_iostreams-vc140-mt-1_61.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01645816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareNetworkProtection.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01042680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwarePromo.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00475384 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareFeedback.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 03165944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareThreatWorkAlliance.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01325304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwarePinCode.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01044216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareNotice.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01597688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareAvcEngine.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01496312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareRealTimeProtectionHistory.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01380088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareStatistics.dll
2016-12-13 19:41 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-28 17:05 - 2016-12-28 12:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 09533688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTray.exe
2016-12-15 13:05 - 2016-12-15 13:05 - 02479864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\HtmlFramework.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00871672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTrayDefaultSkin.dll
2015-08-13 05:03 - 2016-11-30 21:57 - 00401888 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-09-13 16:47 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 21:40 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 21:40 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 21:40 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 21:40 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 21:40 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 21:40 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 21:40 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-22 19:31 - 2014-07-16 15:54 - 07593984 _____ () C:\Program Files\PreSonus\AudioBox\AudioBox.exe
2017-01-23 06:57 - 2017-01-23 06:57 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-01-23 06:57 - 2017-01-23 06:57 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-01-23 06:57 - 2017-01-23 06:57 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-13 20:35 - 2016-12-13 20:35 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\roottools.dll
2015-09-11 01:11 - 2015-06-24 06:37 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-05-22 19:31 - 2014-04-16 10:22 - 00192512 _____ () C:\Program Files\PreSonus\AudioBox\paeusbaudioapi.dll
2017-01-11 16:16 - 2017-01-04 14:28 - 01958912 _____ () C:\Users\Andrew\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-01-11 18:03 - 2017-01-11 18:03 - 01082880 _____ () \\?\C:\Users\Andrew\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-01-11 18:03 - 2017-01-11 18:03 - 03750400 _____ () \\?\C:\Users\Andrew\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-01-11 18:03 - 2017-01-11 18:03 - 00914432 _____ () \\?\C:\Users\Andrew\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-01-11 18:03 - 2017-01-11 18:03 - 01127424 _____ () \\?\C:\Users\Andrew\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2017-01-11 16:16 - 2017-01-04 14:28 - 02278912 _____ () C:\Users\Andrew\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-01-11 16:16 - 2017-01-04 14:28 - 00096768 _____ () C:\Users\Andrew\AppData\Local\Discord\app-0.0.297\libegl.dll
2017-01-26 19:07 - 2017-01-26 19:07 - 00148992 _____ () \\?\C:\Users\Andrew\AppData\Local\Temp\6DE9.tmp.node
2017-01-11 18:03 - 2017-01-11 18:03 - 02658304 _____ () \\?\C:\Users\Andrew\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-01-11 18:04 - 2017-01-11 18:04 - 02130432 _____ () \\?\C:\Users\Andrew\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node
2015-06-09 22:25 - 2015-06-09 22:25 - 00035376 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-06-09 22:25 - 2015-06-09 22:25 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-06-24 03:07 - 2015-06-24 03:07 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-12-09 15:34 - 2016-12-08 02:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-09 15:34 - 2016-12-08 02:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2017-01-11 14:05 - 2017-01-11 14:05 - 17835096 _____ () C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.194\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LavasoftAdAwareService11 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LavasoftAdAwareService11 => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 06:04 - 2015-07-10 06:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1696093611-1018890965-437183417-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.1 - 71.252.0.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: ASUSGiftBoxDekstop => 2
MSCONFIG\Services: GamesAppIntegrationService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: McAWFwk => 3
MSCONFIG\Services: mcbootdelaystartsvc => 2
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MSK80Service => 2
MSCONFIG\Services: SkypeUpdate => 2
HKLM\...\StartupApproved\Run32: => "WebStorage"
HKLM\...\StartupApproved\Run32: => "ROGNB"
