Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VBS: Malware-gen Infection


  • This topic is locked This topic is locked
7 replies to this topic

#1 StrygwyrBS

StrygwyrBS

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:27 AM

Posted 21 February 2017 - 11:31 PM

I went to amazon to shop and each time i connect to the website a threat pops up on avast.
I tried to see if other shopping websites had the same issue but it only happens on amazon.

However, I am now getting it on the university of phoenix website.

Seems to only happen when I am using Google Chrome so I will stop using it until someone can help me resolve.

 

Thank you :D

 

______________________________________________________________________________

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017
Ran by DAVIDSLAPTOP (administrator) on DESKTOP-8U830D2 (21-02-2017 18:33:09)
Running from C:\Users\DAVIDSLAPTOP\Downloads
Loaded Profiles: DAVIDSLAPTOP (Available Profiles: DAVIDSLAPTOP)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGiftBoxDesktop.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Electronic Arts) E:\Program Files (x86)\Origin\Origin Launcher\OriginWebHelperService.exe
(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Spotify Ltd) C:\Users\DAVIDSLAPTOP\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Spotify Ltd) C:\Users\DAVIDSLAPTOP\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\DAVIDSLAPTOP\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\DAVIDSLAPTOP\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\DAVIDSLAPTOP\AppData\Roaming\Spotify\Spotify.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [599896 2015-06-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-09] (Conexant Systems, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-01-16] (Razer Inc.)
HKLM-x32\...\Run: [Kraken71ChromaHelper] => C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe [1600320 2015-08-12] (Razer Inc)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-21] (AVAST Software)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKU\S-1-5-21-1870549558-2986031471-3980214622-1003\...\Run: [Spotify Web Helper] => C:\Users\DAVIDSLAPTOP\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-06] (Spotify Ltd)
HKU\S-1-5-21-1870549558-2986031471-3980214622-1003\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-1870549558-2986031471-3980214622-1003\...\RunOnce: [Uninstall C:\Users\DAVIDSLAPTOP\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DAVIDSLAPTOP\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-1870549558-2986031471-3980214622-1003\...\RunOnce: [Uninstall C:\Users\DAVIDSLAPTOP\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DAVIDSLAPTOP\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1"
HKU\S-1-5-21-1870549558-2986031471-3980214622-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-21] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-21] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
Startup: C:\Users\DAVIDSLAPTOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-02-11]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{22254ecf-431a-4d23-886d-d524916b2148}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{243eba30-0127-4be3-9c12-e4928eb6a5f2}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-1870549558-2986031471-3980214622-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid=%7B970E4810-B7B6-44FE-A747-FB5BCD52F866%7D&mid=2eaaf7716a3347ccb8664dff96ee36db-843a19be24c7e8f346a92d244d0e270c7691a543&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-06-16%2019:20:12&v=4.3.1.831&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-1870549558-2986031471-3980214622-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-1870549558-2986031471-3980214622-1003 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={970E4810-B7B6-44FE-A747-FB5BCD52F866}&mid=2eaaf7716a3347ccb8664dff96ee36db-843a19be24c7e8f346a92d244d0e270c7691a543&lang=en&ds=AVG&coid=avgtbavg&cmpid=0616tb&pr=fr&d=2016-06-16 19:20:12&v=4.3.5.160&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1870549558-2986031471-3980214622-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1870549558-2986031471-3980214622-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={970E4810-B7B6-44FE-A747-FB5BCD52F866}&mid=2eaaf7716a3347ccb8664dff96ee36db-843a19be24c7e8f346a92d244d0e270c7691a543&lang=en&ds=AVG&coid=avgtbavg&cmpid=0616tb&pr=fr&d=2016-06-16 19:20:12&v=4.3.5.160&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-09] (Microsoft Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-09] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-09] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-10-31] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-09] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-11-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\DAVIDSLAPTOP\AppData\Local\Google\Chrome\User Data\Default [2017-02-21]
CHR Extension: (Google Drive) - C:\Users\DAVIDSLAPTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-16]
CHR Extension: (YouTube) - C:\Users\DAVIDSLAPTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-16]
CHR Extension: (Mountains) - C:\Users\DAVIDSLAPTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgppacnhnnfcjefkjodogabgilgaimpb [2017-01-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DAVIDSLAPTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\DAVIDSLAPTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-16]
CHR Extension: (Chrome Media Router) - C:\Users\DAVIDSLAPTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-11]
CHR HKU\S-1-5-21-1870549558-2986031471-3980214622-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUSGiftBoxDekstop; C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [313488 2015-06-12] (ASUS) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-21] (AVAST Software s.r.o.)
R2 AtherosSvc; C:\WINDOWS\system32\AdminService.exe [355760 2016-06-25] (Windows ® Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-21] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2946304 2016-12-09] (Microsoft Corporation)
S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe [301536 2016-11-30] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe [480224 2016-11-30] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-16] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-16] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-02-06] (Dropbox, Inc.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [392168 2016-08-31] (Digital Wave Ltd.)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1385640 2015-08-16] (Intel Corporation)
S2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [165104 2015-07-13] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe [341984 2016-11-30] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-16] (Intel Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [396992 2015-07-06] (Intel)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-18] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-08-13] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-01-05] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-01-05] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2017-01-05] (NVIDIA Corporation)