HKU\S-1-5-21-1696093611-1018890965-437183417-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-1696093611-1018890965-437183417-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1696093611-1018890965-437183417-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{64900F96-43F9-4031-B7AE-B53561C8653B}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [UDP Query User{EB7B6138-ABCA-46C9-8BFB-C6276BEBBB9A}C:\program files\presonus\audiobox\audiobox.exe] => C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [TCP Query User{434BD4C4-84FA-4FD5-9C54-85A19A87EB8C}C:\program files\presonus\audiobox\audiobox.exe] => C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [{B8F447F0-FDAF-4D2C-A29C-9EDEA58C2097}] => C:\Program Files (x86)\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{574CF362-4FE9-4CBB-8D40-CF9A0A5728C4}] => C:\Program Files (x86)\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{F27C80D3-260E-4E64-A4D8-9454EAF76B64}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{11708662-3957-4B76-9AC5-7A8C384E4DFD}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{87B72658-243C-4CCB-82DB-5E8234D3ADDD}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4516D9E2-1FDF-469B-807D-A356C319F985}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{10D39C6D-20B6-48D4-9047-B08DA357E87B}C:\program files\presonus\studio one 2\studio one.exe] => C:\program files\presonus\studio one 2\studio one.exe
FirewallRules: [TCP Query User{4626432A-87E2-452A-8537-4F01AE59AE83}C:\program files\presonus\studio one 2\studio one.exe] => C:\program files\presonus\studio one 2\studio one.exe
FirewallRules: [UDP Query User{F0EEFC17-50D7-47F9-9892-9F15CEE611CA}C:\program files\presonus\audiobox\audiobox.exe] => C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [TCP Query User{CADFF7D7-C449-4FDA-ADFC-5A49C24E704A}C:\program files\presonus\audiobox\audiobox.exe] => C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [{105DC2B2-E1A6-4D00-95FF-8C3271C9B7DE}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4278D56B-B19A-4945-B46B-7F06AFABA11C}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{04E48041-1632-4FC7-852A-53A03FE372C8}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{61ADE638-D99B-4557-9453-998C7F6544A8}] => C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{497CB372-0D8F-43F9-B218-3E434E7471F0}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{C2B635A6-6A8B-4E48-8C03-5296C6E6FA37}C:\program files\presonus\studio one 2\studio one.exe] => C:\program files\presonus\studio one 2\studio one.exe
FirewallRules: [UDP Query User{EE8B8E0D-A3D4-42EE-826E-641D5C5EA90C}C:\program files\presonus\studio one 2\studio one.exe] => C:\program files\presonus\studio one 2\studio one.exe
FirewallRules: [{5097A6B0-872D-49CA-8D34-5399DB9BB38E}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F0D7B0E5-9CEC-4CAB-8925-5536B219AD06}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C014CB69-8CBE-4521-BA83-49B924A07905}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8A364A69-CA5B-457D-9ED8-03FBAB22E083}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8287D662-BB56-4B54-8141-A57BC6E48318}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{84E40DCB-D3AF-4FED-BE86-2C1E2FCE685A}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{0B450495-C38D-438D-9C9C-2EEA69695AD2}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{15A7E23D-4EB6-4FD1-8290-B9806B4F017B}] => C:\Program Files\GNS3\gns3server.exe
FirewallRules: [{E3ED282F-EEC6-4ACA-BA21-FFB263FD9AFD}] => C:\Program Files\GNS3\gns3server.exe
FirewallRules: [{9D4388B2-F164-4B0D-A726-F06FDDF1139D}] => C:\Program Files\GNS3\ubridge.exe
FirewallRules: [{14C1636F-4FA1-4BF7-A129-21F030C8B62F}] => C:\Program Files\GNS3\ubridge.exe
FirewallRules: [{03A36212-2500-41CC-A5C2-988390948D72}] => C:\Program Files\GNS3\dynamips\dynamips.exe
FirewallRules: [{8F30A098-6B83-445C-BDD6-192B4DA1C79B}] => C:\Program Files\GNS3\dynamips\dynamips.exe
FirewallRules: [{13ED5E1F-DD38-47DD-AC59-6AF454169DC3}] => C:\Program Files\GNS3\vpcs\vpcs.exe
FirewallRules: [{128E957A-4C59-4793-89BD-35862109DF46}] => C:\Program Files\GNS3\vpcs\vpcs.exe
FirewallRules: [{2CE0476E-63AA-4176-8559-AAE81EE47F26}] => C:\Program Files\GNS3\qemu-0.11.0\qemu.exe
FirewallRules: [{1B9DB2D2-170E-4BF3-B51D-28E875BF4FCD}] => C:\Program Files\GNS3\qemu-0.11.0\qemu.exe
FirewallRules: [{83116618-E00E-43F6-9E34-9156E457BCE2}] => C:\Program Files\GNS3\qemu-2.4.0\qemu-system-i386w.exe
FirewallRules: [{1DEE6152-8C09-4EDD-B2DA-C5764A5775D2}] => C:\Program Files\GNS3\qemu-2.4.0\qemu-system-i386w.exe
FirewallRules: [{30BFD981-F4D3-4117-B438-0D5B6ABDC328}] => C:\Program Files\GNS3\qemu-2.4.0\qemu-system-x86_64w.exe
FirewallRules: [{399BEF91-63FD-407F-B370-209AAA18DCBA}] => C:\Program Files\GNS3\qemu-2.4.0\qemu-system-x86_64w.exe
FirewallRules: [TCP Query User{38D0A78C-30CF-48AF-8F80-54381EFAB5EE}C:\users\andrew\appdata\roaming\spotify\spotify.exe] => C:\users\andrew\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{742B8D33-D395-4181-9FAB-EB86BF95F60A}C:\users\andrew\appdata\roaming\spotify\spotify.exe] => C:\users\andrew\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A1B9D34F-6996-4E23-ABCE-2A9D4C6999F0}C:\program files (x86)\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{82A09BCA-8066-451F-9D78-EB56034E19C3}C:\program files (x86)\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe
FirewallRules: [{6D54948D-DA13-44DF-B9F7-60F6B819CF9D}] => C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{F41B5461-1B2C-4311-9CFD-BBE95397ED33}] => C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{2F21FB76-81A2-476B-9271-55D98B429390}] => C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{232EF9FF-7E5D-4369-9ADC-BCD0130650C9}] => C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead\left4dead.exe

==================== Restore Points =========================

25-01-2017 11:58:04 Windows Update
26-01-2017 17:07:56 AA11

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/26/2017 07:16:46 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (01/26/2017 07:16:46 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (01/26/2017 07:16:41 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (01/26/2017 07:16:41 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (01/26/2017 07:16:36 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (01/26/2017 07:16:36 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (01/26/2017 07:16:31 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (01/26/2017 07:16:31 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (01/26/2017 07:16:26 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (01/26/2017 07:16:26 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).


System errors:
=============
Error: (01/26/2017 07:07:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/26/2017 07:03:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ClickToRunSvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/26/2017 07:03:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ClickToRunSvc service to connect.

Error: (01/26/2017 07:03:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/26/2017 07:03:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/26/2017 07:03:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/26/2017 07:03:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/26/2017 07:01:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (01/26/2017 07:01:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (01/26/2017 07:01:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll


CodeIntegrity:
===================================
Date: 2017-01-12 13:07:22.079
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-11 14:40:46.980
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-10 20:08:11.204
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-07 17:49:24.930
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-06 12:46:38.193
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-05 10:46:03.141
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-04 03:55:54.529
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-03 03:26:09.660
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-02 23:46:31.061
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-01 05:09:23.064
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 43%
Total physical RAM: 8081.01 MB
Available physical RAM: 4564.36 MB
Total Virtual: 9361.01 MB
Available Virtual: 5626.76 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:371.85 GB) (Free:264.39 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:557.9 GB) NTFS
Drive e: (1587205807_97815) (CDROM) (Total:0.95 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 518FC992)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 30 January 2017 - 04:28 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,969 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:20 AM

Posted 30 January 2017 - 04:10 PM

Greetings BradPittWasATrojan and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,969 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:20 AM

Posted 30 January 2017 - 04:44 PM

Thank you for your patience.

Not seeing anything of concern in your logs. Can you update me on your computer behavior including Chrome? Have you tested other browsers?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 BradPittWasATrojan

BradPittWasATrojan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 30 January 2017 - 07:18 PM

Hey! Thank you so much for your response. I will definitely be checking this forum numerous times a day. While the computer seems to be behaving "normally", there is still a concern. About once or twice a day, I am getting an Avira notification stating that a threat has been detected and subsequently quarantined. It's always the same message and the same tr/crypt.xpack.gen2 trojan is listed as the culprit of the message. I'm confused as to why the same threat, located in the same file region of my computer is being detected daily if it is actually being quarantined.
 
I'm concerned that the trojan somehow stored itself in a place that is undetectable and is redownloading itself. It seems to be a scheduled event, as it always happens at around 12 noon. Thanks again for your help.
 
I'm attaching my Avira event log. I hope that's helpful.

1/30/2017, 12:04:10 PM [Real-Time Protection] Malware found
The pattern of 'TR/Crypt.XPACK.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\a6332e6a-0ce9-4fae-bfe2-9a9081c16d85\tmp0000797b\tmp0000ce78.
Action performed: Move file to quarantine

1/30/2017, 12:04:06 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\a6332e6a-0ce9-4fae-bfe2-9a9081c16d85\tmp0000797b\tmp0000cbed.
Action performed: Deny access

1/30/2017, 12:04:03 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\a6332e6a-0ce9-4fae-bfe2-9a9081c16d85\tmp0000797b\tmp0000cbed.
Action performed: Deny access

1/30/2017, 12:03:59 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\a6332e6a-0ce9-4fae-bfe2-9a9081c16d85\tmp0000797b\tmp0000cbd7.
Action performed: Deny access

1/30/2017, 12:03:38 PM [Real-Time Protection] Malware found
The pattern of 'TR/Crypt.XPACK.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\a6332e6a-0ce9-4fae-bfe2-9a9081c16d85\tmp0000797b\tmp0000cb53.
Action performed: Move file to quarantine

1/30/2017, 12:03:09 PM [Real-Time Protection] Malware found
The pattern of 'TR/Crypt.XPACK.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\a6332e6a-0ce9-4fae-bfe2-9a9081c16d85\tmp0000797b\tmp0000c5e9.
Action performed: Move file to quarantine

1/30/2017, 11:49:56 AM [Updater] Update successfully carried out
Update of Avira Free Antivirus on computer DESKTOP-BAVC55L (192.168.1.12) successful.
The following files were updated by "http://personal.avira-update.com/update":
aevdf.dat 8.12.150.180
xbv00105.vdf 8.12.150.180
local001.vdf


1/30/2017, 11:49:18 AM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/30/2017, 9:49:22 AM [Updater] Update successfully carried out
Update of Avira Free Antivirus on computer DESKTOP-BAVC55L (192.168.1.12) successful.
The following files were updated by "http://personal.avira-update.com/update":
repair.rdf 1.0.24.44


1/30/2017, 9:49:17 AM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/30/2017, 7:50:05 AM [Updater] Update successfully carried out
Update of Avira Free Antivirus on computer DESKTOP-BAVC55L (192.168.1.12) successful.
The following files were updated by "http://personal.avira-update.com/update":
aevdf.dat 8.12.150.178
xbv00103.vdf 8.12.150.176
xbv00104.vdf 8.12.150.178
local000.vdf
aegen.dll 8.1.8.318
aeset.dat 8.3.42.160
repair.rdf 1.0.24.42


1/30/2017, 7:49:17 AM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/30/2017, 5:50:05 AM [Updater] Update successfully carried out
Update of Avira Free Antivirus on computer DESKTOP-BAVC55L (192.168.1.12) successful.
The following files were updated by "http://personal.avira-update.com/update":
aevdf.dat 8.12.150.174
xbv00099.vdf 8.12.150.150
xbv00100.vdf 8.12.150.158
xbv00101.vdf 8.12.150.166
xbv00102.vdf 8.12.150.174
local001.vdf
repair.rdf 1.0.24.40


1/30/2017, 5:49:17 AM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/30/2017, 5:42:01 AM [Real-Time Protection] Service started
Service started.
Version of service: 15.0.24.143

1/30/2017, 5:42:00 AM [Helper Service] Service started
Service started.
Version of service: 15.0.24.145
Version of Engine: 8.3.42.158
Version of VDF: 8.12.150.142

1/30/2017, 5:39:16 AM [Scheduler] Service started
The service was started.
Version of service 15.0.24.143

1/29/2017, 7:21:57 PM [Updater] Update successfully carried out
Update on computer DESKTOP-BAVC55L (192.168.1.12) by "http://personal.avira-update.com/update" was executed successfully.
No new engine/VDF files available.