S3 Origin Client Service; E:\Program Files (x86)\Origin\Origin Launcher\OriginClientService.exe [2122248 2017-02-18] (Electronic Arts)
R2 Origin Web Helper Service; E:\Program Files (x86)\Origin\Origin Launcher\OriginWebHelperService.exe [2184208 2017-02-18] (Electronic Arts)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69744 2016-10-17] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
S3 ROGGamingCenterService; C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingCenterService.exe [76032 2015-08-13] (ASUSTeK COMPUTER INC.)
R2 SAService; C:\Windows\system32\SAsrv.exe [427224 2015-04-17] (Conexant Systems, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [19192 2015-08-13] (Intel® Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-08-13] (Intel® Corporation)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [138744 2015-08-17] (ASUS Corporation)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309784 2017-02-21] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-02-21] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-02-21] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-02-21] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-02-21] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126088 2017-02-21] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-02-21] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [74680 2017-02-21] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [991496 2017-02-21] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [547904 2017-02-21] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-02-21] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337080 2017-02-21] (AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55816 2015-08-16] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-16] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-16] (Intel Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-11-05] (REALiX™)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igdkmd64.sys [11039712 2016-11-30] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-08-13] (Intel Corporation)
R3 mt7612US; C:\WINDOWS\System32\drivers\mt7612US.sys [377864 2015-12-09] (MediaTek Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 netfilter2; C:\WINDOWS\System32\drivers\netfilter2.sys [51904 2015-01-14] (Titan ARC Corp.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_07462d9384409609\nvlddmkm.sys [14249416 2016-10-04] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-01-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-01-05] (NVIDIA Corporation)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2401720 2016-11-19] (Qualcomm Atheros, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-11-20] (Realtek                                            )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [779232 2016-11-20] (Realsil Semiconductor Corporation)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [212056 2015-07-06] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-21 18:33 - 2017-02-21 18:33 - 00029765 _____ C:\Users\DAVIDSLAPTOP\Downloads\FRST.txt
2017-02-21 18:32 - 2017-02-21 18:33 - 00000000 ____D C:\FRST
2017-02-21 18:32 - 2017-02-21 18:32 - 02422784 _____ (Farbar) C:\Users\DAVIDSLAPTOP\Downloads\FRST64.exe
2017-02-21 18:23 - 2017-02-21 18:23 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-02-21 18:20 - 2017-02-21 18:20 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-02-21 18:20 - 2017-02-21 18:20 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-02-21 18:20 - 2017-02-21 18:20 - 00309784 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-02-21 18:20 - 2017-02-21 18:20 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-02-21 18:20 - 2017-02-21 18:20 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-02-21 18:20 - 2017-02-21 18:20 - 00003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-02-21 17:09 - 2017-02-21 17:09 - 00000000 _____ C:\WINDOWS\Minidump\022117-10468-01.dmp
2017-02-20 22:29 - 2017-02-20 22:29 - 00000000 ____D C:\Users\DAVIDSLAPTOP\Desktop\desmume-0.9.7-win64-1092
2017-02-20 22:27 - 2017-02-20 22:27 - 00000000 _____ C:\WINDOWS\Minidump\022017-9984-01.dmp
2017-02-20 18:59 - 2017-02-20 18:59 - 00000891 _____ C:\Users\DAVIDSLAPTOP\Desktop\Audacity.lnk
2017-02-20 18:59 - 2017-02-20 18:59 - 00000891 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-02-20 18:57 - 2017-02-20 18:57 - 00000000 ____D C:\Users\DAVIDSLAPTOP\Downloads\Win_AllSoftware
2017-02-20 18:42 - 2017-02-20 18:50 - 457404058 _____ C:\Users\DAVIDSLAPTOP\Downloads\Win_AllSoftware.zip
2017-02-20 15:13 - 2017-02-20 15:13 - 02504092 _____ C:\WINDOWS\Minidump\022017-6968-01.dmp
2017-02-19 23:17 - 2017-02-19 23:20 - 00000000 ____D C:\Users\DAVIDSLAPTOP\Documents\desmume
2017-02-19 22:57 - 2017-02-19 22:57 - 00000000 ____D C:\Users\DAVIDSLAPTOP\AppData\Roaming\Citra
2017-02-19 13:15 - 2017-02-19 13:15 - 02304532 _____ C:\WINDOWS\Minidump\021917-5921-01.dmp
2017-02-18 22:41 - 2017-02-18 22:51 - 00000000 ____D C:\Users\DAVIDSLAPTOP\AppData\Roaming\Origin
2017-02-18 22:41 - 2017-02-18 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-02-18 22:39 - 2017-02-18 22:39 - 00000000 ____D C:\Users\DAVIDSLAPTOP\.QtWebEngineProcess
2017-02-18 22:39 - 2017-02-18 22:39 - 00000000 ____D C:\Users\DAVIDSLAPTOP\.Origin
2017-02-18 22:38 - 2017-02-18 22:51 - 00000000 ____D C:\ProgramData\Origin
2017-02-18 22:38 - 2017-02-18 22:43 - 00000000 ____D C:\Users\DAVIDSLAPTOP\AppData\Local\Origin
2017-02-18 22:35 - 2017-02-18 22:38 - 54970576 _____ (Electronic Arts) C:\Users\DAVIDSLAPTOP\Downloads\OriginThinSetup.exe
2017-02-18 19:33 - 2017-02-18 19:33 - 02353508 _____ C:\WINDOWS\Minidump\021817-8609-01.dmp
2017-02-18 16:43 - 2017-02-18 16:52 - 00000000 ____D C:\Users\DAVIDSLAPTOP\AppData\Local\Ubisoft Game Launcher
2017-02-18 16:43 - 2017-02-18 16:43 - 00000000 ____D C:\Users\DAVIDSLAPTOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-02-18 15:55 - 2017-02-18 15:55 - 02224604 _____ C:\WINDOWS\Minidump\021817-8921-01.dmp
2017-02-15 18:43 - 2017-02-15 18:43 - 02386724 _____ C:\WINDOWS\Minidump\021517-5875-01.dmp
2017-02-14 18:36 - 2017-02-14 18:36 - 02354084 _____ C:\WINDOWS\Minidump\021417-6218-01.dmp
2017-02-13 22:39 - 2017-02-13 22:39 - 00380040 _____ C:\Users\DAVIDSLAPTOP\Downloads\CommaDelimitedDataFiles.zip
2017-02-13 14:22 - 2017-02-13 14:22 - 02252932 _____ C:\WINDOWS\Minidump\021317-6843-01.dmp
2017-02-12 12:48 - 2017-02-12 12:48 - 02248724 _____ C:\WINDOWS\Minidump\021217-5890-01.dmp
2017-02-11 19:09 - 2017-02-11 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2017-02-11 19:09 - 2017-02-11 19:09 - 00000000 ____D C:\Program Files (x86)\Evernote
2017-02-11 18:58 - 2017-02-11 18:58 - 00001517 _____ C:\Users\DAVIDSLAPTOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QNT 275 - Statistics for Decision Making.lnk
2017-02-11 15:50 - 2017-02-11 15:50 - 02286892 _____ C:\WINDOWS\Minidump\021117-8437-01.dmp
2017-02-08 21:41 - 2017-02-08 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-08 18:23 - 2017-02-08 18:23 - 02327308 _____ C:\WINDOWS\Minidump\020817-6140-01.dmp