1/29/2017, 7:21:53 PM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/29/2017, 5:21:57 PM [Updater] Update successfully carried out
Update on computer DESKTOP-BAVC55L (192.168.1.12) by "http://personal.avira-update.com/update" was executed successfully.
No new engine/VDF files available.

1/29/2017, 5:21:53 PM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/29/2017, 3:21:57 PM [Updater] Update successfully carried out
Update on computer DESKTOP-BAVC55L (192.168.1.12) by "http://personal.avira-update.com/update" was executed successfully.
No new engine/VDF files available.

1/29/2017, 3:21:53 PM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/29/2017, 1:22:00 PM [Updater] Update successfully carried out
Update on computer DESKTOP-BAVC55L (192.168.1.12) by "http://personal.avira-update.com/update" was executed successfully.
No new engine/VDF files available.

1/29/2017, 1:21:53 PM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/29/2017, 12:05:40 PM [Real-Time Protection] Malware found
The pattern of 'TR/Crypt.XPACK.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\ca549000-b81f-471c-a4c6-b6f67811a635\tmp0000740f\tmp0000cfdd.
Action performed: Move file to quarantine

1/29/2017, 12:05:39 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\ca549000-b81f-471c-a4c6-b6f67811a635\tmp0000740f\tmp0000cfdc.
Action performed: Deny access

1/29/2017, 12:05:35 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\ca549000-b81f-471c-a4c6-b6f67811a635\tmp0000740f\tmp0000cfdc.
Action performed: Deny access

1/29/2017, 12:05:20 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\ca549000-b81f-471c-a4c6-b6f67811a635\tmp0000740f\tmp0000cfc6.
Action performed: Deny access

1/29/2017, 12:05:18 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\ca549000-b81f-471c-a4c6-b6f67811a635\tmp0000740f\tmp0000cfc6.
Action performed: Deny access

1/29/2017, 12:04:45 PM [Real-Time Protection] Malware found
The pattern of 'TR/Crypt.XPACK.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\ca549000-b81f-471c-a4c6-b6f67811a635\tmp0000740f\tmp0000cf54.
Action performed: Move file to quarantine

1/29/2017, 12:03:39 PM [Real-Time Protection] Malware found
The pattern of 'TR/Crypt.XPACK.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\ca549000-b81f-471c-a4c6-b6f67811a635\tmp0000740f\tmp0000c90e.
Action performed: Move file to quarantine

1/29/2017, 11:24:33 AM [System Scanner] Scan
Scan completed [The scan has been done completely.].
Number of files: 7153009
Number of directories: 190455
Number of malware: 0
Number of warnings: 0

1/29/2017, 11:24:33 AM [System Scanner] Scan
Scan completed [The scan has been done completely.].
Number of files: 7152146
Number of directories: 190466
Number of malware: 0
Number of warnings: 0

1/29/2017, 11:23:28 AM [Updater] Update successfully carried out
Update of Avira Free Antivirus on computer DESKTOP-BAVC55L (192.168.1.12) successful.
The following files were updated by "http://personal.avira-update.com/update":
aevdf.dat 8.12.150.142
xbv00098.vdf 8.12.150.142
local000.vdf


1/29/2017, 11:21:53 AM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/29/2017, 9:22:57 AM [Updater] Update successfully carried out
Update of Avira Free Antivirus on computer DESKTOP-BAVC55L (192.168.1.12) successful.
The following files were updated by "http://personal.avira-update.com/update":
aevdf.dat 8.12.150.134
xbv00094.vdf 8.12.150.128
xbv00095.vdf 8.12.150.130
xbv00096.vdf 8.12.150.132
xbv00097.vdf 8.12.150.134
local001.vdf


1/29/2017, 9:21:52 AM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/29/2017, 7:22:19 AM [Updater] Update successfully carried out
Update on computer DESKTOP-BAVC55L (192.168.1.12) by "http://personal.avira-update.com/update" was executed successfully.
No new engine/VDF files available.

1/29/2017, 7:21:51 AM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/29/2017, 5:21:56 AM [Updater] Update successfully carried out
Update on computer DESKTOP-BAVC55L (192.168.1.12) by "http://personal.avira-update.com/update" was executed successfully.
No new engine/VDF files available.

1/29/2017, 5:21:51 AM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/29/2017, 3:22:14 AM [Updater] Update successfully carried out
Update on computer DESKTOP-BAVC55L (192.168.1.12) by "http://personal.avira-update.com/update" was executed successfully.
No new engine/VDF files available.

1/29/2017, 3:21:50 AM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/29/2017, 3:16:19 AM [Real-Time Protection] Service started
Service started.
Version of service: 15.0.24.143

1/29/2017, 3:16:19 AM [Helper Service] Service started
Service started.
Version of service: 15.0.24.145
Version of Engine: 8.3.42.158
Version of VDF: 8.12.150.126

1/29/2017, 3:11:51 AM [Scheduler] Job started
The job "ReSystemScan"
was started successfully.

1/29/2017, 3:11:50 AM [Scheduler] Job started
The job "ReSystemScan"
was started successfully.

1/29/2017, 3:11:46 AM [Scheduler] Service started
The service was started.
Version of service 15.0.24.143

1/28/2017, 10:29:01 PM [Updater] Update successfully carried out
Update on computer DESKTOP-BAVC55L (192.168.1.12) by "http://personal.avira-update.com/update" was executed successfully.
No new engine/VDF files available.

1/28/2017, 10:28:57 PM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/28/2017, 8:29:01 PM [Updater] Update successfully carried out
Update on computer DESKTOP-BAVC55L (192.168.1.12) by "http://personal.avira-update.com/update" was executed successfully.
No new engine/VDF files available.

1/28/2017, 8:28:57 PM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/28/2017, 6:29:01 PM [Updater] Update successfully carried out
Update on computer DESKTOP-BAVC55L (192.168.1.12) by "http://personal.avira-update.com/update" was executed successfully.
No new engine/VDF files available.

1/28/2017, 6:28:57 PM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/28/2017, 4:28:58 PM [Updater] Update successfully carried out
Update on computer DESKTOP-BAVC55L (192.168.1.12) by "http://personal.avira-update.com/update" was executed successfully.
No new engine/VDF files available.

1/28/2017, 4:28:57 PM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/28/2017, 2:29:01 PM [Updater] Update successfully carried out
Update on computer DESKTOP-BAVC55L (192.168.1.12) by "http://personal.avira-update.com/update" was executed successfully.
No new engine/VDF files available.

1/28/2017, 2:28:57 PM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/28/2017, 12:29:04 PM [Updater] Update successfully carried out
Update on computer DESKTOP-BAVC55L (192.168.1.12) by "http://personal.avira-update.com/update" was executed successfully.
No new engine/VDF files available.

1/28/2017, 12:28:56 PM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/28/2017, 12:06:07 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\9a4db28d-4e6d-486b-b1e8-75a1866a6704\tmp00002712\tmp0000db1b.
Action performed: Deny access

1/28/2017, 12:06:05 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\9a4db28d-4e6d-486b-b1e8-75a1866a6704\tmp00002712\tmp0000db1b.
Action performed: Deny access

1/28/2017, 12:05:46 PM [System Scanner] Scan
Scan completed [The scan has been done completely.].
Number of files: 1322
Number of directories: 0
Number of malware: 0
Number of warnings: 0

1/28/2017, 12:05:27 PM [Real-Time Protection] Malware found
The pattern of 'TR/Crypt.XPACK.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\9a4db28d-4e6d-486b-b1e8-75a1866a6704\tmp00002712\tmp0000d8b5.
Action performed: Move file to quarantine

1/28/2017, 12:05:01 PM [Real-Time Protection] Malware found
The pattern of 'TR/Crypt.XPACK.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\9a4db28d-4e6d-486b-b1e8-75a1866a6704\tmp00002712\tmp0000d85a.
Action performed: Move file to quarantine

1/28/2017, 12:04:59 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\9a4db28d-4e6d-486b-b1e8-75a1866a6704\tmp00002712\tmp0000d80c.
Action performed: Deny access

1/28/2017, 12:04:56 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\9a4db28d-4e6d-486b-b1e8-75a1866a6704\tmp00002712\tmp0000d80c.
Action performed: Deny access

1/28/2017, 12:04:45 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\9a4db28d-4e6d-486b-b1e8-75a1866a6704\tmp00002712\tmp0000d7f6.
Action performed: Deny access

1/28/2017, 12:04:43 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\9a4db28d-4e6d-486b-b1e8-75a1866a6704\tmp00002712\tmp0000d7f6.
Action performed: Deny access

1/28/2017, 12:03:01 PM [Real-Time Protection] Malware found
The pattern of 'TR/Crypt.XPACK.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\9a4db28d-4e6d-486b-b1e8-75a1866a6704\tmp00002712\tmp0000d022.
Action performed: Move file to quarantine

1/28/2017, 10:30:56 AM [Updater] Update successfully carried out
Update of Avira Free Antivirus on computer DESKTOP-BAVC55L (192.168.1.12) successful.
The following files were updated by "http://personal.avira-update.com/update":
aevdf.dat 8.12.150.126
xbv00092.vdf 8.12.150.124
xbv00093.vdf 8.12.150.126
local000.vdf


1/28/2017, 10:28:55 AM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/28/2017, 7:31:51 AM [Updater] Update successfully carried out
Update of Avira Free Antivirus on computer DESKTOP-BAVC55L (192.168.1.12) successful.
The following files were updated by "http://personal.avira-update.com/update":
aevdf.dat 8.12.150.122
xbv00091.vdf 8.12.150.122
local001.vdf


1/28/2017, 7:31:02 AM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/28/2017, 5:31:49 AM [Updater] Update successfully carried out
Update of Avira Free Antivirus on computer DESKTOP-BAVC55L (192.168.1.12) successful.
The following files were updated by "http://personal.avira-update.com/update":
aevdf.dat 8.12.150.120
xbv00090.vdf 8.12.150.120
local000.vdf