2017-02-07 17:28 - 2017-02-07 17:28 - 02331332 _____ C:\WINDOWS\Minidump\020717-5875-01.dmp
2017-02-06 20:38 - 2017-02-06 20:38 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-06 20:38 - 2017-02-06 20:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-06 20:38 - 2017-02-06 20:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-06 20:38 - 2017-02-06 20:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-06 16:15 - 2017-02-06 16:15 - 02353924 _____ C:\WINDOWS\Minidump\020617-6093-01.dmp
2017-02-05 11:56 - 2017-02-05 03:37 - 00082936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2017-02-04 11:35 - 2017-02-04 11:35 - 02173836 _____ C:\WINDOWS\Minidump\020417-6953-01.dmp
2017-02-02 19:08 - 2017-02-02 19:08 - 02348644 _____ C:\WINDOWS\Minidump\020217-7437-01.dmp
2017-02-01 19:49 - 2017-02-01 19:49 - 02212172 _____ C:\WINDOWS\Minidump\020117-9125-01.dmp
2017-01-31 10:39 - 2017-01-31 10:39 - 02308692 _____ C:\WINDOWS\Minidump\013117-6234-01.dmp
2017-01-30 18:23 - 2017-01-30 18:23 - 02396268 _____ C:\WINDOWS\Minidump\013017-5890-01.dmp
2017-01-29 14:31 - 2017-01-29 14:31 - 02348572 _____ C:\WINDOWS\Minidump\012917-6343-01.dmp
2017-01-28 19:32 - 2017-01-28 19:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-01-28 19:32 - 2017-01-28 19:32 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-28 19:23 - 2017-01-28 19:24 - 02326148 _____ C:\WINDOWS\Minidump\012817-5890-01.dmp
2017-01-26 18:39 - 2017-01-26 18:39 - 02158700 _____ C:\WINDOWS\Minidump\012617-5734-01.dmp
2017-01-25 19:34 - 2017-01-25 19:34 - 02397060 _____ C:\WINDOWS\Minidump\012517-9687-01.dmp
2017-01-24 21:49 - 2017-01-24 21:49 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-24 21:49 - 2017-01-05 16:09 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-01-24 21:48 - 2017-01-05 17:10 - 00158264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-01-24 21:48 - 2017-01-05 17:10 - 00126008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-01-24 21:48 - 2017-01-05 17:10 - 00059448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-01-24 20:43 - 2017-01-24 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-01-24 16:05 - 2017-01-24 16:05 - 00000168 _____ C:\Users\DAVIDSLAPTOP\Desktop\Drive - Incubus.txt
2017-01-24 15:54 - 2016-12-20 23:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-24 15:54 - 2016-12-20 20:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 13:54 - 2017-01-24 13:54 - 02291044 _____ C:\WINDOWS\Minidump\012417-5734-01.dmp
2017-01-22 21:43 - 2017-01-22 21:43 - 02393228 _____ C:\WINDOWS\Minidump\012217-5796-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-21 18:30 - 2016-09-25 11:12 - 00003696 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2017-02-21 18:30 - 2016-09-25 11:12 - 00003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2017-02-21 18:30 - 2016-09-25 11:05 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-21 18:28 - 2015-08-18 00:36 - 03746132 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-21 18:24 - 2016-07-18 14:34 - 00000000 ___RD C:\Users\DAVIDSLAPTOP\Google Drive
2017-02-21 18:24 - 2016-06-16 18:59 - 00000000 ____D C:\Users\DAVIDSLAPTOP\AppData\Local\Spotify
2017-02-21 18:24 - 2016-06-16 18:58 - 00000000 ____D C:\Users\DAVIDSLAPTOP\AppData\Roaming\Spotify
2017-02-21 18:23 - 2016-11-22 13:08 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-02-21 18:23 - 2016-06-16 17:40 - 00000165 _____ C:\Users\DAVIDSLAPTOP\AppData\Roaming\sp_data.sys
2017-02-21 18:23 - 2016-06-16 17:40 - 00000000 __SHD C:\Users\DAVIDSLAPTOP\IntelGraphicsProfiles
2017-02-21 18:22 - 2016-09-25 11:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-21 18:21 - 2016-07-15 22:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-02-21 18:20 - 2016-11-05 13:33 - 00991496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-02-21 18:20 - 2016-11-05 13:33 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-02-21 18:20 - 2016-11-05 13:33 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.148773005604604
2017-02-21 18:20 - 2016-11-05 13:33 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-02-21 18:20 - 2016-11-05 13:33 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-02-21 18:20 - 2016-11-05 13:33 - 00126088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-02-21 18:20 - 2016-11-05 13:33 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-02-21 18:20 - 2016-11-05 13:33 - 00074680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-02-21 18:20 - 2016-11-05 13:33 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-02-21 18:18 - 2016-06-25 18:06 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-21 18:11 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-21 18:11 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-21 17:47 - 2016-09-25 11:04 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-21 17:19 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-21 17:09 - 2016-11-21 00:28 - 947548895 _____ C:\WINDOWS\MEMORY.DMP
2017-02-21 17:09 - 2016-10-02 15:38 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-20 23:52 - 2016-09-25 11:06 - 00000000 ____D C:\Users\DAVIDSLAPTOP
2017-02-20 23:52 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-20 18:35 - 2016-09-03 16:12 - 00000000 ____D C:\Users\DAVIDSLAPTOP\AppData\Local\CrashDumps
2017-02-20 17:21 - 2016-06-16 17:41 - 00000000 ___RD C:\Users\DAVIDSLAPTOP\OneDrive
2017-02-19 21:11 - 2016-06-16 17:40 - 00000000 ____D C:\Users\DAVIDSLAPTOP\AppData\Local\Packages
2017-02-18 22:52 - 2016-12-29 17:34 - 00000000 ____D C:\Users\DAVIDSLAPTOP\AppData\Roaming\Kodi
2017-02-18 16:05 - 2016-07-16 03:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-08 21:41 - 2015-08-18 00:38 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-08 18:30 - 2016-06-16 17:47 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 11:48 - 2016-07-16 03:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 11:48 - 2016-07-16 03:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-05 22:39 - 2016-06-27 22:50 - 00000000 ____D C:\Users\DAVIDSLAPTOP\AppData\Local\Battle.net
2017-02-02 19:13 - 2016-09-30 19:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-02 19:13 - 2016-09-30 19:25 - 00000000 ____D C:\ProgramData\Skype
2017-01-24 21:49 - 2016-10-11 12:46 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-24 21:49 - 2016-10-11 12:46 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-24 21:49 - 2016-10-11 12:46 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-24 21:49 - 2016-10-11 12:46 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-24 21:49 - 2016-10-11 12:46 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-24 21:49 - 2016-10-11 12:46 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-24 21:49 - 2016-09-25 11:05 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-24 21:49 - 2016-09-25 11:05 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-24 21:49 - 2016-06-16 17:40 - 00000000 ____D C:\Users\DAVIDSLAPTOP\AppData\Local\NVIDIA Corporation
2017-01-24 21:49 - 2016-01-31 14:51 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-24 20:43 - 2016-09-30 19:03 - 00000000 ____D C:\Program Files (x86)\Logitech
2017-01-24 20:43 - 2016-09-30 18:55 - 00000000 ____D C:\Program Files\Common Files\logishrd

==================== Files in the root of some directories =======

2016-06-16 17:40 - 2017-02-21 18:23 - 0000165 _____ () C:\Users\DAVIDSLAPTOP\AppData\Roaming\sp_data.sys

Some files in TEMP:
====================
2016-09-25 11:46 - 2017-02-21 18:24 - 0619840 _____ () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\0Kraken71ChromaDevProps.dll
2006-05-22 19:33 - 2006-05-22 19:33 - 1867776 _____ (Brooklyn North Software Works) C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\Golden Ear.exe
2006-03-10 06:09 - 2006-03-10 06:09 - 0290816 _____ ( ) C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\Interop.WMPLib.dll
2005-06-07 14:55 - 2005-06-07 14:55 - 0069632 _____ (KineticaRT Ltd. (www.KineticaRT.co.uk)) C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\KineticaRT.Controls.dll
2005-06-07 14:56 - 2005-06-07 14:56 - 0032768 _____ (KineticaRT Ltd. (www.KineticaRT.co.uk)) C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\KineticaRT.Controls.Knob.dll
2005-06-07 14:55 - 2005-06-07 14:55 - 0110592 _____ (KineticaRT Ltd. (www.KineticaRT.co.uk)) C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\KineticaRT.dll
2016-10-11 12:46 - 2016-11-17 05:45 - 1135552 _____ (NVIDIA Corporation) C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\NvTelemetry.dll
2016-10-11 12:46 - 2016-11-17 05:45 - 0217024 _____ (NVIDIA Corporation) C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-10-11 12:46 - 2016-11-17 05:45 - 0268736 _____ (NVIDIA Corporation) C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\NvTelemetryAPI64.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-18 16:05

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,009 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:27 PM

Posted 23 February 2017 - 10:18 AM

Greetings StrygwyrBS and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

There should be an Addition.txt file in the Downloads folder. Please copy and paste the contents of that report in your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 StrygwyrBS

StrygwyrBS
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:27 AM

Posted 26 February 2017 - 09:07 PM

Hello Gary. Thanks you so much. Here are the contents of the Addition.txt file:

 