1/28/2017, 5:31:01 AM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/28/2017, 5:26:19 AM [Real-Time Protection] Service started
Service started.
Version of service: 15.0.24.143

1/28/2017, 5:26:18 AM [Helper Service] Service started
Service started.
Version of service: 15.0.24.145
Version of Engine: 8.3.42.158
Version of VDF: 8.12.150.110

1/28/2017, 5:21:01 AM [Scheduler] Service started
The service was started.
Version of service 15.0.24.143

1/27/2017, 10:23:11 PM [Updater] Update successfully carried out
Update on computer DESKTOP-BAVC55L (192.168.1.12) by "http://personal.avira-update.com/update" was executed successfully.
No new engine/VDF files available.

1/27/2017, 10:23:07 PM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/27/2017, 8:23:11 PM [Updater] Update successfully carried out
Update on computer DESKTOP-BAVC55L (192.168.1.12) by "http://personal.avira-update.com/update" was executed successfully.
No new engine/VDF files available.

1/27/2017, 8:23:07 PM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/27/2017, 6:23:47 PM [Updater] Update successfully carried out
Update of Avira Free Antivirus on computer DESKTOP-BAVC55L (192.168.1.12) successful.
The following files were updated by "http://personal.avira-update.com/update":
aevdf.dat 8.12.150.110
xbv00089.vdf 8.12.150.110
local001.vdf


1/27/2017, 6:23:07 PM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/27/2017, 4:23:45 PM [Updater] Update successfully carried out
Update of Avira Free Antivirus on computer DESKTOP-BAVC55L (192.168.1.12) successful.
The following files were updated by "http://personal.avira-update.com/update":
aevdf.dat 8.12.150.102
xbv00087.vdf 8.12.150.94
xbv00088.vdf 8.12.150.102
local000.vdf


1/27/2017, 4:23:07 PM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/27/2017, 4:17:51 PM [Real-Time Protection] Service started
Service started.
Version of service: 15.0.24.143

1/27/2017, 4:17:51 PM [Helper Service] Service started
Service started.
Version of service: 15.0.24.145
Version of Engine: 8.3.42.158
Version of VDF: 8.12.150.84

1/27/2017, 4:13:06 PM [Scheduler] Service started
The service was started.
Version of service 15.0.24.143

1/27/2017, 12:37:48 PM [Updater] Update successfully carried out
Update on computer DESKTOP-BAVC55L (192.168.1.12) by "http://personal.avira-update.com/update" was executed successfully.
No new engine/VDF files available.

1/27/2017, 12:37:42 PM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/27/2017, 12:04:36 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\a8196fdc-5242-46a7-bc2f-56adf26a137f\tmp000058e0\tmp0000e010.
Action performed: Deny access

1/27/2017, 12:04:34 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\a8196fdc-5242-46a7-bc2f-56adf26a137f\tmp000058e0\tmp0000e010.
Action performed: Deny access

1/27/2017, 12:03:45 PM [Real-Time Protection] Malware found
The pattern of 'TR/Crypt.XPACK.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\a8196fdc-5242-46a7-bc2f-56adf26a137f\tmp000058e0\tmp0000d655.
Action performed: Move file to quarantine

1/27/2017, 12:03:44 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\a8196fdc-5242-46a7-bc2f-56adf26a137f\tmp000058e0\tmp0000d645.
Action performed: Deny access

1/27/2017, 12:03:42 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\a8196fdc-5242-46a7-bc2f-56adf26a137f\tmp000058e0\tmp0000d645.
Action performed: Deny access

1/27/2017, 12:03:37 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\a8196fdc-5242-46a7-bc2f-56adf26a137f\tmp000058e0\tmp0000d62f.
Action performed: Deny access

1/27/2017, 12:03:16 PM [Real-Time Protection] Malware found
The pattern of 'TR/Crypt.XPACK.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\a8196fdc-5242-46a7-bc2f-56adf26a137f\tmp000058e0\tmp0000d5bd.
Action performed: Move file to quarantine

1/27/2017, 12:02:31 PM [Real-Time Protection] Malware found
The pattern of 'TR/Crypt.XPACK.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\a8196fdc-5242-46a7-bc2f-56adf26a137f\tmp000058e0\tmp0000cfc5.
Action performed: Move file to quarantine

1/27/2017, 10:38:47 AM [Updater] Update successfully carried out
Update of Avira Free Antivirus on computer DESKTOP-BAVC55L (192.168.1.12) successful.
The following files were updated by "http://personal.avira-update.com/update":
aevdf.dat 8.12.150.84
xbv00086.vdf 8.12.150.84
local001.vdf


1/27/2017, 10:37:42 AM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/27/2017, 9:31:34 AM [System Scanner] Scan
Scan completed [The scan has been done completely.].
Number of files: 2969
Number of directories: 0
Number of malware: 0
Number of warnings: 0

1/27/2017, 9:29:59 AM [Scheduler] Job started
The job "Quick system scan"
was started successfully.