_________________________________________________________________

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-02-2017
Ran by DAVIDSLAPTOP (21-02-2017 18:33:35)
Running from C:\Users\DAVIDSLAPTOP\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-25 19:13:42)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1870549558-2986031471-3980214622-500 - Administrator - Disabled)
DAVIDSLAPTOP (S-1-5-21-1870549558-2986031471-3980214622-1003 - Administrator - Enabled) => C:\Users\DAVIDSLAPTOP
DefaultAccount (S-1-5-21-1870549558-2986031471-3980214622-503 - Limited - Disabled)
Guest (S-1-5-21-1870549558-2986031471-3980214622-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Ansel (Version: 373.06 - NVIDIA Corporation) Hidden
ASUS GIFTBOX Desktop (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 1.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.9 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.13.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.101 - ICEpower a/s)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.45.50 - Conexant)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Don't Starve Together (HKLM\...\Steam App 322330) (Version:  - Klei Entertainment)
Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Evernote v. 6.4.2 (HKLM-x32\...\{E74F0DCA-9FC8-11E6-9D98-005056950253}) (Version: 6.4.2.3788 - Evernote Corp.)
Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.1.28.831 - Digital Wave Ltd)
GameFirst IV (HKLM-x32\...\GameFirst IV 1.5.12) (Version: 1.5.12 - ASUS)
GameFirst IV (x32 Version: 1.5.12 - ASUS) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.11 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1169 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® WiDi (HKLM\...\{C7CD6D54-26AF-4D93-B06F-D81ACE8624CB}) (Version: 6.0.40.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (x32 Version: 1.1.347 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{9A287643-10C5-4463-B9D1-B2404CE18CCF}) (Version: 17.1.1529.1620 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{4c8b7360-62a2-4339-b745-41323055d0bb}) (Version: 18.20.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version:  - Intel Corporation)
Kodi (HKU\S-1-5-21-1870549558-2986031471-3980214622-1003\...\Kodi) (Version:  - XBMC-Foundation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6965.2115 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
NVIDIA GeForce Experience 3.2.2.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.2.49 - NVIDIA Corporation)
NVIDIA Graphics Driver 373.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 373.06 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.2.2.49 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.0.2.1 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.2 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.4.3.15631 - Electronic Arts, Inc.)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.10.6 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.116 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Rocksmith 2014 (HKLM\...\Steam App 221680) (Version:  - Ubisoft - San Francisco)
ROG Gaming Center (HKLM-x32\...\{CC182DBF-FC67-4F79-9930-6A2682E60BDD}) (Version: 1.0.1 - ASUS)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.2.2.49 - NVIDIA Corporation) Hidden
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1870549558-2986031471-3980214622-1003\...\Spotify) (Version: 1.0.48.103.g15edf1ec - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Uplay (HKLM-x32\...\Uplay) (Version: 28.1 - Ubisoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VitalSource Bookshelf (HKLM-x32\...\{a6d98ffd-0915-4653-8efe-da3dd4bdaa0a}) (Version: 7.1.0001 - Ingram Content Group)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows Driver Package - ASUS (AsusSGDrv) Mouse  (08/06/2015 8.0.0.19) (HKLM\...\149F37A1996406108DA0EB71D7EBC48895119059) (Version: 08/06/2015 8.0.0.19 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
XSplit Gamecaster (HKLM-x32\...\{0E12BEC0-F2EE-43FA-AEA0-24B5E9F80167}) (Version: 2.5.1507.3011 - SplitmediaLabs)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1870549558-2986031471-3980214622-1003_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\DAVIDSLAPTOP\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1870549558-2986031471-3980214622-1003_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\DAVIDSLAPTOP\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1870549558-2986031471-3980214622-1003_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\DAVIDSLAPTOP\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => N (the data entry has 6 more characters).
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0279E5A7-B70D-4656-9E35-09BBBA298D89} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-16] (Dropbox, Inc.)
Task: {1D316B4A-BAD0-4452-B4D8-5BDD4EB273D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-16] (Google Inc.)
Task: {2DF85A41-83BD-4EE7-BFBD-F9C5FD898B42} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-09] (Microsoft Corporation)
Task: {3279CB57-5D35-4A20-9291-E373AD0B2074} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe 
Task: {32F3D4F2-AFF2-409A-9160-B446F3C814C8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-16] (Dropbox, Inc.)
Task: {35961FC3-754F-454D-8810-159DBFEB464E} - System32\Tasks\ROG Gaming Center => C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe [2015-08-13] (ASUSTek Computer Inc.)
Task: {38E6AD9F-285C-4FAD-B5F5-1A3A3413DD2D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {3A2FFB70-E4ED-4506-A2DB-6E74B414A592} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-05] (NVIDIA Corporation)
Task: {3D46A5D1-FD3D-4518-8FE6-4BD5E47DDC50} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe 
Task: {4B12DD5B-DF2C-4AC9-80A3-39EBB16B4470} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-16] (Intel Corporation)
Task: {4DDABA9A-55E5-4379-B6BB-C6595B48D800} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-16] (Google Inc.)
Task: {5611986A-26C7-4F01-88A5-2D07E8E88EE8} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-05] (NVIDIA Corporation)
Task: {58B6B47D-A05D-49AF-88A2-423F28ED5156} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {5DF7ABE8-2DCB-4FAA-871D-D67366FC67C2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-10] (Microsoft Corporation)
Task: {5F9E8F56-F2A2-4356-A2C8-2128730573D7} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {812E3730-E3D4-43B8-A5C7-F255AAFB3611} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-28] (AVAST Software)
Task: {89650F00-7A1A-49BA-A55B-AC83E5852A47} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-05] (NVIDIA Corporation)
Task: {89F9363B-68BE-4DF7-89EA-BE46C6730E3A} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-08-17] (AsusTek)
Task: {A0F9D792-65A1-41E9-99D5-18AB83A8394F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-09] (Microsoft Corporation)
Task: {A88FAB88-37A1-45BC-9FAB-0EA6710984CE} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {B050DAAA-A908-4EA9-8CE7-A4C6989F3B32} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-05] (NVIDIA Corporation)
Task: {B88F5E48-8DA3-4430-8F43-BE40F6B5840F} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-08-25] (ASUS)
Task: {BA902A38-74F1-41A5-8549-3B3E4EBE4A4D} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {BC72A328-35B2-4F37-ABAF-792BF41E0226} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-10] (Microsoft Corporation)
Task: {CC601BC5-0146-4533-818C-06B1830664D3} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-05] (NVIDIA Corporation)
Task: {D8E9B3A7-3839-40A6-A71C-C135BE44AB57} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {E1DE3FDD-3D38-4869-8784-DB960150B4B7} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {E3743588-7A16-4C43-8C71-1C01151FD07B} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] (ASUSTek Computer Inc.)
Task: {E3AD51EC-50B9-4316-9499-20050204EB7A} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {E83D1517-9F90-4B53-AB4D-907072B5BF72} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-05] (NVIDIA Corporation)
Task: {E892A3A0-8317-451B-A7A4-73BF447E1258} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-21] (AVAST Software)
Task: {E98A5AFC-9622-4532-82FB-13AAC6220DC2} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-05] (NVIDIA Corporation)
Task: {ED209298-C387-4065-949C-946079E7D2DA} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-16] (Intel Corporation)
Task: {FFDEF670-2891-425A-89CA-8FBC68DEFFE7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-12-10] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\DAVIDSLAPTOP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a41ce5b91aa3166e\MightyText - SMS from PC & Text from Computer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=dkfhfaphfkopdgpbfkebjfcblcafcmpi
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-05-19 09:11 - 2015-05-19 09:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2016-10-11 12:46 - 2017-01-05 17:10 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-11 12:46 - 2017-01-05 17:10 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-24 14:20 - 2016-09-24 14:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-07-16 03:42 - 2016-07-16 03:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 14:47 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-11 13:53 - 2016-10-01 11:53 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-13 14:47 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-06-17 17:02 - 2016-12-09 15:33 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-25 12:00 - 2016-09-25 12:00 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 13:33 - 2016-12-20 23:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 13:33 - 2016-12-20 22:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 13:33 - 2016-12-20 22:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 13:33 - 2016-12-20 22:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 13:33 - 2016-12-20 22:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 13:33 - 2016-12-20 22:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 13:33 - 2016-12-20 22:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2017-02-08 18:30 - 2017-02-01 01:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-08 18:30 - 2017-02-01 01:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-09-18 15:35 - 2016-08-31 18:55 - 00114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2016-09-18 15:35 - 2016-08-31 18:55 - 00024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2016-09-18 15:35 - 2016-08-31 18:55 - 00108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2016-09-18 15:35 - 2016-08-31 18:55 - 00048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2017-02-18 22:41 - 2017-02-18 22:41 - 02493440 _____ () E:\Program Files (x86)\Origin\Origin Launcher\libGLESv2.dll
2016-10-11 12:46 - 2017-01-05 17:10 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-11 12:46 - 2017-01-05 17:10 - 03776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-11 12:46 - 2017-01-05 17:10 - 00901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-25 11:46 - 2017-02-21 18:24 - 00619840 _____ () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\0Kraken71ChromaDevProps.dll
2015-08-25 09:40 - 2015-08-25 09:40 - 00027648 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-08-25 09:40 - 2015-08-25 09:40 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2017-02-21 18:23 - 2017-02-21 18:23 - 00098816 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\win32api.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00110080 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\pywintypes27.dll
2017-02-21 18:23 - 2017-02-21 18:23 - 00364544 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\pythoncom27.dll
2017-02-21 18:23 - 2017-02-21 18:23 - 00320512 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\win32com.shell.shell.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00914432 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\_hashlib.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 01176576 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\wx._core_.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00806400 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\wx._gdi_.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00816128 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\wx._windows_.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 01067008 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\wx._controls_.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00733184 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\wx._misc_.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00682496 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\pysqlite2._sqlite.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00088064 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\_ctypes.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00686080 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\unicodedata.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00119808 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\win32file.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00108544 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\win32security.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00007168 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\hashobjs_ext.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00017920 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\thumbnails_ext.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00088064 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\usb_ext.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00012800 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\common.time34.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00018432 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\win32event.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00167936 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\win32gui.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00046080 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\_socket.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 01303552 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\_ssl.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00128512 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\_elementtree.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00127488 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\pyexpat.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00038912 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\win32inet.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00036864 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\_psutil_windows.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00524248 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\windows._lib_cacheinvalidation.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00011264 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\win32crypt.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00123392 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\wx._wizard.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00077312 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\wx._html2.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00027648 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\_multiprocessing.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00020480 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\_yappi.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00035840 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\win32process.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00078848 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\wx._animate.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00024064 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\win32pipe.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00010240 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\select.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00025600 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\win32pdh.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00017408 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\win32profile.pyd
2017-02-21 18:23 - 2017-02-21 18:23 - 00022528 ____R () C:\Users\DAVIDSLAPTOP\AppData\Local\Temp\_MEI84002\win32ts.pyd