1/27/2017, 8:40:42 AM [Updater] Update successfully carried out
Update of Avira Free Antivirus on computer DESKTOP-BAVC55L (192.168.1.12) successful.
The following files were updated by "http://personal.avira-update.com/update":
aevdf.dat 8.12.150.82
xbv00084.vdf 8.12.150.80
xbv00085.vdf 8.12.150.82
local000.vdf
repair.rdf 1.0.24.34


1/27/2017, 8:37:41 AM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/27/2017, 6:22:18 AM [Updater] Update successfully carried out
Update of Avira Free Antivirus on computer DESKTOP-BAVC55L (192.168.1.12) successful.
The following files were updated by "http://personal.avira-update.com/update":
aevdf.dat 8.12.150.78
xbv00083.vdf 8.12.150.78
local001.vdf
aegen.dll 8.1.8.316
aescript.dll 8.3.2.58
aeset.dat 8.3.42.158
repair.rdf 1.0.24.30


1/27/2017, 6:19:07 AM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/26/2017, 7:41:03 PM [Updater] Update successfully carried out
Update on computer DESKTOP-BAVC55L (192.168.1.12) by "http://personal.avira-update.com/update" was executed successfully.
No new engine/VDF files available.

1/26/2017, 7:40:56 PM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/26/2017, 7:07:29 PM [Real-Time Protection] Service started
Service started.
Version of service: 15.0.24.143

1/26/2017, 7:07:29 PM [Helper Service] Service started
Service started.
Version of service: 15.0.24.145
Version of Engine: 8.3.42.156
Version of VDF: 8.12.150.74

1/26/2017, 7:03:07 PM [Scheduler] Service started
The service was started.
Version of service 15.0.24.143

1/26/2017, 6:35:41 PM [System Scanner] Scan
Scan completed [The scan has been done completely.].
Number of files: 3054
Number of directories: 3
Number of malware: 0
Number of warnings: 0

1/26/2017, 6:26:34 PM [Real-Time Protection] Service started
Service started.
Version of service: 15.0.24.143

1/26/2017, 6:26:33 PM [Helper Service] Service started
Service started.
Version of service: 15.0.24.145
Version of Engine: 8.3.42.156
Version of VDF: 8.12.150.74

1/26/2017, 6:22:48 PM [Scheduler] Job started
The job "ReSystemScan"
was started successfully.

1/26/2017, 6:22:42 PM [Scheduler] Service started
The service was started.
Version of service 15.0.24.143

1/26/2017, 6:02:09 PM [Real-Time Protection] Malware found
The pattern of 'TR/Crypt.XPACK.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\22362a42-a751-4799-88b1-f60fd447494e\tmp00002ba8\tmp00005633.
Action performed: Move file to quarantine

1/26/2017, 6:02:07 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\22362a42-a751-4799-88b1-f60fd447494e\tmp00002ba8\tmp000055f2.
Action performed: Deny access

1/26/2017, 6:01:59 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\22362a42-a751-4799-88b1-f60fd447494e\tmp00002ba8\tmp000055dc.
Action performed: Deny access

1/26/2017, 6:01:36 PM [Real-Time Protection] Malware found
The pattern of 'TR/Crypt.XPACK.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\22362a42-a751-4799-88b1-f60fd447494e\tmp00002ba8\tmp00005558.
Action performed: Move file to quarantine

1/26/2017, 6:00:39 PM [Real-Time Protection] Malware found
The pattern of 'TR/Crypt.XPACK.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\22362a42-a751-4799-88b1-f60fd447494e\tmp00002ba8\tmp00004f81.
Action performed: Move file to quarantine

1/26/2017, 5:53:43 PM [System Scanner] Scan
Scan completed [The scan has been done completely.].
Number of files: 3053
Number of directories: 3
Number of malware: 0
Number of warnings: 0

1/26/2017, 5:42:05 PM [Updater] Update successfully carried out
Update of Avira Free Antivirus on computer DESKTOP-BAVC55L (192.168.1.12) successful.
The following files were updated by "http://personal.avira-update.com/update":
aevdf.dat 8.12.150.74
xbv00082.vdf 8.12.150.74
local000.vdf


1/26/2017, 5:40:56 PM [Scheduler] Job started
The job "Automatic update Free"
was started successfully.

1/26/2017, 5:35:19 PM [Real-Time Protection] Service started
Service started.
Version of service: 15.0.24.143

1/26/2017, 5:35:16 PM [Helper Service] Service started
Service started.
Version of service: 15.0.24.145
Version of Engine: 8.3.42.156
Version of VDF: 8.12.150.64

1/26/2017, 5:30:56 PM [Scheduler] Job started
The job "ReSystemScan"
was started successfully.

1/26/2017, 5:30:55 PM [Scheduler] Job started
The job "ReSystemScan"
was started successfully.