2016-10-31 17:45 - 2016-10-31 17:45 - 00321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2016-10-11 12:46 - 2017-01-05 17:10 - 64246840 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-11 12:46 - 2017-01-05 16:09 - 00527416 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-11 12:46 - 2017-01-05 16:09 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-11 12:46 - 2017-01-05 16:09 - 02807232 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-11 12:46 - 2017-01-05 16:09 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-11 12:46 - 2017-01-05 16:09 - 00449080 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-11 12:46 - 2017-01-05 16:09 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-11 12:46 - 2017-01-05 16:09 - 01003456 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-01-24 21:49 - 2017-01-05 16:09 - 00954816 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2016-06-16 18:59 - 2017-02-06 18:26 - 51777648 _____ () C:\Users\DAVIDSLAPTOP\AppData\Roaming\Spotify\libcef.dll
2016-11-13 18:50 - 2017-02-06 18:26 - 00110192 _____ () C:\Users\DAVIDSLAPTOP\AppData\Roaming\Spotify\SpotifyWinRT.dll
2016-06-16 18:59 - 2017-02-06 18:26 - 01803888 _____ () C:\Users\DAVIDSLAPTOP\AppData\Roaming\Spotify\libglesv2.dll
2016-06-16 18:59 - 2017-02-06 18:26 - 00086128 _____ () C:\Users\DAVIDSLAPTOP\AppData\Roaming\Spotify\libegl.dll
2017-02-21 18:20 - 2017-02-21 18:20 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-11-05 13:33 - 2016-11-05 13:33 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-02-21 18:20 - 2017-02-21 18:20 - 00289328 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-02-21 18:20 - 2017-02-21 18:20 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2015-09-18 23:34 - 2015-09-18 23:34 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-04-27 09:24 - 2013-04-27 09:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1870549558-2986031471-3980214622-1003\...\sharepoint.com -> hxxps://phoenixedu-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 03:04 - 2016-08-15 00:34 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1870549558-2986031471-3980214622-1003\Control Panel\Desktop\\Wallpaper -> c:\users\davidslaptop\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{7df3c38a-0c72-4ff7-b0d7-d9c15c63b249}.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2C1A94E0-3AD1-4104-81BC-65A3E86C22D6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{58145411-0070-4C48-8049-D866B776A562}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{3960AF7E-5C0B-4969-BCF5-2D1CA405CA47}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{D2B9FC73-8029-4F7C-B436-7FA6B9F5C595}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{79DE9993-2089-41FF-8A4A-4202A4BC9C4A}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{3599F615-8D66-4B46-A5D9-5BD0462B6A61}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{CF77381A-A547-4545-BC55-8F5D058AE6FB}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{E2F03F44-098D-419A-972B-8B64ED7C4234}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{E38E84A5-2117-402D-ABCF-CF58B8ECEEF3}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{13D10F43-0C0C-4471-8A15-54C95DB29EA3}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{ACE98BF2-6257-4BE4-9DB4-01076692A773}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{7F7F4F2C-6474-4B3C-AE6B-075CFC838E5C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{EE9E3D03-00A2-449F-8076-77264B438E66}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{9E3EDD9C-AF16-458D-BB26-C2BDA49CC26E}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D174E54B-FD53-4AF7-A945-999DEC7D528B}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{97E09DA8-5E59-41DC-9B29-164EFF5B9C7B}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C1CEF0BC-6DCB-4613-B9C4-03247523F233}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{811A48A5-66E0-429B-B662-2CF4B419EB00}E:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) E:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{302D0BF1-AE28-4472-B11C-F7230FBB5378}E:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) E:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{C368BBD3-D7B6-46BE-B461-39842654C2DB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{8C7EE7E1-F98F-4848-817D-ABA0E1AED5B7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{0D7E17E2-9F45-413D-A678-2F6CDA9AE3E0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{D535E7CA-163A-48A4-8279-993CFAE16D38}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{AFC9A2FC-770F-4280-A976-E52786A6C235}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{1CC32CA1-B876-4DC0-804E-B9E1688190E9}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{486C9274-AB13-4E95-84F8-5AFA0DD63DBA}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{7A2ECFE6-5BF6-4609-BF80-B43FF369D9FD}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{B23FFA79-7C5D-4D7B-8A08-FEDD048AFFBD}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{C0838BB6-EB2A-4CC9-AEF7-571CFE2B68D4}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{EA724E7F-4824-4C12-AFC6-313E9C0CFF0B}] => (Allow) C:\Windows\system32\ftp.exe
FirewallRules: [{E2F1E1AD-A4FF-49BA-B219-5AC3BBB8BC52}] => (Allow) C:\Windows\system32\ftp.exe
FirewallRules: [{2832FAB6-42A5-4C9D-B067-2446CDBAB4A5}] => (Allow) C:\Windows\SysWOW64\ftp.exe
FirewallRules: [{3AFE1BBF-8CE1-4408-8DF4-FF5DE1AB52F2}] => (Allow) C:\Windows\SysWOW64\ftp.exe
FirewallRules: [TCP Query User{393B65CC-BC37-4DAB-A445-C108151FEABB}C:\users\davidslaptop\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\davidslaptop\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{73FCEC08-2558-440F-874D-CD4A1557D9DA}C:\users\davidslaptop\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\davidslaptop\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5F566CB6-0312-47FC-AC3F-49A6E77ECA39}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [UDP Query User{7B7B874E-A73D-4E08-8C9B-A17DC6C022FF}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [{893E065A-AF66-425E-929F-F582E105A726}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{45A3208C-5DF0-4FDF-85B7-B9C91B913FA4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{BA0831F1-3331-4673-9D84-D548F0A38C15}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D7331939-2963-4055-A769-15378D26DC0C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{98E0CB80-23F6-460A-8ADB-3B6E55C499B3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F5A1EFE8-F087-4AE9-9C34-B3EDDD1F6478}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{0F420B36-8E98-4AED-838E-3320AF070F4F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{995498D4-8B0E-427E-B805-B231EA9892AD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{3CD0207F-57D1-40B9-ABCD-DE8A1C6703B9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{46951C95-932C-468B-A10F-FFFA0E4818AF}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{364895A3-85E3-476B-8EE1-CB148E82823C}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{800006E7-6DA2-45FE-9FBB-8D1132116E89}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{DFD7D860-8C9A-4D63-BCB6-BBBDA78CA089}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{737609B5-24F8-43FA-8350-0EDEE79C3F35}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{F1B786C7-216E-416C-81ED-A5CDD8660B40}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{1F6BB703-815C-404D-9C7E-468CBBEC35EE}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{37EE4600-0F5C-4219-836E-AF7951059684}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{60C18A53-657F-4ED9-9F58-CAB0975CF707}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{3E37E1AF-E2C0-4F58-B9D5-E8205430790F}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{3724AD08-1AF6-4983-BD5B-5F3E2CAEF32F}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{BADC3D73-F76A-46E6-8C8F-0ADCCB0970FF}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{FA3A8384-28FD-4D49-8E35-3820190BA52E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{03E424FA-A81B-4DCF-9189-6D1CD13C0A99}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{EB03CB73-DD7F-4E82-909E-7DE0EC0D3950}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{86F7165F-A48D-49B7-B032-DCCA9E7B4A03}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{63573CE8-EFA3-407E-AC1D-135184C375BC}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{25B74437-C51A-49C9-A2D8-D0951338368C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{8EF7DB4B-60A9-405F-AA65-32B8D86B925B}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{6F93B7B7-225A-4164-9BCD-3639FDF0071D}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
 
==================== Restore Points =========================
 
21-02-2017 17:19:21 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/21/2017 06:23:38 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR FUNC: rsrc_file_extract_resource_file FILE: rsrc_file.c LINE: 384 TIME: 95935 ms
 
Error: Unable to create resource file.
 
Error: (02/21/2017 06:22:25 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON (error %3).
 
Error: (02/21/2017 06:22:25 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON (error %3).
 
Error: (02/21/2017 06:22:15 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
 
Error: (02/21/2017 06:22:14 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR FUNC: rsrc_file_extract_resource_file FILE: rsrc_file.c LINE: 384 TIME: 12440 ms
 
Error: Unable to create resource file.
 
Error: (02/21/2017 06:22:14 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR FUNC: rsrc_file_extract_resource_file FILE: rsrc_file.c LINE: 384 TIME: 12431 ms
 
Error: Unable to create resource file.
 
Error: (02/21/2017 05:19:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/21/2017 05:09:16 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
 
Error: (02/21/2017 05:09:15 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR FUNC: rsrc_file_extract_resource_file FILE: rsrc_file.c LINE: 384 TIME: 13298 ms
 
Error: Unable to create resource file.
 
Error: (02/21/2017 05:09:15 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR FUNC: rsrc_file_extract_resource_file FILE: rsrc_file.c LINE: 384 TIME: 13207 ms
 
Error: Unable to create resource file.
 
 
System errors:
=============
Error: (02/21/2017 06:34:05 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.
 
A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".  The corrupted index block is located at Vcn 0x81, Lcn 0xffffffffffffffff.  The corruption begins at offset 3592 within the index block.
 
Error: (02/21/2017 06:23:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/21/2017 06:23:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/21/2017 06:23:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/21/2017 06:23:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/21/2017 06:22:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/21/2017 06:22:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/21/2017 06:22:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/21/2017 06:21:29 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8U830D2)
Description: The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.
 
Error: (02/21/2017 06:21:29 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8U830D2)
Description: The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 22%
Total physical RAM: 16282.51 MB
Available physical RAM: 12690.13 MB
Total Virtual: 18714.51 MB
Available Virtual: 14975.38 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:112.67 GB) (Free:41.12 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Data) (Fixed) (Total:931.39 GB) (Free:897.47 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 119.2 GB) (Disk ID: 76ED7400)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 1848A4BD)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,009 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:27 PM

Posted 26 February 2017 - 11:16 PM

Greetings.

You are quite welcome.

Is your computer routinely crashing?

Please do this.

===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
Folder: C:\ProgramData\SWCUTemp
Zip: C:\WINDOWS\Minidump
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • The tool will also create a zip file on your Desktop with today's date and time, example 05.12.2016_13.04.06.zip. Please attach that file to your reply
===================================================

CheckDiskGUI

--------------------
  • Download CheckDiskGUI and save it to your desktop
  • Double click the icon and select Run
  • Under the DirtyBit column please let me know if there is any indication of a Dirty Bit
  • Place a check mark in the C: drive box
  • Click Read Only
  • Once completed click File, then Save
  • Save the file to your desktop as CheckDiskGUI (should be default name)
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Fixlog
  • Attached Zip file
  • CheckDiskGUI report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 StrygwyrBS

StrygwyrBS
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:27 AM

Posted 01 March 2017 - 05:11 PM

I have had a difficult time finding time to complete the task. I promise I will run the scan as soon as possible. I really

appreciate your help. My computer has not crashed. It is running a bit sluggish though. And by sluggish I mean that

some of the programs (spotify, internet explorer, chrome, microsoft word, and bookshelf) have seemed to 

push the processor to its limitations even though they aren't particularly difficult to run. They will become non

responsive for brief moments of time.


Edited by StrygwyrBS, 01 March 2017 - 05:16 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,009 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:27 PM

Posted 01 March 2017 - 05:51 PM

No problem, thanks for touching base.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,009 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:27 PM

Posted 06 March 2017 - 02:11 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,009 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:27 PM

Posted 08 March 2017 - 07:27 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users