1/26/2017, 5:30:51 PM [Scheduler] Service started
The service was started.
Version of service 15.0.24.143

1/26/2017, 5:27:14 PM [System Scanner] Scan
Scan completed [The scan has been done completely.].
Number of files: 1503
Number of directories: 0
Number of malware: 0
Number of warnings: 0

1/26/2017, 5:25:27 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\19399b69-f90a-4cc6-925c-b02be50a63e3\tmp00001bd7\tmp0000e009.
Action performed: Deny access

1/26/2017, 5:25:24 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\19399b69-f90a-4cc6-925c-b02be50a63e3\tmp00001bd7\tmp0000e009.
Action performed: Deny access

1/26/2017, 5:25:19 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\19399b69-f90a-4cc6-925c-b02be50a63e3\tmp00001bd7\tmp0000dff3.
Action performed: Deny access

1/26/2017, 5:25:07 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\19399b69-f90a-4cc6-925c-b02be50a63e3\tmp00001bd7\tmp0000df23.
Action performed: Deny access

1/26/2017, 5:25:06 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\19399b69-f90a-4cc6-925c-b02be50a63e3\tmp00001bd7\tmp0000df23.
Action performed: Deny access

1/26/2017, 5:24:29 PM [Real-Time Protection] Malware found
The pattern of 'TR/Crypt.XPACK.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\19399b69-f90a-4cc6-925c-b02be50a63e3\tmp00001bd7\tmp0000d9be.
Action performed: Move file to quarantine

1/26/2017, 5:24:27 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\19399b69-f90a-4cc6-925c-b02be50a63e3\tmp00001bd7\tmp0000d97e.
Action performed: Deny access

1/26/2017, 5:24:24 PM [Real-Time Protection] Malware found
The pattern of 'TR/Patched.Ren.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\19399b69-f90a-4cc6-925c-b02be50a63e3\tmp00001bd7\tmp0000d97e.
Action performed: Deny access

1/26/2017, 5:23:46 PM [Real-Time Protection] Malware found
The pattern of 'TR/Crypt.XPACK.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\19399b69-f90a-4cc6-925c-b02be50a63e3\tmp00001bd7\tmp0000d8e1.
Action performed: Move file to quarantine

1/26/2017, 5:22:29 PM [Real-Time Protection] Malware found
The pattern of 'TR/Crypt.XPACK.Gen2 [trojan]'
detected in file 'C:\Windows\Temp\19399b69-f90a-4cc6-925c-b02be50a63e3\tmp00001bd7\tmp0000d12d.
Action performed: Move file to quarantine

Attached Files


Edited by Oh My!, 30 January 2017 - 10:23 PM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,969 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:20 AM

Posted 30 January 2017 - 10:30 PM

Thank you. Please do this.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click the Revo Uninstaller icon
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Ad-Aware Antivirus
AdAwareInstaller
AdAwareUpdater
  • If presented with the program uninstall option click Uninstall
  • If asked to reboot select Reboot later
  • Under Scanning Modes select Advanced then select Scan
  • On the Found leftover Registry items window check the items in bold only then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Next then Yes
  • On the Found leftover files and folders window click on Select all, click Finish, then click Yes
  • Reboot your computer and monitor it around noon to see if there are additional "detections"
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the programs uninstall?
  • Detections?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 BradPittWasATrojan

BradPittWasATrojan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 31 January 2017 - 07:53 AM

I have started the process. I will post again when everything is finished. Thank you!



#7 BradPittWasATrojan

BradPittWasATrojan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 31 January 2017 - 01:07 PM

So 12 passed and no messages. What should I do from here?



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,969 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:20 AM

Posted 31 January 2017 - 06:59 PM

Greetings.

When no malware is present and you get rhythmic repeated warnings like you were experiencing often times it is related to a task your system is scheduled to run. My guess was it was related to Ad-Aware which appears to be the case.

I am confident the warnings are false positives meaning although the files are fine there is something in the way Avira evaluates the file that makes Avira think it is malicious. Let me explain it this way. It is 2 AM and a guy is walking down a dark street in a dark jacket shining a flashlight underneath and around cars. If you were a cop do you think you would find that suspicious? You should because those combined circumstances = probable car burglar. You stop the guy only to find out he grabbed the first jacket he could find and went out to look for his runaway cat. And lo and behold further checking confirms it because he found his cat. Same sort of thing.

Ad-Aware is not essential for your computer so you can leave it off your system if you want. Usually with false positives you can create an exception within the scanning program to ignore a file. The problem you have is the files have different "names." You can report the Ad-Aware false positive in the Avira Support Forum if you want to keep Ad-Aware.

Let's run 2 more programs just as a follow up.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 BradPittWasATrojan

BradPittWasATrojan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 01 February 2017 - 08:03 AM

I'm running the first program now. I will report with more when I'm done with both.



#10 BradPittWasATrojan

BradPittWasATrojan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 01 February 2017 - 03:40 PM

Hey, so everything is done. I didn't keep the ESET log, because it said there was nothing detected. Here's the other log. The computer is running great with no error messages or Avira notifications. I think it's secure now!
 
 
Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Avira Antivirus    
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 112  
 Java SE Development Kit 8 Update 112 
 Java version 32-bit out of Date! 
 Adobe Flash Player 24.0.0.194  
 Mozilla Firefox (44.0.2) 
 Google Chrome (55.0.2883.87) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Avira Antivirus sched.exe  
 Avira Antivirus avshadow.exe  
 Windows Defender MSASCuiL.exe   
 Windows Defender MpCmdRun.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,969 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:20 AM

Posted 01 February 2017 - 04:01 PM

That looks fantastic. No need to worry about 32 bit Java.

Looks like we are all set.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 BradPittWasATrojan

BradPittWasATrojan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 01 February 2017 - 05:54 PM

Thank you so much! I really appreciate your help.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,969 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:20 AM

Posted 02 February 2017 - 09:30 AM

My pleasure. Please feel free to stop in again if you need assistance in the future.

Gary
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,969 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:20 AM

Posted 02 February 2017 - 09:30 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users